1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wordpress theme security

Discussion in 'Blogging' started by Roparadise, Aug 5, 2011.

  1. Roparadise

    Roparadise BANNED BANNED

    Joined:
    May 25, 2011
    Messages:
    786
    Likes Received:
    1,417
    What do I look for in a theme,to see if there might be a modification that will allow someone to gain access to my site? I just downloaded CTR theme v1.4 nulled.
     
  2. desilovar

    desilovar Newbie

    Joined:
    Jul 13, 2011
    Messages:
    35
    Likes Received:
    0
    I don't think any themes have backdoors man!
     
  3. ┼blackrat┼

    ┼blackrat┼ Senior Member

    Joined:
    Jul 31, 2010
    Messages:
    899
    Likes Received:
    729
    Location:
    Sewer
    what do you look at? the theme files. check if there is no encrypted code.

    What are you, nuts?
     
    • Thanks Thanks x 1
  4. desilovar

    desilovar Newbie

    Joined:
    Jul 13, 2011
    Messages:
    35
    Likes Received:
    0
    Hm, I thought mainly extensions had the backdoors.
     
  5. TogaPartee

    TogaPartee Newbie

    Joined:
    May 5, 2011
    Messages:
    42
    Likes Received:
    14
    templates have easter eggs hidden in them

    usually they are obfuscated so they do not look obvious

    download the template

    do mass find in all template or plugin files for this string

    base64_decode(

    this is what usually prefixes encoded stuff that someone does not want you to read

    there are some legit uses but really why hide stuff unless there is an alterior motiv!
     
    • Thanks Thanks x 1
  6. oakley56fila

    oakley56fila Junior Member

    Joined:
    Feb 14, 2011
    Messages:
    108
    Likes Received:
    32
    Occupation:
    SEO Consultant, Web Designer / Front-end Developer
    Location:
    Washington State
    These plugins might help:

    WP Security Scan
    Login LockDown

    Take a look at them.
     
    • Thanks Thanks x 1
  7. ┼blackrat┼

    ┼blackrat┼ Senior Member

    Joined:
    Jul 31, 2010
    Messages:
    899
    Likes Received:
    729
    Location:
    Sewer
    you´ll often find these in the footer for free themes you grab over the web. The developer wants the links intact so he encrypts the code. not hard to change though, but you will always want to take a look at the piece of code.
     
  8. Roparadise

    Roparadise BANNED BANNED

    Joined:
    May 25, 2011
    Messages:
    786
    Likes Received:
    1,417
    There wasn't any code that could get the uploader of ctr thene nulled in my site. Thanks for the advice guys
     
  9. ninny83

    ninny83 Junior Member

    Joined:
    Aug 13, 2010
    Messages:
    100
    Likes Received:
    12

    Just install the wp file monitor plugin to send you alerts that check if some of your themes files have been changed over time (it's a signal of site injection/hacking).