That’s not very specific and possibly incorrect.
Can you provide more detail? If it’s “I used this theme and was hacked” then you may be on the wrong track. Or maybe not as I said can you provide details?
Sorry i was livid. My site was hacked today and when the tech guys from my hosting company looked into it they said that the rainbow theme had a backdoor built into it that allowed hackers to gain access. I tracked back to the theme author and curiously their logo was almost identical to that of the hackers page put up when they took down my site……The hosting company advised it should not be used under any circumstances so I think I’m pretty much on the right track!
Also the author is one Ali Han based in either Pakistan or istanbul depending where you look, not John Brown unless of course they have ripped off his theme..the hackers are pak cyber eagles based also in Pakistan
What that sounds like to me is that your site got hacked and the theme was one of the files compromised. That’s how it’s done, they install back doors.
they said that the rainbow theme had a backdoor built into it that allowed hackers to gain access
Now THAT’S serious. Looking at the download from WordPress.ORG’s repo I can’t find anything like that. But there is 51 files and I just looked at a few. If they can at least provide the file name in the theme then that’s something that can be looked at.
But again, it sounds like your site was hacked and that may not have had anything to do with the theme. With more information that can be checked and if the repo here has bad code it will get dealt with.
I don’t know I can only tell you what they told me. I can ask if they can give me that. I will do so tomrrow as I have had to spend all day rebuilding the site. I did email the theme creator asking of they were aware of it but as yet have had no reply. It just strikes me as a tad coincidental that his page bears an eagle logo very similar to the one on the hackers page..Do creators normally use false names on here ?
Hi Jan I asked them about the file but they said they didn’t haave a record and as I had uninstalled it they can’t check again. Don’t want to put myself open to it again by reinstalling. What they did say is that they are very suspicius of this as it has been happening to a lot of wp sites lately through themes and they are undertaking an ongoing investigation to ascertain if this is a ploy being used by hackers generally. Creating a theme with a back door to hack later. Sorry I can’t be more specific.
hey said they didn’t haave a record
Yes, they do. Your hosts will have access logs which will indicate the file used to gain access to your site – irrespective of whether you have uninstalled the theme or not.
What they did say is that they are very suspicius of this as it has been happening to a lot of wp sites lately through themes
That doesn’t mean a thing. Any file can be compromised by a hacker who has gained access to the server – including theme files. Unless your hosts have hard, definitive, evidence that the theme was the original source of the back door, they really should not be throwing accusations around like that. If they are seeing a lot of hacks on their servers, then it implies that they may have a sever security problem.
All themes hosted on wordpress.org undergo a very extensive automated and manual review – both on original theme submission and again on every single theme update. The chances of a malicious theme getting past all of these checks is minimal, to say the least.
My initial impressions are the same as Jan’s – your site was hacked via an intrusion that was actually elsewhere ion the server and the hackers then implanted a back-door into one or more of your theme’s files (a common practice after server access has been gained).
Ok well don’t shoot the messenger; Just passing on what they said as you asked me to ,I’ve spent a lot of time sorting it out so I will leave it to them to investigate. Whether the theme has an inbuilt hack or whether it is simply vulnerable the unfortunate result was the same. The creator under his other name has still not answered my concerns so they clearly aren’t so keen to rectify the issue. I will just be sticking to wp’s own or paid for themes in future. Btw it is only on wp sites they are seeing so many hacks so I doubt it’s a server issue but you’re the experts 🙂
don’t shoot the messenger; Just passing on what they said as you asked me to
I understand that but what they are suggesting is just plain incorrect.
Whether the theme has an inbuilt hack or whether it is simply vulnerable
Once a server has been compromised, everything is vulnerable.
The creator under his other name has still not answered my concerns so they clearly aren’t so keen to rectify the issue.
Possibly because, as yet, your hosts haven’t actually provided any evidence to prove that the theme is any way to blame for your hacked site. We see these kinds of claims almost every day and in 99.99% of cases, the accused theme or plugin is not responsible.
I will just be sticking to wp’s own or paid for themes in future.
Just one word of warning – not all commercial themes under go the kind of extensive pre-release testing that WPORG themes do. Some commercial themes don’t appear to be checked at all. Paying for a theme is no guarantee of quality.
- The topic ‘This theme allows hacking’ is closed to new replies.