A wordpress theme malware is mainly some extra codes hardcoded in theme’s php or javascript files in order to execute malicious functions like injecting links, stealing admin data like passwords and hacks.

Recently a new wordpress theme malware is found, which is mainly a piece of base64-encrypted code, in a free wordpress theme’s functions.php file distributing through some freely available wordpress theme from a wordpress theme dump website. Jay wrote a long post on his blog regarding this.

The malware-ridden theme’s functions.php file contains code that inserts a zip file on a theme’s screenshot file. Once activated, the file unzips itself into a new directory and executes the malware file, adds itself (the malware code) and infects other themes in the user’s wp-content/themes directory. This type of malware is really clever because once it accomplishes its goal, the file erases itself so it won’t be traceable.

Additionally, this malware sends notification to its creator about it existence on a server and allows him to insert links on writable theme files on a wordpress installation. Otto, the coder of my Gravatar Hovercards plugin, wrote a post called Anatomy of a Theme Malware where he explains the nature of this malware. Read here

Better be careful. Download themes from offical sites alone. It’s safe or before installing check your functions.php file to ensure that the virus coding is not there.

About the author

Priyangshu Borgohain wrote 310 articles on this blog.

Hey there, this is PrIyAnGsHu, the owner of Geeks4Share. I'm a 17 years old blogger and web entrepreneur from India who loves making money on the internet. When he is not engaged with his online business, you may find him playing games on his PS3 or listening remixed songs with full volume :P. You can join me on Google+.