Title: Rogue code following a hack Last modified: August 22, 2016 --- # Rogue code following a hack * [nigelyork](https://wordpress.org/support/users/nigelyork/) * (@nigelyork) * [11 years, 3 months ago](https://wordpress.org/support/topic/rogue-code-following-a-hack/) * I have just recovered my site from a hack and have cleared all the files added during that attack, following suggestions found on this site and from my webspace provider. * However, some rogue code remains on the home page. At the bottom of the page, on the far left, below the footer is some code that generates 2 partially hidden links on the page. * I cannot find how to remove these links. I have reviewed a range of php files( funtions.php, footer.php. home.php, etc) but, to be honest, they mean little to me. I am fine with html but not with php so I would not be able to spot wordpress or theme code from anything that’s been added. * Any suggestions? Viewing 5 replies - 1 through 5 (of 5 total) * Moderator [t-p](https://wordpress.org/support/users/t-p/) * (@t-p) * [11 years, 3 months ago](https://wordpress.org/support/topic/rogue-code-following-a-hack/#post-5789732) * Try reviewing these resources: * How to clean and fix hacked WP blog: [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/) [http://www.jtpratt.com/how-to-fix-a-hacked-wordpress-blog/](http://www.jtpratt.com/how-to-fix-a-hacked-wordpress-blog/) [http://sakinshrestha.com/wordpress/fix-if-your-wordpress-site-is-hacked/](http://sakinshrestha.com/wordpress/fix-if-your-wordpress-site-is-hacked/) [http://www.wpbeginner.com/wp-tutorials/how-to-find-a-backdoor-in-a-hacked-wordpress-site-and-fix-it/](http://www.wpbeginner.com/wp-tutorials/how-to-find-a-backdoor-in-a-hacked-wordpress-site-and-fix-it/) * Harden your WP installation: [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress) * Additional Resources: [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html) * [wslade](https://wordpress.org/support/users/wslade/) * (@wslade) * [11 years, 3 months ago](https://wordpress.org/support/topic/rogue-code-following-a-hack/#post-5789733) * I know that logic tells you to look at the areas where you can see the spam links. But with hacks, the focus really needs to be on finding the sources of the malware. When you find and correct the sources, those spammy links will go away. * When you said that you had cleaned all the files added, I assume that means you found and deleted files that should not have been in a WordPress installation, is that correct? * What about doing any server side scans? I suggest you install Wordfence. When you have the plugin installed, go to Wordfence > Options >Scans to include and check all the boxes in this section. Than run a scan and let the forum know what, if anything Wordfence finds. * Thread Starter [nigelyork](https://wordpress.org/support/users/nigelyork/) * (@nigelyork) * [11 years, 3 months ago](https://wordpress.org/support/topic/rogue-code-following-a-hack/#post-5789768) * Many thanks to Tara and wslade for coming back to me. It’s a relief ot know that this type of support is available. * Tara: The list of links was great. Having gone through every step in the ‘FAQ_my_site- was-hacked’ post the rogue code/spam links on my site disappeared at the point when I changed my secret keys. I am not sure why that should be the case but I am just pleased that the rogue code has now gone. I am now in the process of hardening wordpress. * wslade: Yes, that right, I did find and delete a range of files that should not have been in the WordPress installation. Having done this and a range of other things, I got my hosting provider to run a server scan and they gave me the all clear. I will, however, have a look at Wordfence as well. * Once again, many thanks to you both for coming to my aid. Let me know if there is anything else I should do/be aware of. * [wslade](https://wordpress.org/support/users/wslade/) * (@wslade) * [11 years, 3 months ago](https://wordpress.org/support/topic/rogue-code-following-a-hack/#post-5789772) * Great News! I’m glad you got your site back. You will probably want to find an article about cleaning the database before you consider the site completely malware free. * Wordfence is a very good plugin for ongoing security. I suggest you fully configure it and use it as security for your site. The help link provided for each option usually gives enough info to know what to enter for that option. If you have any questions about what to enter, come back here with your question. * I make full use of everything Wordfence has to offer except the performance boosting features. I already have a caching solution and I’m too lazy to look at what Wordfence offers. * Don’t forget to change every password using a strong, unique password. Build a back up plan if you don’t already have one. And enjoy blogging… * Moderator [t-p](https://wordpress.org/support/users/t-p/) * (@t-p) * [11 years, 3 months ago](https://wordpress.org/support/topic/rogue-code-following-a-hack/#post-5789774) * you are welcome 🙂 Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Rogue code following a hack’ is closed to new replies. ## Tags * [rogue code](https://wordpress.org/support/topic-tag/rogue-code/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 5 replies * 3 participants * Last reply from: [t-p](https://wordpress.org/support/users/t-p/) * Last activity: [11 years, 3 months ago](https://wordpress.org/support/topic/rogue-code-following-a-hack/#post-5789774) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics