WordPress on Footer Website Vulnerability

WordPress on footer of a website is something I see some people do regularly. They leave the powered by WordPress messaging on the site. The reason why this happens is that the theme being used is free and not premium and by defualt will put this messaging as well as theme tags.

Now WordPress is designed to allow people who don’t know coding to create websites. This is a good thing and part of the reason why WordPress is so popular. However there’s a major drawback and security issue to having powered by WordPress on footer of a website.

WordPress on footer

Bad actors in places overseas will often times use scrapers to find websites that have this powered by WordPress on the bottom and it is an open attack vector. The more that a website is advertising that it’s using WordPress, the more likely it’s going to get targeted by hackers.

The reason why WordPress can be hacked so easily is that the database is a common structure (open source) that is very very popular and easy to attack. The way that most WordPress sites get hacked is through a SQL injection.

What is a SQL injection?

SQL injections are a way that code gets injected into a database using a vulnerability. Basically malicious code will become spread across many of the common site files like a shot gun blast. Some of the code files are able to recreate more malicious files even when they are cleaned up by hand. Other malicious files will do something for the exploiter, like post spam links that bring in revenue when visitors click on them.

Vulnerabilities are patched through theme and plugin updates and core WordPress updates. When a WordPress site is not updated regularly, it is much more likely that a SQL injection will occur. What we want to do as developers or owners of a WordPress site is limit the amount of attack vectors that are present.

Limiting WordPress on Footer Attack Vectors

It’s not possible to completely eliminate all attacks on a WordPress site. That’s why I encourage having a firewall and backups in place. If no firewall and back up services are in place, a site owner is really rolling the dice and most likely will be hacked and may even lose the website at some point.

This is just the way it goes with using WordPress. With a firewall and back up service in place, site owners can rest assured that no matter what happens they will always be able to protect the site and clean the site up if it does get infected.

But I highly encourage removing the powered by WordPress on footer tag and then the theme tag as well. If you don’t know how to remove these reach out to a qualified developer and have them help you for a very small fee.

If you need my assistance removing the power by WordPress or the theme tags from the bottom of your WordPress site contact me here on my contact page.

9 replies

Jason says:
July 12, 2020 at 12:24 pm

I’m so glad you did a post about this. I have this annoying text in my footer currently and I went through the code through WordPress because sometimes you can just edit it out, but I don’t even see the whole code (I think I went to the Appearance tab), anyway, I want to hire someone to fix it, but I am afraid of hiring someone overseas. In 2011, I hired someone overseas and my site was hacked afterwards, and it took months to fix. Do you think it’s safe now to have someone overseas working on your wordpress site? I don’t have a big budget on this fix.
Reply
Riley says:
July 15, 2020 at 5:51 pm

I can’t stand those links from the wordpress theme builders. Luckily, I am able to remove most of them. I had no idea that they could be making the site more vulnerable to hacking. A client of mine had their site hacked before they worked with me. Someone had hacked in and started putting links at the bottom of all of their posts. I wonder if they got in through the SQL injection.
Reply
- Jophiel Silvestrone says:
  July 21, 2020 at 8:29 am
  
  Yes, any indication of the word WordPress in the footer area is a target for scraping tools that eventually lead to a website getting hacked. It’s most likely SQL injection as the attack method of choice, but there are other ways to get in.
  Reply
Ella says:
July 17, 2020 at 12:06 pm

I think I might need to contact you for help on getting rid of the “Powered by Wordress” and theme creator link taken off. I fell in love with the free theme I’m using (it’s actually better than some of the premium themes), otherwise I would have purchased a premium theme so I could take this footer stuff off myself.
Reply
- Jophiel Silvestrone says:
  September 9, 2020 at 10:39 am
  
  Hi Ella! I would be more than happy to help you remove WordPress from the bottom of your website! It’s really a good idea to clean that up for security and aesthetics (:
  Reply
Matthew says:
July 17, 2020 at 8:07 pm

I’m happy that I learned how to build my own WordPress themes. I used to hate those pesky footer tags that you couldn’t get rid of!
Reply
- Jophiel Silvestrone says:
  August 29, 2020 at 12:40 pm
  
  Yes, much better to build your own WordPress theme and get it right from the start!
  Reply
Micah says:
July 18, 2020 at 6:06 pm

I have this on my footer, but there is not link on it (which is weird). Does this still pose a risk?
Reply
- Jophiel Silvestrone says:
  August 13, 2020 at 11:14 am
  
  Yes, it still poses a threat. You don’t want WordPress in the footer as it is a larger target for scrapers. We want to reduce risks as much as possible!
  Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Written by: Jophiel Silvestrone

Jophiel Silvestrone has written 326 posts in the Tech Blog.

Jophiel grew up on a ranch in Paradise Valley, Montana near Chico Hot Springs. Working on the ranch instilled work ethic and self motivation. Filled with this drive, Jophiel started mowing the local school's yards twice a month throughout the summers, at the age of 12. He moved to Billings in 2004, where he has been deeply involved in the local business community ever since. A serial entrepreneur, Jophiel has ran multiple businesses in our local community. The first business, a janitorial and carpet cleaning company, founded in 2005, has employed over 50 locals. Moving on to the media industry, Jophiel and several partners founded Green Directory Montana in the spring of 2007. Green Directory's sustainability ranking software awarded points based on sustainable or "green" actions. These points counted towards a business's total "Green Score," which in turn ranked them against other businesses in their category and throughout the entire site. It also featured a limited edition print version distributed annually. A business acquisition allowed Jophiel to focus on new projects, and a few close business colleagues and Jophiel started Rocky Mountain Mr. & Ms. Magazine, a lifestyle publication for men and women in the Magic City. After a year and a half at the helm of RM3 Magazine, the business was purchased. He now runs a web development company SkyPoint Studios and fathers his son Jaoquin, who plays football, basketball, soccer, and is learning snowboarding from his dad. Recently, has expanded to locations in Havasu, Arizona & Vegas. SkyPoint Studios is a market leader in both Billings & Havasu and Jophiel is working on building that same level of market dominance in Vegas. Specialties: Extensive experience in online and offline business. Especially savvy at WordPress, and operate several sites, one example is the blog: skypointwebdesignbillingsmontana.com/tech-blog. Check out skypointwebdesignbillingsmontana.com for the latest projects from SkyPoint Studios.