We all love Premium WordPress Themes. And when you get to download them for free from different websites across the internet it gets even sweeter, getting to save those extra bucks seems like a good idea.
These themes have nothing to indicate if they have be compromised or anything, they look very clean and even if you scan them with an Anti Virus software, for my case Kaspersky they checkout to be clean.
I have been a victim, not once not twice but thrice, of my sites begin compromised by using these free downloaded themes from the internet.
Normally the themes have been edited to add a backdoor to the website,using a few lines of codes. Almost impossible to notice even if you open the files and go through the thousands of lines of codes. If you are up to the task.
After you install these themes the attacker using the backdoor can now download more files to your hosting server, edit some config files and do much more. The backdoor was just to give them access to your server.
How Did I Notice That I have Been Hacked.
Honestly it would have been impossible for me to notice that I have a backdoor in my website if it was not for the WordFence Plugin. If you are running a WordPress website, the first thing you should do before even finishing reading this story, you should go install this plugin. WordFence pin pointed for me the exact line of code that gives backdoor access to an attacker and the files that have been either modified or not part of the core WordPress files.
I have written in more details on how to secure a WordPress site, you can download the e-book for free by subscribing to my website. One major way to secure your website is to get Themes and Plugins from trusted sources. But talk of preaching water and drinking wine. Even after writing about it, this habit is hard to break. But now I have learnt my lessons.
Another red flag that indicated my website was compromised is I found other files in my Cpanel File Manager, the hacker was hosting probably Phishing scripts on my server. I downloaded them to my local computer for further analysis and then deleted those on my Cpanel. And am not saying this is the whole clean up process if you have been hacked.
From one of the website that was hacked due to a compromised theme. When users visited the website via a mobile device. It would bring pop ups and redirects them to some other website. Talk of Malvertisig. This rendered my website almost useless and I only found out about this from a user complaining of the pop ups.
So guys let me end here, make sure you buy those themes otherwise you just risk you website being compromised.