WordPress on footer of a website is something I see some people do regularly. They leave the powered by WordPress messaging on the site. The reason why this happens is that the theme being used is free and not premium and by defualt will put this messaging as well as theme tags.
Now WordPress is designed to allow people who don’t know coding to create websites. This is a good thing and part of the reason why WordPress is so popular. However there’s a major drawback and security issue to having powered by WordPress on footer of a website.
Bad actors in places overseas will often times use scrapers to find websites that have this powered by WordPress on the bottom and it is an open attack vector. The more that a website is advertising that it’s using WordPress, the more likely it’s going to get targeted by hackers.
The reason why WordPress can be hacked so easily is that the database is a common structure (open source) that is very very popular and easy to attack. The way that most WordPress sites get hacked is through a SQL injection.
What is a SQL injection?
SQL injections are a way that code gets injected into a database using a vulnerability. Basically malicious code will become spread across many of the common site files like a shot gun blast. Some of the code files are able to recreate more malicious files even when they are cleaned up by hand. Other malicious files will do something for the exploiter, like post spam links that bring in revenue when visitors click on them.
Vulnerabilities are patched through theme and plugin updates and core WordPress updates. When a WordPress site is not updated regularly, it is much more likely that a SQL injection will occur. What we want to do as developers or owners of a WordPress site is limit the amount of attack vectors that are present.
Limiting WordPress on Footer Attack Vectors
It’s not possible to completely eliminate all attacks on a WordPress site. That’s why I encourage having a firewall and backups in place. If no firewall and back up services are in place, a site owner is really rolling the dice and most likely will be hacked and may even lose the website at some point.
This is just the way it goes with using WordPress. With a firewall and back up service in place, site owners can rest assured that no matter what happens they will always be able to protect the site and clean the site up if it does get infected.
But I highly encourage removing the powered by WordPress on footer tag and then the theme tag as well. If you don’t know how to remove these reach out to a qualified developer and have them help you for a very small fee.
If you need my assistance removing the power by WordPress or the theme tags from the bottom of your WordPress site contact me here on my contact page.
Leave a Reply
Want to join the discussion?Feel free to contribute!
I’m so glad you did a post about this. I have this annoying text in my footer currently and I went through the code through WordPress because sometimes you can just edit it out, but I don’t even see the whole code (I think I went to the Appearance tab), anyway, I want to hire someone to fix it, but I am afraid of hiring someone overseas. In 2011, I hired someone overseas and my site was hacked afterwards, and it took months to fix. Do you think it’s safe now to have someone overseas working on your wordpress site? I don’t have a big budget on this fix.
I can’t stand those links from the wordpress theme builders. Luckily, I am able to remove most of them. I had no idea that they could be making the site more vulnerable to hacking. A client of mine had their site hacked before they worked with me. Someone had hacked in and started putting links at the bottom of all of their posts. I wonder if they got in through the SQL injection.
Yes, any indication of the word WordPress in the footer area is a target for scraping tools that eventually lead to a website getting hacked. It’s most likely SQL injection as the attack method of choice, but there are other ways to get in.
I think I might need to contact you for help on getting rid of the “Powered by Wordress” and theme creator link taken off. I fell in love with the free theme I’m using (it’s actually better than some of the premium themes), otherwise I would have purchased a premium theme so I could take this footer stuff off myself.
Hi Ella! I would be more than happy to help you remove WordPress from the bottom of your website! It’s really a good idea to clean that up for security and aesthetics (:
I’m happy that I learned how to build my own WordPress themes. I used to hate those pesky footer tags that you couldn’t get rid of!
Yes, much better to build your own WordPress theme and get it right from the start!
I have this on my footer, but there is not link on it (which is weird). Does this still pose a risk?
Yes, it still poses a threat. You don’t want WordPress in the footer as it is a larger target for scrapers. We want to reduce risks as much as possible!