wordpress malware

One of the things that make WordPress great and popular is the huge number of available free themes and plugins. Unfortunately, the popularity of free WordPress themes have been used by scammers, spammers and malicious users, as an opportunity to cash in and/or wreak havoc. Many of the free WordPress themes available on the Internet today have already been altered by these users, adding base64 encrypted codes into the theme’s functions.php file which when decrypted, contain spammy links or malware.

Recently, a new type of malware was found on some free WordPress themes that are being distributed by a site called top-themes.com (site no longer available). The malware-ridden theme’s functions.php file contains code that inserts a zip file on a theme’s screenshot file. Once activated, the file unzips itself into a new directory and executes the malware file, adds itself (the malware code) and infects other themes in the user’s wp-content/themes directory. This type of malware is really clever because once it accomplishes it’s goal, the file erases itself so it won’t be traceable.

To learn more about how this type of malware works, check out Otto’s post entitled – Anatomy of a Theme Malware. As an additional resource, please make sure to read Lorelle VanFossen’s article – WordPress Theme Malware Prevention and Protection.

To all WordPress users out there, make sure you only download free WordPress themes from reliable sources/websites like the WordPress.org Theme Repository. If ever you’re gonna download a theme outside the official WordPress theme Repository, make sure you only download from the theme author’s website and to use a plugin like the Theme Authenticity Checker, that checks theme files for any encrypted codes.

There are lot of free WordPress themes out there that are not only spam and malware-free but also beautiful and premium-quality. I try to post as many of these themes here on JaypeeOnline so users can find them easily. You can check out the themes I’ve reviewed from the WordPress themes category. If you can afford it, you can also purchase premium WordPress themes from reliable sources like StudioPress, WooThemes, Elegant Themes, Theme Forest, WP ZOOM and many others.

Where do you guys get or download your WordPress themes from? Have you ever been victimized by a malware-ridden theme? Anyone here ever come across this new type of WordPress theme malware? Please share your thoughts.

JaypeeOnline is supported by its audience. When you click on the advertisements or purchase through links on our site, we may earn an affiliate commission. Learn more



Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Facebook or Twitter.


  • Vasim, January 9, 2011 @ 8:27 AM

    thanx to god that i have premium theme of wordpress :)

    and thanx for sharing this …..

  • Sreejesh, December 27, 2010 @ 2:17 PM

    Some sites giveaway premium themes for free, but most of them contain malware.

  • JP Habaradas, December 17, 2010 @ 1:05 PM

    @Abhik – It’s good to use security plugins but it’s better to avoid or not use themes that have malware or spam links encoded into them. :)

  • Abhik, December 17, 2010 @ 1:04 PM

    The best practice is to use some security plugins..

  • JP Habaradas, December 15, 2010 @ 9:25 AM

    @neo – That’s also gonna be a big problem. Thanks for pointing that out. :)

  • neo, December 15, 2010 @ 9:24 AM

    the real problem will set in when google find out and tag you as “malware” site. it would hurt your visibility.

  • JP Habaradas, December 14, 2010 @ 7:10 PM

    @Joie – You mean the official WordPress theme repository?

  • Joie, December 14, 2010 @ 7:07 PM

    I’m a studiopress user but sometimes I downloaded it from wordpress website.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.