Trojan - How to check if a WordPress (free) theme is free of trojan?

7 replies
How to check if a WordPress (free) theme or plugin is free of Trojan? People may know everything you do inside your admin area if a free plugin or theme has Trojan scripts in it. How to avoid it?

I bought a pain plugin and received a referred visit from the company who sold this plugin to me, but my site is brand new, even Google has not indexed it. There is no way other people would know my site's domain/url, except certain script in the plugin sent my url to some one... It is not necessary a bad thing, just want to know how to find it out and what it does (if that plugin company didn't click my URL, I won't have known this) ...
#check #free #theme #trojan #wordpress
  • Profile picture of the author seasoned
    Originally Posted by johnzhel View Post

    How to check if a WordPress (free) theme or plugin is free of Trojan? People may know everything you do inside your admin area if a free plugin or theme has Trojan scripts in it. How to avoid it?

    I bought a pain plugin and received a referred visit from the company who sold this plugin to me, but my site is brand new, even Google has not indexed it. There is no way other people would know my site's domain/url, except certain script in the plugin sent my url to some one... It is not necessary a bad thing, just want to know how to find it out and what it does (if that plugin company didn't click my URL, I won't have known this) ...
    You think you get a theme for free? That's NEAT! A lot of times, at least with templates, you ARE giving something to them. It MIGHT merely be a mention on copyright, etc... Sometimes Affiliate links. Sometimes a banner, and SOMETIMES a back link. In fact there are LOTS of programs/templates/etc... that have back links, and CHARGE you for the mere license to remove them.

    So just because the provider seems to magically know about your site does NOT mean there is a trojan. What COULD have happened is that they had a linked graphic on their template. You brought up a page, the graphic was downloaded from their system, and BANG they found you!

    As for finding out if it is infected? I BELIEVE these are generally HTML. I may be wrong there. HTML by itself won't be a problem, but they could have javascript, popups, or forms that could trigger an infection. These days, they could EVEN be hidden in flash routines! I would look for the javascript, and popups, and check them out. And Forms should generally have an action from YOUR server. There ARE cases, like if you are using aweber, when they may go there. I haven't really looked at WP, and am speaking GENERALLY about themes and templates here.

    Steve
    {{ DiscussionBoard.errors[3749560].message }}
  • Profile picture of the author Istvan Horvath
    Use free themes from wordpress.org. They check themes for malicious/hidden code...
    Signature

    {{ DiscussionBoard.errors[3749578].message }}

Trending Topics