Every blogger feels to have a good-looking and well-functioning blog. Many Premium WordPress themes provide extra functionalities like special widgets, sharing tools etc. These themes are good-looking and well structured too. Many people download these themes for free from theme piracy sites. But they don’t know the harms of using such pirated themes.
How Pirated Themes Harm your site?
Nulled or pirated themes may contain malicious codes. Some part of coding in Encrypted form, which you can not understand. Such coding may cause serious issues to you.
1. Hidden Iframes : The iframes are used to embed another document within your web pages. Many themes have forced footers. If you remove it, your theme won’t work. These footers can be managed remotely. Immediately disable such themes, if you are using.
2. Hacking : Such themes can give your WordPress details to the hackers. A common symptom seen is unwanted users. Even if you haven’t enabled user registration, you see some users in WordPress admin. These users may have admin access to your blog. This is called back door access. These users may manipulate your database, insert any code injection into your blog or simply get your database information.
3. Malware : You should (at least) scan the .zip file you have downloaded. It may contain malware or spyware. If you directly upload the .zip file, your blog or site might be marked as malicious. Web hosts immediately suspend such sites. Search engines may de-index your site permanently.
4. Cloaking : Cloaking is presenting different content to Human users and Search bots. For example, let’s say you run a blog about fruits. You have optimized it well for SEO. But if your theme is showing something else to search bots, may be p*rn, you will never rank for your targeted keywords. Cloaking is very bad and may lead to getting your site de-indexed forever. Many themes are found to be having cloaking code in them. Such sites show different content to search engines. Hence they can never rank well.
5. Important Updates : Core WordPress, plugins and themes keep on updating to address important functional, compatibility and security issues. If you are using a pirated theme, you do not get these updates. So, obviously, you get at a risk point. Your theme may or may not work properly after WordPress update.
Piracy is Bad!
As you are using pirated theme, you are not on the safe side. The theme company can take legal action against you. Genuine web hosts do not support nulled content. They can disable or suspend your blog permanently.
How to determine malicious code in themes?
Up till now we talked about pirated themes. But many free themes may also harm your blog. So, it is always recommended to download themes from trusted sources. If you want to check whether your theme is genuine or not, you can use following tools :
1. VirusTotal : While downloading .zip file, you may not have a Virus detecting agent. VirusTotal is a free online service that analyzes suspicious files and URLs and detects viruses, worms, trojans, and all kinds of malware. It uses around 50 scan agents for testing malware.
2. WordPress plugins : There are several plugins available to check your themes :
i. Theme Authority Check – This plugin scans every installed theme and check for malicious or unwanted code. The plugin is very simple to use.
ii. Exploit Scanner – This plugin checks everything in your site. It scans all files, plugins and database as well. This plugin is created by Donncha O Caoimh who has also created extremely popular plugin – WP Super Cache.
3. Eval Decoder : Most themes contain Eval encrypted code. This encryption is two-way. So, you can decrypt the code and see exactly what inside is. Online Eval decoder : http://perishablepress.com/tools/decoder/
Other recommended plugins for WordPress Security :
1. Better WP Security : This plugin provides great Security measures in a single pack.
Get this plugin
2. BulletProof Security : This plugin points out different security threads and backdoor, right from .htaccess to spam comments.
Get this plugin
3. Wordfence Security : This is like an Antivirus software for WordPress. It is similar to BulletProof Security.
Get this plugin
This was my view about harms of using pirated or nulled WordPress themes and WordPress security measures. Share your views too.