Warning to Joomla and WordPress Theme Users



wordpress logo

Found this article from Derek Punsalan’s blog 5ThirtyOne.

Templates Browser dot com is collecting WordPress & Joomla public themes and modifying them by inserting hidden spam or malware links that can compromise the end user then re-distributing it in their site. These spam and malware links are inserted in a functions.php file that comes with each theme download.

Derek’s popular WordPress theme 5ThirtyOne V2 is one of the themes being re-distributed by Templates Browser. Other themes in their list include the Fresh theme by iLemoned and the NotSo Fresh theme which I previously used here in my blog.

If you’ve recently downloaded a WordPress or Joomla theme from Templates browser, make sure you don’t use it and download a clean version from the theme’s original source. That’s why it’s always a good practice to download themes from reliable sources or directly from the author’s homepage or theme homepage.

Please help spread the word so other Joomla and WordPress theme users would be aware of this. Visit Derek’s post and Digg it.

Anyone of you guys happen to download or used an infected theme from Templates Browser or other malicious websites? If not, where do you usually get your WordPress themes from? Please share your thoughts by leaving a comment below.

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

24 Comments

  1. JP Habaradas

    February 26, 2008 at 10:25 PM

    @webslave – You’re welcome! Just doing my best to spread the word and warn users. Yup, we really should be careful on what we download or install on our blogs. :)

    Daghang salamat sa imo pagbisita sa akong blog. ;)

  2. webslave

    February 26, 2008 at 10:21 PM

    tsk..tsk.. thanks for that infos… *sighs* now i know.. i should be careful.

    daghang salamat sir!! :mrgreen:

  3. JP Habaradas

    September 12, 2007 at 11:02 AM

    @Gary – Oh okay, that’s good. You’re welcome! :)

  4. Gary Wise

    September 12, 2007 at 10:42 AM

    Thanks, Jaypee, but I changed the template back to a safe one.
    :grin:

  5. JP Habaradas

    September 12, 2007 at 6:30 AM

    @blogOloco – Yup, we really should be cautious and vigilant when it comes to these type of issues. I always remind my readers to only download themes or plugins from reliable sources.

    I’m using Firestats for that. You can download it here.

  6. P.I.N.O.Y aka blogoloco

    September 12, 2007 at 5:59 AM

    It’s good that you highlighted this issue. It’s something that you would be cautious on. Make sure you don’t download anything from a dodgy site especially. Themes and Plug ins both can be targetted definitely. They will try whatever they can.

    OTT – i’m interested with your location avatar that show up beside the user comment. could you tell me where to download it. cheers mate.

  7. JP Habaradas

    August 17, 2007 at 10:30 AM

    @Gary – It does seem to be intermittent but if Google finds out that your blog is linking to spam blogs, you might get blacklisted. Better safe than sorry. :)

  8. Gary Wise

    August 17, 2007 at 9:39 AM

    I found this post after looking through my generated page code for Joomla! and found various links to University porn stashes.

    However, it seems to be intermittent?

  9. JP Habaradas

    August 8, 2007 at 5:14 AM

    @Connie – You didn’t specify kasi so I was left to speculate. LOL :D

  10. Connie

    August 8, 2007 at 2:51 AM

    Hoy, Jaypee, ang dumi ng isip mo ha. “Dila” and ibig ko sabihin mwahahahahahaha

  11. JP Habaradas

    August 8, 2007 at 12:32 AM

    @Connie – Ganun ba? Eh pano kung babae sila, ano yon puputulin? LOL :D

    Maybe we can start another mob to get rid of sites like this. If you already started one, let me know so I can join. :)

  12. Connie

    August 7, 2007 at 8:49 AM

    Uy Jaypee, I meant “putol” elsewhere hahahaha

    LOL @ Ajay. Don’t you just love it? I was very proud to be part of the mob that got the WP themes with sponsored links off the WP site. hahahaha

  13. JP Habaradas

    August 7, 2007 at 8:00 AM

    @ajay – I don’t think my post was the one that spawned the “local” thing or is it? Or maybe you’re referring to the issue that’s involved in this post? Sorry, I’m a bit confused. Hehe :D

  14. ajay

    August 7, 2007 at 7:48 AM

    Didn’t quite realize that this post has spawned an even bigger controversy locally . Shame on these Pinoys!

  15. JP Habaradas

    August 5, 2007 at 7:45 AM

    @Riz – My bad. I wasn’t able to explain it well coz Twitter limits the number of characters per message.

    The only way to fight them is to tell other WordPress users about it so they won’t download from that site again. Maybe you can post an announcement on your blog about it so those who use your themes would know.

  16. Riz

    August 5, 2007 at 3:03 AM

    Ohhh okaay. I didnt understand your twit. I didn’t realize it was redistributed with spammy links. arrg. Tsktsk. Is there any way we could take the themes out of their database? Arrg. Screw these people!!

  17. JP Habaradas

    August 4, 2007 at 3:00 AM

    @Connie – Some people use their talents into bad use. I agree, dapat nga sila putulan. Putulin ang mga daliri para hindi na sila pwede mag type ulit or mag modify ng mga themes. :D

  18. Connie

    August 4, 2007 at 2:43 AM

    Anak ng tinapay! Di pa nakotento sa spammy links sa footer. Dapat talaga sa mga yan, putulan.

  19. JP Habaradas

    August 3, 2007 at 11:00 PM

    @jhay – Engenuity taken to another level. Really nasty indeed!

  20. jhay

    August 3, 2007 at 10:58 PM

    Talk about engenuity right? Nasty evil-doers.

  21. JP Habaradas

    August 3, 2007 at 2:15 PM

    @Elizar – Make sure you only download from the theme author’s site or from a very reliable source. You’re welcome!

  22. Elizar

    August 3, 2007 at 2:09 PM

    OMG! I am actually looking for a joomla template! geezz, good thing i’m still using the default one….

    hope the one i download is clean..

    thanks for posting this man! ;)

  23. JP Habaradas

    August 3, 2007 at 11:30 AM

    @Joni – I know. Some people will do about just anything just to make money. I sure hope those people who downloaded themes from that site would be alerted before it’s too late.

  24. Joni

    August 3, 2007 at 11:25 AM

    Tsk tsk! These people have nothing better to do! I feel sorry for those WordPress and Joomla users who made use of the modified themes with hidden links and malware.

    You’re right, WP users should just download themes directly from the author’s website. Themes.wordpress.net is reliable website too.

Leave a Reply

Your email address will not be published. Required fields are marked *