Beware of WordPress Theme Malware

wordpress malware

One of the things that make WordPress great and popular is the huge number of available free themes and plugins. Unfortunately, the popularity of free WordPress themes have been used by scammers, spammers and malicious users, as an opportunity to cash in and/or wreak havoc. Many of the free WordPress themes available on the Internet today have already been altered by these users, adding base64 encrypted codes into the theme’s functions.php file which when decrypted, contain spammy links or malware.

Recently, a new type of malware was found on some free WordPress themes that are being distributed by a site called (site no longer available). The malware-ridden theme’s functions.php file contains code that inserts a zip file on a theme’s screenshot file. Once activated, the file unzips itself into a new directory and executes the malware file, adds itself (the malware code) and infects other themes in the user’s wp-content/themes directory. This type of malware is really clever because once it accomplishes it’s goal, the file erases itself so it won’t be traceable.

To learn more about how this type of malware works, check out Otto’s post entitled – Anatomy of a Theme Malware. As an additional resource, please make sure to read Lorelle VanFossen’s article – WordPress Theme Malware Prevention and Protection.

To all WordPress users out there, make sure you only download free WordPress themes from reliable sources/websites like the Theme Repository. If ever you’re gonna download a theme outside the official WordPress theme Repository, make sure you only download from the theme author’s website and to use a plugin like the Theme Authenticity Checker, that checks theme files for any encrypted codes.

There are lot of free WordPress themes out there that are not only spam and malware-free but also beautiful and premium-quality. I try to post as many of these themes here on JaypeeOnline so users can find them easily. You can check out the themes I’ve reviewed from the WordPress themes category. If you can afford it, you can also purchase premium WordPress themes from reliable sources like StudioPress, WooThemes, Elegant Themes, Theme Forest, WP ZOOM and many others.

Where do you guys get or download your WordPress themes from? Have you ever been victimized by a malware-ridden theme? Anyone here ever come across this new type of WordPress theme malware? Please share your thoughts.

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.


  1. Vasim

    January 9, 2011 at 8:27 AM

    thanx to god that i have premium theme of wordpress :)

    and thanx for sharing this …..

  2. Sreejesh

    December 27, 2010 at 2:17 PM

    Some sites giveaway premium themes for free, but most of them contain malware.

  3. JP Habaradas

    December 17, 2010 at 1:05 PM

    @Abhik – It’s good to use security plugins but it’s better to avoid or not use themes that have malware or spam links encoded into them. :)

  4. Abhik

    December 17, 2010 at 1:04 PM

    The best practice is to use some security plugins..

  5. JP Habaradas

    December 15, 2010 at 9:25 AM

    @neo – That’s also gonna be a big problem. Thanks for pointing that out. :)

  6. neo

    December 15, 2010 at 9:24 AM

    the real problem will set in when google find out and tag you as “malware” site. it would hurt your visibility.

  7. JP Habaradas

    December 14, 2010 at 7:10 PM

    @Joie – You mean the official WordPress theme repository?

  8. Joie

    December 14, 2010 at 7:07 PM

    I’m a studiopress user but sometimes I downloaded it from wordpress website.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.