Forums

WordPress › Support » Themes and Templates

Unwanted additions to functions.php break themes (5 posts)

  1. acesuares
    Member
    Posted 1 year ago #

    I have a multisite with about 20 themes installed. After installing the last 2 themes last week, suddenly themes based on Arras where broken.

    After investigation, it turned out that in ALL themes the functions.php had some extra code in it.

    After a long time of googling, looking at the code etc, I finally came to a blog post that describes similar problems. It's here: http://harmonyinfotech.in/cms/wordpress-cms/wordpress-virus-function-_check_isactive_widgets/

    The code wants to do something with the email address livethemes@gmail.com

    I also found this code on http://themes.svn.wordpress.org/simply-works-core/1.2/functions.php (Although the code is slightly different so it seems we have versions of the code here). Because of that I first thought it's not malicious code if it's up there at wordpress.org.

    The version of the code that I got is here: https://gist.github.com/967287

    If you run diff you will find slight alteration but the same email address is in there.

    Please advice.

  2. acesuares
    Member
    Posted 1 year ago #

    I got the malicious theme here:

    http://www.themes2wp.com/download-free-a-free-worpress-theme-feeding-wordpress-theme

  3. acesuares
    Member
    Posted 1 year ago #

    The theme seems to be removed now, great!
    But I wonder why it is so silent around this topic, isn't that a major security issue, that themes can do that, and not just any theme, but themes that are advertised here too?

  4. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    All themes submitted or updated since June 2010 undergo a review that now includes an automated check for any suspicious code but, as you might imagine, this can be an ongoing battle with the checks trying to keep pace with the spammers etc. However, it's not uncommon for less reputable sites to download themes from wordpress.org, add their own (often very dubious) code and then offer these altered themes for download.

    http://wordpress.org/extend/themes/ still remains the best and safest place to download themes from.

  5. acesuares
    Member
    Posted 1 year ago #

    Thx esmi for your reaction..!

    I found one of the infected files here http://themes.svn.wordpress.org/simply-works-core/1.2/functions.php but the theme itself is not infected anymore, probably these where some old files.

    Very nice that you're holding a cleanup!

    But is there no way to restrict a theme to it's own directory? Because this way every installed theme is a risk, even if installed from wordpress site.

    Cheers

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags