You need a premium wordpress theme or plugin and you went ahead to a torrent site or warez site to download theme and plugins for free. But let me ask you a question, are they really safe? Some of this nulled themes and plugins, when you download and install them on your website and get everything setup and running, you will not know that other people are using you site to make money by injecting malwares in your site using you site to promote their affiliate advertisement.
One of my client whom I was doing website design for had one of his other website infected by a malicious codes and malwares. His site keeps popping up ads which he did not know anything about. When he contacted me and told me about this issue, I have to go to his website and check every themes and plugins installed on the website and I found out that the issue is from the theme that the builder used on the site. Through other checking and analysis of the site it occurred that the nulled theme have an ad.fly pop up ad code injected on it which is not easy to identify. This is the reason why I decided to share this tutorial because some other user of wordpress may be experiencing this same issue which sometimes you may not know what operation that is being carried out on your website. Your site may be used for backlink building, redirect and advertisement promotion which is carried out secretly.
How do you know a nulled theme or plugin containg malicious codes
Some websites and wordpress plugins have made it possible for us to do this easily and for free. Below are the simple methods I use to check infected themes and plugins
Scan the theme before uploading
Virustotal.com: Immediately after downloading the theme or plugin, the first thing for you to do before installing on your website is to upload the zip file you downloaded to virustotal.com to scan it. If it contains any such malicious code it will identify the name with red.
Check theme authenticity
Theme authenticity checker (TAC): This is a free wordpress pugin that will scan all the themes which is installed on your website for any malicious code. Download this plugin and install it, then go to Dashboard>>Appearance>>TAC to scan for the authenticity result of all the themes. It will indicate with warning if any theme contains encrypted links.
Scan plugins for unwanted codes
Exploit Scanner: This is also a free wordpress plugin. This plugin will scan all the plugins and theme you have installed for any unwanted codes. Go to plugins and download exploit scanner then install it. Now go to Dashboard>>Tools>>Exploit scanner and run the scan. This plugin will take some to time to scan according to the number of plugins installed then after which you will see a list of suspected codes.
Note: the browser function can be used to search for plugins install from outside wordpress repository.
Is not advisable to use nulled themes and plugins on your website. Buy the theme or plugin if you are serious with your business.
Note: the browser function can be used to search for plugins install from outside wordpress repository.
Is not advisable to use nulled themes and plugins on your website. Buy the theme or plugin if you are serious with your business.
No comments:
Post a Comment