Malicious WordPress Themes

Remember how I used to complain about unauthorised links being added in my blogroll without my permission?  And how my site got hacked repeatedly despite my strong password?  The answer dawned on me after I saw that one of the sites where I downloaded some WP themes from, ‘www.greatwordpressthemes.com’, was inserted into my blogroll without my knowledge.

It had never occurred to me before that there could be “backdoor” codes in my WP themes that compromised my blog’s security integrity.  Sigh… these despicable hackers!  I hate you assholes!  May your computers crash with every use of the spacebar!  (Ok, that was completely random).

Anyway, I did a bit of research online and found this plug-in that helps scan WP themes for malicious codes.  I did a scan and this was what it showed:

image

This fantastic plug-in also indicates which file the suspicious code is in.  Going through the list, I removed all the suspicious codes from the respective files.  I also checked all the static links to make sure they didn’t belong to any unsavoury sites and am glad to report that – I have a wholesome blog once again.  Yay!

A lot of the themes that had malicious codes in them were from www.themesjunction.com, which up till this morning I thought was great a great site because of their unique themes and helpful administrators.  Remember I had that line spacing problem with my current theme?  I e-mailed themejunction last night and they actually helped tweaked the codes for me.  At first I was impressed by their helpfulness… given that this is a free site after all.  Now, I’m wondering if there was a more sinister motive behind their apparent kindness.

But it doesn’t matter ‘cos I’m using the revised theme, and I cleaned up the malicious codes.  Muahahahaha….

3 thoughts on “Malicious WordPress Themes”

  1. ‘cos it’s from the wordpress.org site (as in the original wordpress site) – definitely tested before. actually it’s recommended that bloggers only download themes from wordpress.org but… boring lah.

  2. i quite like the idea of using the nice themes created by hackers, and then ridding the themes of the malicious code, thus “beating” the hackers at their own game.

    that said, not all themes with malicious code are created by hackers. some are by honest folks but the themes were tainted by hackers & circulated.

Leave a Reply

Your email address will not be published. Required fields are marked *