WordPress.org

Ready to get started?Download WordPress

Forums

Trust ThemeForest ? and Pexeto? (18 posts)

  1. paulalford
    Member
    Posted 1 year ago #

    I am brand new to WPress and trying to find out who to trust. I bought a theme from MyThemeShop and installed it, started customizing it, their support folks are very helpful...then a few days later I get hacked. I don't even know HOW. I was in the admin section and all of sudden the custom CSS was gone and the theme went all whacky. Then I get a "new user" email and his name is "hacker@gmail.com". What a jerk !!!

    I am getting my hosting company to restore me back to yesterdays backup so that should get me back to where I was....BUT how do I keep jerks like that OUT ???

    I am looking at a new theme at ThemeForest and reading lots of posts on hacking, etc. so that is making me scared of buying from them. The author "Pexeto" seems to sell lots of themes on there so not sure what to believe.

    Help!!

    Paul

  2. Andrew
    Forum Moderator
    Posted 1 year ago #

    We can only ensure that the themes distributed at WordPress.org, http://wordpress.org/themes/ , are to a standard that they do not hold malicious code because they have all been through a thorough review process. For example this is just step one in the review process: http://codex.wordpress.org/Theme_Unit_Test here at WordPress.org.

  3. paulalford
    Member
    Posted 1 year ago #

    I don't see ThemeForest on the commercial page for WordPress, so I can gather they are not following your rules or guidelines so it might be safest to stay away from theme makers who are not on WPress Commercial Page ?

  4. Andrew
    Forum Moderator
    Posted 1 year ago #

    That is what I assume to be true, although when I have explicitly made that connection there had been some disagreement http://wordpress.org/support/topic/reusing-a-premium-theme

  5. Jose Castaneda
    Member
    Posted 1 year ago #

    paulalford,

    Not so sound like a broken record but that decision is ultimately yours to make. Having never bought any themes I can't really speak from experience. If anything, I will highly suggest that you read and talk to as many people as possible though. Much like buying a car you have to do research, right? You have needs that you want met after all.

    As for why TF isn't on the list a bit of a long story. I'll briefly summarize: 100% GPL Licensed themes.

    As Andrew stated the themes in the repo are tested by actual human beings ( I try when I can ) and have to meet specific guidelines in order to be accepted into the repository.

  6. paulwpxp
    Font hero
    Posted 1 year ago #

    I am brand new to WPress and [...]...then a few days later I get hacked. I don't even know HOW.

    Just to be fair to TF and other commercial theme vendors in general. A user new to WP and the site got hacked. It could be number of things.

  7. paulalford
    Member
    Posted 1 year ago #

    Right, I wasn't trying to sound like ANY commercial vender was a hack station. I am more looking at this from a beginners "logic." If I install something like WP, and configure it (best I know how with all the settings available to me or everyone) and check every box I see to "must approve by admin", "do not allow this and that" and within hours I have a hacker get in and start destroying things, then I don't want anything to do with WPress now. I don't have the time or energy to jump through all these hoops and still not protected. When many gurus who know tons more than me, say its not safe...I believe them. So I think I will get out before I even get started. I don't think I was hacked because I bought a theme from anyone...I was hacked because the window was cracked open and the jerk exploited it.

    Seems to this beginner, if there are simple things that "should" be done to make it safer...then shouldn't the WP download COME that way? I have to install, get hacked THEN get all this great advice about things I SHOULD have done. Even after I do those things, its STILL not completely safe. No thanks.

  8. paulwpxp
    Font hero
    Posted 1 year ago #

    I'm sorry that you have gone through all these troubles. Getting hacked is the worst thing that could happen to any site owner.

    If you don't mind sharing, I was wondering if you ever figured out the real reason why it got hacked? What exactly did your hosting company say to you?

  9. paulalford
    Member
    Posted 1 year ago #

    Paul...I am telling you this is going to make me scream. I started a new website, for the community here and not even made it real public yet, decided to make it a WP deal so people can comment, leave ideas, help eachother, etc.. and I was just hacked again by the same guy in S. Korea.

    I have fought for 2 days trying to get it back to where it was before the "hack" and have been redoing all of the missing info and pics, pages, etc. and this guys just did it again !! Now the theme is gone whacky and things wont work right in the admin section.... so its trashed again. I even installed the Better WP Security that was recommended on the WP.org site and that didn't stop him. I deleted the install.php file, I deleted admin, and changed the passwords and he still got in.

    I need an expert to stop this guy !!

  10. Emil Uzelac
    Theme Review Admin
    Posted 1 year ago #

    @paulalford get in touch with your hosting provider, let them know what happened, they will investigate and patch your site if needed.

  11. paulalford
    Member
    Posted 1 year ago #

    Thanks and I HAVE been in constant contact with my hoster (WestHost)for several days now. WPress is a 3rd party software and not their property or responsible for...so they can only "suggest" a few things. They don't know how this guy is getting in either. I am a beginner so I don't know much of nothing so its just overwhelming to me. It seems nobody is safe from WP hackers.

  12. Emil Uzelac
    Theme Review Admin
    Posted 1 year ago #

    Security is always their responsibility and sorry to hear that they said otherwise :(

    Go to http://sitecheck.sucuri.net/scanner/ and see if anything comes out.

    If Sucuri doesn't show anything, see if someone from http://jobs.wordpress.net can give you a hand. Maybe this is something simply overlooked.

    P.S. Keep in mind that the platform is safe, however outdated plugins or badly made theme can be a problem.

  13. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

  14. paulalford
    Member
    Posted 1 year ago #

    Thanks again Emil. This is a brand new install of WP latest version, and only 1 or 2 plugins installed straight from WP.org and they were up to date too. I was the only user (until he registered with the user name hacker@gmail.com....jerk. I did just scan it with Sucuri and found nothing. Figures.

    I would love to hire someone to handle this...but now that I have been violated, twice, I am not trusting ANYONE. Really making me rethink doing this whole site to begin with since it was going to be open to the public for free resources, helping families, etc.. and now I am shut down before I even get started. I don't have time for this mess.

  15. Emil Uzelac
    Theme Review Admin
    Posted 1 year ago #

    Sorry to hear that and I definitely know the feeling. Lastly, see if your host can give you a backup, or some type of rollback maybe. If so, you can restore what was lost.

  16. paulalford
    Member
    Posted 1 year ago #

    Sigh, way ahead of you. I did have a couple day old backup and after fighting for 2 days with this...finally got the backup restored today. It was a few days old, so missing things that I started redoing (theme edits AND posts) which I was in the middle of doing when I see it start acting weird again...I go to the login log and I see that Mr Jerk has hit me again. The home page already looks whacky again (while I am working on it) so this jerk was just waiting on me to fix it so he could trash it again.

    I was also told if a hacker injects something in the WP and/or database, the backup will contain that too...so a backup isn't 100% trustworthy either. Man I can win for losing.

  17. paulwpxp
    Font hero
    Posted 1 year ago #

    • Whatever email you use for admin, change its pwd along with security question. Make sure your email is safe.
    • Do you connect to the server via (plain)FTP ? If so, use SFTP instead, ask your host for it.
    • Do you connect via wifi connection ? If so, make sure it's secured.
    • Each time you got a clean install and got hacked again, did you have that same theme(s) installed?
    • How much work do you have on this new site?, if not that much consider deleting the db, and start fresh.
  18. paulalford
    Member
    Posted 1 year ago #

    Thanks Paul. I had done some of that, but will do them all this time.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.