This morning I got an email from an employee at StatCounter.com. She wanted to alert me to the presence of their stat counter on my website, pointing to another website that was an advertiser for Viagra. The StatCounter employee asked me:
Are you aware that there is a hidden link to a Viagra site on your site?
Ummm… no?
I was skeptical of the email, so I did a quick “view source” on my blog and sure enough the offending code was tucked away at the bottom on my HTML, right after my footer.
I spent a little bit of time trying to track down the hidden script, but with literally hundreds of potential candidate files to wade through in my WordPress deployment, I opted for a quick Google search instead, and turned up this post from a fellow WordPress user Aidan. The root of the problem is that apparently TemplateBrowser.com, where I got my theme from, is injecting themes with this additional, unwanted code.
This can be fixed very simply:
(1) Find the footer.php in the template directory and delete the call to the credit function.
(2) Find the functions.php file and delete the credit function.
That will eliminate the script.