[et_pb_section fb_built=”1″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n
The subject is pretty familiar for most of the WordPress developers and people who maintain the websites. Everyone who takes their website security seriously will honor the advice but there are still some people who wish to take short-cuts and install nulled themes and plugins. Such people are not saving money to add more modules to their website, rather opening a remote website management option to the hacker.<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n
We have added some articles before about such websites which you should not relay to download the plugins or themes. Today I am going to talk about another such website, which is “freewordpresthemes [dot] com”. They are offering a few WordPress themes which you can download free from their website and they are packed with Malware inside. We found them during our regular inspection through the reported malware by our scanner engine. So the cPGuard scanner engine already protects you from the particular malware injected into their package.<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n
So now let us take a look into the actual injection in their package. We found the below injected code in their “functions.php” file which is actually referring to a TXT file in their website.<\/p>\n
[\/et_pb_text][et_pb_image src=”https:\/\/www.opsshield.com\/blog\/wp-content\/uploads\/2022\/07\/wpfreetheme1.png” title_text=”wpfreetheme1″ align=”center” _builder_version=”4.17.4″ _module_preset=”default” module_alignment=”center” global_colors_info=”{}” theme_builder_area=”post_content”][\/et_pb_image][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n
The injected code actually pulls some code from their website, creates a new file under the public space of the website, adds some code to it which is the remote hand for the hackers.<\/p>\n
So what does that mean?<\/strong> Yes, installing and enabling this theme means you have opened up your website to an anonymous person who can make changes to your website without permission.<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n So how can you escape from such threats? <\/strong>There is only one answer to that…download the themes and plugins from reliable sources. You should be ready to pay for the software that is going to serve your requirements or you should find some alternate options instead of opting for such short-cuts. Even though there are numerous incidents and reports around there regarding such issues, people who do not act wisely will end up in such troubles.\u00a0<\/p>\n You can also deploy security solutions like cPGuard on your server to protect you from such threats. But ultimately it is not recommended to use any nulled software if security matters!\u00a0<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" The subject is pretty familiar for most of the WordPress developers and people who maintain the websites. Everyone who takes their website security seriously will honor the advice but there are still some people who wish to take short-cuts and install nulled themes and plugins. Such people are not saving money to add more modules […]<\/p>\n","protected":false},"author":2,"featured_media":4983,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[14],"tags":[],"class_list":["post-4920","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-others"],"yoast_head":"\n