A wordpress theme malware is mainly some extra codes hardcoded in theme’s php or javascript files in order to execute malicious functions like injecting links, stealing admin data like passwords and hacks.

Recently a new wordpress theme malware is found, which is mainly a piece of base64-encrypted code, in a free wordpress theme’s functions.php file distributing through some freely available wordpress theme from a wordpress theme dump website. Jay wrote a long post on his blog regarding this.

The malware-ridden theme’s functions.php file contains code that inserts a zip file on a theme’s screenshot file. Once activated, the file unzips itself into a new directory and executes the malware file, adds itself (the malware code) and infects other themes in the user’s wp-content/themes directory. This type of malware is really clever because once it accomplishes its goal, the file erases itself so it won’t be traceable.

Additionally, this malware sends notification to its creator about it existence on a server and allows him to insert links on writable theme files on a wordpress installation. Otto, the coder of my Gravatar Hovercards plugin, wrote a post called Anatomy of a Theme Malware where he explains the nature of this malware. Read here

Better be careful. Download themes from offical sites alone. It’s safe or before installing check your functions.php file to ensure that the virus coding is not there.

About the author

Priyangshu Borgohain wrote 338 articles on this blog.

Priyangshu Borgohain is the owner of Geeks4Share. He is a 17-year-old blogger and web entrepreneur from India who loves making money on the internet. You can join him on Google+.