Skip navigation

Malware Found in WordPress Theme – Protect Yourself Now

WordPress ThemesI’ve just published “WordPress Theme Malware Prevention and Protection on , covering the recent WordPress Theme dissection of malware by Otto.

The article sums up his revealing analysis of how a Theme malware code integrates itself into your site, even down to the server level, through a twisting path of imaginative code. The code reminds me of insidious bombs featured in an episode of Star Trek: Deep Space Nine called “Houdinis.” The bombs vanished in and out of subspace, each less than a meter from another one in a grid. At any time it could appear and explode if it detected movement near it, surprising and killing the victims. This code has the ability to activate, create trouble, then erase its path, making it tough to detect, test, and eliminate.

The article also offers some tips and WordPress Plugins for checking your site for security vulnerabilities, as well as possibly test a Theme before you become too invested in it. There is no one full-proof, one step thing you can do yet, though there are many working on some advanced site armor and prevention tools which I will cover in an upcoming article on WordCast.

In general, use the built-in auto update feature to upgrade WordPress immediately when a mandatory security update is released, and upgrade Themes and Plugins.

Remember, prevention is cheaper and easier than dealing with a hack after the fact.

We live in “interesting times,” and I dream of the day when those who dance with the dark put their creative energy, discipline and determination into projects of light, peace, and joy…and that good would pay better than bad.

Related Posts


Feed on Lorelle on WordPress Subscribe Feedburner iconVia Feedburner Subscribe by Email

Copyright Lorelle VanFossen.

25 Comments

  1. chris
    Posted December 11, 2010 at 4:50 pm | Permalink

    nice article lorelle.

    I do use google search to find quite a bit of themes, but I never activate them until i have gone through functions and footer, plus the other template files just to make sure nothing evil is in them.

    for beginners its something to read, even people packaging up original themes and adding their own codes.

    • Posted December 12, 2010 at 6:58 pm | Permalink

      A search just “anyone” could miss these. I cannot recommend using Google as a “trusted” source for finding WordPress Themes. It’s like the lottery. :D

  2. Posted December 11, 2010 at 6:10 pm | Permalink

    Some people really need a day job. I agree with the sentiment about maybe these numbskulls could use their skills for better things other then ruining people’s blogging and webdesign experiences.

  3. Posted December 11, 2010 at 6:16 pm | Permalink

    Otto covered this topic few days ago and it impressed me, now this from you Lorelle and it’s definitely worth reading and spreading around. People who want free themes should be very careful while downloading them from shady sites, every theme that i.e. footer.php isn’t readable should be good sign that there is something wrong and in many cases regular user will have no knowledge of this.

    When you download “free” theme you get much more than just a theme.

    It’s almost always good idea to get your theme from people that everyone knows, even bigger plus is if their site is listed on WordPress.

    Thanks,
    Emil

  4. coiram
    Posted December 12, 2010 at 2:21 am | Permalink

    Interesting.

    What about a black list of those themes?

    Additionally how can I be sure that the ones listed on WordPress are Malware free?

    • Posted December 12, 2010 at 6:56 pm | Permalink

      If you would like to create such a list, go ahead, however, I wouldn’t recommend going out looking for such Themes. :D Anyone can change the name of a Theme instantly, so such a list would be worthless.

      The WordPress Themes in the WordPress Theme Directory are reviewed and scanned thoroughly, which is why you can trust them.

  5. Posted December 12, 2010 at 2:57 am | Permalink

    Thank you for this reminder. I recently shifted to WordPress theme blogs because of the flexibility and the available plugins. Thanks.

  6. Posted December 12, 2010 at 5:01 am | Permalink

    I’ve use the theme checker plugin for a while now. Really good for spotting “free” themes that are loaded with hidden code and links too.

    WP plugins worry me. As I’ve seen one or two on WP.org that have forum posts saying they have malware or hidden links.

    Always pays to read the plugin support forums on WP before installing I think!

  7. Posted December 12, 2010 at 10:13 am | Permalink

    Lorelle,

    Found this link from my dashboard, how truly important to choose clean free theme.

    I always recommend my readers to select their themes carefully.

    Heading to Otto’s article now,

    Thanks,

    Kimi.

  8. Posted December 13, 2010 at 12:05 am | Permalink

    Thanks for sharing your thoughts about your article Lorelle. It gives me another idea now to be more careful in choosing such Themes. I hope someone can create a plugin does act like an Anti-virus that protects our blog for any threats such as this one.

  9. Posted December 13, 2010 at 3:35 am | Permalink

    Yes, well said Lorelle.

    It is so important to update not only WordPress but also the themes and the plug-in’s that are available for it as well, and this is an item that sadly is lost on a lot of people using the software

  10. Posted December 13, 2010 at 7:02 am | Permalink

    It is saddening that people ruin such a great product (WP) by doing things like this. Nice article though Lorelle, will definitely be wary.

