Warning Using Free WP Themes

cd34 · 2009-05-03, 03:55 PM

I suspected the same on a client's site that runs multiple wordpress installations that has used multiple free templates. In 5 of the cases, the templates included code in the header.php and sidebar.php that allowed specially crafted strings to allow remote execution. We weren't able to determine whether the modification was made prior to his template being installed or the result of someone having his admin password for a few of the blogs as he didn't have the original template file zips.

walrus · 2009-05-03, 04:46 PM

None of the stuff I've found, so far, has been malicious but I do suggest anyone using free themes look at them closely.

I've never noticed it before but one of the themes I had issues with was one I'd downloaded about a year ago. I just had never used it.

2009-05-03, 03:55 PM	#1
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	I suspected the same on a client's site that runs multiple wordpress installations that has used multiple free templates. In 5 of the cases, the templates included code in the header.php and sidebar.php that allowed specially crafted strings to allow remote execution. We weren't able to determine whether the modification was made prior to his template being installed or the result of someone having his admin password for a few of the blogs as he didn't have the original template file zips. __________________ SnapReplay.com a different way to share photos - iPhone & Android

2009-05-03, 04:46 PM	#2
walrus Oh no, I'm sweating like Roger Ebert Join Date: May 2005 Location: Los Angeles Posts: 1,773	None of the stuff I've found, so far, has been malicious but I do suggest anyone using free themes look at them closely. I've never noticed it before but one of the themes I had issues with was one I'd downloaded about a year ago. I just had never used it. __________________ Naked Girlfriend Porn TGP free partner account