What no one tells you about malware infected themes

By April 9, 2015 Website No Comments


A business owner came to us to build a temporary site for her business.

Google had shut her down and she had an upcoming event to promote.

She told us that her web designer charged her for a theme and additional plugins for her WordPress site.

Everything was going fine until Google shut her site down for being infected with malware. Google frowns on sites spreading malware and now she has to pay someone to go through and clean the site and prove to Google that she’s no longer infectious.

She was confused.

She paid for her theme and plugins so she should have been malware free right?

Well, the web designer didn’t pay for the theme and plugins. They were downloaded from fake torrent sites or peer-to-peer sites.

The downloads weren’t scrubbed through an anti-virus program and were uploaded with no perceived problem.

Kevin Muldoon who writes for Elegant Themes lists the common malware threats:

  • Pharma Hacks – Injects spam into your website database or files
  • Backdoors – Allows hackers to gain access to your website at any time using FTP or your WordPress admin area
  • Drive by Downloads – When a hacker uses a script to download a file to the users computer, either without their knowledge or by misleading the visitor and saying the software does something useful
  • File and Database Injections – Inserts code into your files or database that lets the hackers do a number of different things
  • Malicious Redirects – Redirects visitors to a page of theirs that misleads people into downloading an infected file
  • Phishing – Used to acquire usernames, passwords, email addresses, and other sensitive information

Over time the malware attached to the theme and plugins began to surface and red flags went off at Google.

We were able to get her temporary site up, complete with clean themes and plugins downloaded from reliable, trusted sources.

So how do you protect yourself and your site? How do you avoid the inconvenience of your site being down? How do you avoid losing sales?

Talk to your web designer or developer. Ask them to run an authenticity checker. Ask them how will your site be backed up just in case the unthinkable happens. And if you paid for a theme, be sure to ask for your theme’s zip file.


Leave a Reply