I've just started doing some website work for a local business, and I noticed today that there's a very unwanted link at the bottom of their site, which is a wordpress site.
The site makes use of a woo theme called 'whiteLight', as well as woocommerce. I've tried disabling and reenabling all plugins that aren't well known and integral to the site's functioning, and I've sifted through a lot of the theme's files.
I can't find where this line is being added to the site. The line "<center>*bad link here*</center>" is being inserted right after the header and right before the closing body tag, on the home page only. The link in question is actually linking to naughty files inside a directory within the wordpress installation. It's not even taking users to an ouside site as far as I can tell.
I don't have FTP access to the wordpress directory yet, but I've requested it. I have very little experience with wordpress hooks etc, and am hoping someone can help me find a starting point in weeding out this unwanted link.
Thanks in advance!
WordFence is the best security plugin for WordPress. I'd recommend you follow the instructions at https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Another good resource to read is https://codex.wordpress.org/FAQ_My_site_was_hacked
I recommend you search all the files as norlesh suggested. If this was my problem I'd use Jetbrains PHPStorm to search all the files. Another much cheaper solution would be to use Textpad - https://www.textpad.com/
It's also possible that the link has been inserted into your database. If so you won't find it in your files. You'll have to search the database. Use a program like phpMyAdmin or MySQL Workbench to export the whole database to your machine. Then search the sql file for the URL. Alternatively use https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ which is a handy tool you upload to the server. From there you enter db login details and search the database. Note if you use this script you should delete if off your server when you've finished using it, it's a huge security risk.