WordPress & Joomla theme users beware!

Thanks to Milo for giving me the heads-up concerning the discomforting news which targets WordPress & Joomla users.

Templates Browser is re-distributing public blog themes which are modified in such a way as to exploit the end user by inserting hidden spam or malware links. A quick search concerning the website pulls up the following links on AboutUs, Joomla forums, and Onnoot – here & here.

The links are inserted via an additional functions.php file which is included with the theme downloads. If you’re shopping around for public themes, I strongly recommend that you download directly from the original authors website.

Unfortunately, one of my own public themes – 5ThirtyOne V2 – is one of the "dirty" themes that has been modified and is currently being redistributed.

Spread the word and inform other WordPress & Joomla users – Digg this.

Take Care of your Hosting Issues

Make sure you have safe and secure hosting for your website. Sometimes unix web hosting is a more secure option, so do your hosting research before paying the big bucks. Take care of your website hosting issues today!

Discuss - 68 Comments

  1. Carl says:

    There are a few that do this … joomlatp.com and jooma2u.net download free templates then put in their own code for their sites and pass of the templates as their own ..

    be aware of those two .. as they might one day put other stuff in

  2. pascualrandy says:

    How can we stop this kind of treats?
    is it detected by our personal antivirus or anti malware?

    thanks for this info

  3. Jorge says:

    I use wordpress themes in my sites, how can I check if there is any malware on my theme code?

  4. nitendra says:

    Yeah its true i think bcoz my site got same problem i had to delete everything and uploaded everything from scratch.

  5. irma says:

    It looks a suspicious site. It’s just a collection of templates without any information about the owner of the site

  6. Techilli says:

    For wordpress, there’s a plugin called Theme Authenticity Checker (TAC) available for verifying that the themes files are safe and doesn’t contain any malicious code in them.

  7. kpb says:

    Great article, and thanks for the heads up!
    I downloaded a theme once that had Adsense ad units, with the creators Publisher ID. Not really malicious, but it was sneaky.