I’m seeing a few WordPress and Drupal sites with template files being compromised, and a call to a PHP method wp_foots being added

<?php wp_foots();?>

This PHP call injects malicious Javascript code that typically writes spam links to the footer.

It is safe to delete the wp_foots() call. However, this call is part of a bigger compromise, and other PHP files within the website have almost certainly been injected as well.

You should look out for calls to eval(base64_decode( and delete/fix those files.

Leave a Reply

Your email address will not be published. Required fields are marked *