Title: Code Injection Last modified: August 21, 2016 --- # Code Injection * Resolved [Daniella](https://wordpress.org/support/users/ellaj/) * (@ellaj) * [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/) * Hi, The following was added to the footer of a site: `echo '
Games , Bdran
';` * Could you tell me how I can avoid this happening in the future? Thank you! * [http://wordpress.org/plugins/bulletproof-security/](http://wordpress.org/plugins/bulletproof-security/) Viewing 11 replies - 1 through 11 (of 11 total) * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/#post-4223412) * This does not look like typical injected links/code. Usually the code is disguised. These look more like advertising links. Which Theme are you using? Does it come these links already in the footer? * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/#post-4223414) * Or maybe the links are from a plugin such as a plugin that connects to these sites. The sites look legit and are not blacklisted sites. * Thread Starter [Daniella](https://wordpress.org/support/users/ellaj/) * (@ellaj) * [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/#post-4223485) * Is there a way to pinpoint where they came from? I’m using a StudioPress theme so I doubt it’s that. Thank you! * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/#post-4223488) * Do you have any plugins installed that do anything with games/Flash games? * Thread Starter [Daniella](https://wordpress.org/support/users/ellaj/) * (@ellaj) * [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/#post-4223490) * No. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/#post-4223492) * What happens when you remove the footer advertising links – do they come back automatically? * Thread Starter [Daniella](https://wordpress.org/support/users/ellaj/) * (@ellaj) * [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/#post-4223493) * No, they are still gone. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/#post-4223496) * Ok that would be another indication that this is not injected code. Typically injected code is after the fact. A hacker’s payload contains several different types of files. Some are hidden backdoor files, some can be Shells, some create new files (file regenerators) if you find some of the hacker files and some just do end result stuff like add malicious code/links/code injection. Code injection typically happens repeatedly until you find all of the files in a hacker’s payload. * Logically either these links were included in something you installed or were manually added later by someone who logged into your site. It is also possible that someone could have cracked your FTP password and manually edited files to add these links. * None of the factors/symptoms/etc involved indicate a typical hacker pattern/action. The sites are legitimate sites and for the links not to be hidden/disguised/obfuscated would be a huge risk for them to get their sites blacklisted. Both of these sites are owned by the same person. * My advice to you is change all of your passwords: WordPress, FTP, … * Thread Starter [Daniella](https://wordpress.org/support/users/ellaj/) * (@ellaj) * [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/#post-4223498) * Thank you very much. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/#post-4223499) * fixed typos and added additional info above… * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/#post-4223500) * Sure no problem. I try to stay away from pointing fingers, but my gut is telling me that someone you allowed admin access to your site did this. 😉 Viewing 11 replies - 1 through 11 (of 11 total) The topic ‘Code Injection’ is closed to new replies. * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938) * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/) * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/) * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/) * 11 replies * 2 participants * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/) * Last activity: [12 years, 7 months ago](https://wordpress.org/support/topic/code-injection/#post-4223500) * Status: resolved