    • Posted December 13, 2010 at 9:40 am | Permalink

      While I blog fairly exclusively about WordPress, such malware is not limited to the WordPress Community of products and services. In fact, they tend to be less than found in a lot of other template suppliers for other publishing platforms and services.

  11. Posted December 13, 2010 at 11:30 am | Permalink

    It would more than likely be more effective to black-list these sites by domain, and not by theme name, for example, the theme in which this malware was found; was originally legitimate and by and large still is.

    The theme had been downloaded from the WordPress site and re-uploaded to the scammers site after he/she had placed the malware into it.

    It would be more inconvenient for these scammers to change their site address than the theme name and costly too.

    • Posted December 13, 2010 at 12:04 pm | Permalink

      While it sounds like another nice and easy idea, blacklisting doesn’t work as people can create proxies and domain names faster than running water. Domains are cheap.

  12. Posted December 14, 2010 at 10:28 am | Permalink

    There are two articles on plugins spam as well: New kind of WordPress Plugin Spam and part two.

  13. unyilbotak
    Posted December 14, 2010 at 10:52 am | Permalink

    anyway how to protect wordpress from malware.

    • Posted December 14, 2010 at 10:55 am | Permalink

      This assumes you read the article on WordCast which offers tips.

  14. Posted December 15, 2010 at 11:34 pm | Permalink

    Some months back I told a friend that I suspect it was my WP plugin giving my blog malware. He was quite shocked. Only thing is the plugin withe the malware was not an SEO plugin. I am going to heed the advise of not downloading any plugin outside WordPress.org Also, do check that all files do not contain something like .ru or pantscow.ru (My blog was hit with this twice. The 2nd time I was hit, I simply upgraded and the malware, was once again gone.)

  15. Posted December 17, 2010 at 8:09 am | Permalink

    Wow, I didn’t know this was out there! Scary!

  16. Posted December 17, 2010 at 1:38 pm | Permalink

    As someone who has been hit by malware a bunch of times I think Automatic should look into creating an App Store that features plugins and themes along the lines of what the iTunes store does. It would offer free and premium themes and pugins that would be tested before being accepted. It would give theme and plugin authors great visibility, could be easily integrated into the WordPress ecosystem and would be a source of revenue for Automatic as well as the authors. They could even offer plugin packages for various combined functionality, again for a fee.

  17. Scott
    Posted December 21, 2010 at 2:01 pm | Permalink

    People that create malicious software really piss me off. Of course, now it’s no longer just a challenge to corrupt someone’s computer – there is the profit incentive behind it also. When the scammers start making money, we all lose. I use Malwarebytes to keep that crap out of my computer.

    • Posted December 21, 2010 at 10:14 pm | Permalink

      They anger me, too, but I stick to well-known virus and malware checking services. There has always been profit to evil, and the web, unfortunately, is no different in the evil economy. :D

  18. Abbie
    Posted June 17, 2011 at 8:06 pm | Permalink

    I got warned about possible malwares injected on certain themes.
    Using Theme Authenticity Checker helps me a lot.
    Thanks for reminding this..

    • Posted June 18, 2011 at 9:25 am | Permalink

      Yes and now. I’ve had clients with malware in WordPress Themes and several Plugins that claimed to check thoroughly didn’t find them consistently, though the newer updated ones have improved. The issue is that truly criminal WordPress Theme and template providers have also improved their efforts.

      And a Theme checker will not do much for a site infected by one of the malware trojans initiated by Themes, Plugins, and other methods that initiates and cloaks, one that I’ve battled on a couple sites. I long for the day when we have a tool that will dig in deep to find and prevent all of the evil on a WordPress blog. Until then, go with trusted resources and check using the tools available.


9 Trackbacks/Pingbacks

  1. [...] more here: Malware Found in WordPress Theme – Protect Yourself Now « Lorelle on WordPress Tags: malware,, security, virus, wordpress,, [...]

  2. [...] Malware Found in WordPress Theme – Protect Yourself Now I’ve just published “WordPress Theme Malware Prevention and Protection on WordCast, covering the recent WordPress Theme [...] [...]

  3. [...] full article can be found by clicking the link here. Categories : Apple, Computers, Linux, Microsoft Windows, Tech, internet, [...]

  4. [...] Malware Found in WordPress Theme – Protect Yourself Now [...]

  5. [...] around the world similar to the one that plagued many websites and blogs, including WordPress, a malware-style bot that can do damage and hide itself from detection, making it painful to remove. According to an announcement on ComputerWorld, the new massive botnet [...]

  6. [...] Malware Found in WordPress Theme – Protect Yourself Now [...]

  7. [...] Malware Found in WordPress Theme – Protect Yourself Now [...]

  8. […] are those who report malware in WordPress Themes, digging deep into the code to reveal the mechanics of such nasties. They help us to understand how […]

  9. […] Lorelle on WordPress, Malware Found in WordPress Theme – Protect Yourself Now. […]

Post a Comment

Follow

Get every new post delivered to your Inbox.

Join 20,973 other followers

%d bloggers like this: