Themes, Templates and Scripts
How to use nulled wordpress plugins and themes safely
Submitted by Dahric, 26-05-2019, 12:45 PM, Thread ID: 131497
Thread Closed
Heya there. I've been making a bunch of wordpress websites for some of my clients using lots of nulled or cracked plugins. Many websites that hand out these "free" resources also hand out things like hidden miners that leech of the users in secret or just plain adwares that redirect users to their own ad-filled sites.
How to get around this? Well, the process is actually very simple. The easiest approach is using a service that does not hand out viruses together with the plugins and themes. I recommend gpldl.comfor downloading things in the first place, their resources are free of bloatware and I've never had any problems with them in any way. The best thing about it, its free! No subscriptions or paid membership to use 99% of their resources.
I do however always recommend to check your themes and plugins for bloatware if you download them from a sketchy website. What should you look for? When using services as downloadfreethemes or any imposter websites you should look for things in the functions.phpfile and the file class.theme-modules.php. You will see that in the functions.php file of infected files the beginning is always as follows:
This is what you are looking for. If this line exists in the functions.php it exists in more places and will infect your site with adware if you are not careful.
In this example im using Divi theme from downloadfreethemes.com.
https://imgur.com/I9d3oqI
As you can see in the top there is the infamoussnippet in the functions.php file. So remove that. It's not good. You can see it's pointing to a file. Remove that too. That file is the one doing the magic. In this theme, there are three of these files. Use something like notepad++'s function of searching in files for this snippet or just the class.theme-module.php string. Remove all occurances and all associated files and you will be good.
HELP! I'VE ALReADY BEEN INFECTED! What should you do if you already have the virus?
I'd recommend taking a backup of all the files on the server to your local machine. The virus is smart, it infects ALL themes and plugins you have on your server. You have to take a backup, remove all files in the wp-content/themes and wp-content/plugins directories to be sure. The virus will run and just add new maliciouscode and files if you simply remove it since the code is being executed all the time. At this time your hosting company might have suspended your hosting since the virus has potential of spreading to other installations of wordpress on their machines.
Heres what you need to do:
1. Copy ALL files over to your local machine.
2. Remove the wp-content/plugins and wp-content/themes (wp-content/mu-plugins if it exists). Also delete the wp-admin and wp-includesdirectories including all files inside.
2. In ALL themes and plugins, search for class.theme-module.php and the malicious snippet as mentioned above. Remove all occuring files and code.
3. These are affected files:
- wp-includes/posts.php <-- This file has the malicious snippet in the top. Remove that snippet.
- wp-includes/class.wp.php<-- Delete this file
- wp-includes/wp-vcd.php <-- Delete this file
replace these with stock wordpress directories and you will be fine
4. Upload the files back to your server.
In conclusion - use https://gpldl.com - its superior. Otherwise be careful on the internet and make sure to like this post.
How to get around this? Well, the process is actually very simple. The easiest approach is using a service that does not hand out viruses together with the plugins and themes. I recommend gpldl.comfor downloading things in the first place, their resources are free of bloatware and I've never had any problems with them in any way. The best thing about it, its free! No subscriptions or paid membership to use 99% of their resources.
I do however always recommend to check your themes and plugins for bloatware if you download them from a sketchy website. What should you look for? When using services as downloadfreethemes or any imposter websites you should look for things in the functions.phpfile and the file class.theme-modules.php. You will see that in the functions.php file of infected files the beginning is always as follows:
PHP Code:
<? php if (file_exists(dirname(__FILE__) . '/class.theme-modules.php')) include_once(dirname(__FILE__) . '/class.theme-modules.php'); ?>This is what you are looking for. If this line exists in the functions.php it exists in more places and will infect your site with adware if you are not careful.
In this example im using Divi theme from downloadfreethemes.com.
https://imgur.com/I9d3oqI
As you can see in the top there is the infamoussnippet in the functions.php file. So remove that. It's not good. You can see it's pointing to a file. Remove that too. That file is the one doing the magic. In this theme, there are three of these files. Use something like notepad++'s function of searching in files for this snippet or just the class.theme-module.php string. Remove all occurances and all associated files and you will be good.
HELP! I'VE ALReADY BEEN INFECTED! What should you do if you already have the virus?
I'd recommend taking a backup of all the files on the server to your local machine. The virus is smart, it infects ALL themes and plugins you have on your server. You have to take a backup, remove all files in the wp-content/themes and wp-content/plugins directories to be sure. The virus will run and just add new maliciouscode and files if you simply remove it since the code is being executed all the time. At this time your hosting company might have suspended your hosting since the virus has potential of spreading to other installations of wordpress on their machines.
Heres what you need to do:
1. Copy ALL files over to your local machine.
2. Remove the wp-content/plugins and wp-content/themes (wp-content/mu-plugins if it exists). Also delete the wp-admin and wp-includesdirectories including all files inside.
2. In ALL themes and plugins, search for class.theme-module.php and the malicious snippet as mentioned above. Remove all occuring files and code.
3. These are affected files:
- wp-includes/posts.php <-- This file has the malicious snippet in the top. Remove that snippet.
- wp-includes/class.wp.php<-- Delete this file
- wp-includes/wp-vcd.php <-- Delete this file
replace these with stock wordpress directories and you will be fine
4. Upload the files back to your server.
In conclusion - use https://gpldl.com - its superior. Otherwise be careful on the internet and make sure to like this post.
Users browsing this thread: 1 Guest(s)