Remove the WordPress Payday Loans hack!

Published by Micah Warren on

PaydayLoansWordpressHackIf you’re on WordPress, you may have already experienced this. It is a colossal pain in the back side. There have been a couple payday loans hacks where links to a site for (you guessed it) payday loans show up in your site.

They can show up in the header or in single posts, but they dig those suckers in and they are tough to find and eradicate. Until now. Here are a couple of good hiding spots that you can check before you go sign up for some service that cleans and protects your site.

The first, of course, is in the header.php file, where you happen to see these links come up top in your header. You may not even notice these links on your site if you are using a browser like Firefox. But, make sure you check on multiple browsers to see if these links become visible. Internet Explorer is famous for showing these hacks. Go into your header.php file and you’ll surely notice if there is a huge piece of coding in there with payday loans links. Check out https://www.iva-advice.co/write-off-bounce-back-loans.html for details on loans. Yeah, you can delete that.

The other place to look is in your theme’s functions.php file. In Filezilla (or another FTP program), go to WP-Content > Themes > Your Theme (it will have the specific name of course) and then > functions.php.

At the very beginning of that file, you will probably see a piece of code that starts with this and is followed by a BUNCH of random letters and numbers:

$wp_function_initialize = create_function(‘$a’,strrev(‘;)a$(lave’)); $wp_function_initialize(strrev(‘;))”=

Delete this code! Save your file, all done.

And always make sure that your WordPress version and plugins are up to date. Hackers love older versions to break into.