Subscribe to Shoultes.netNews FeedSubscribe to Shoultes.netComments

Browse > Home / Archive by category 'Website Security'

Would you download a pirated premium plugin or theme?

0

Beware of “pirated” premium plugins and themes that may add malicious scripts and open back doors into your server and/or your WordPress installations.

Apparently several people have had the misfortune of downloading a pirated version of my Advanced Events Registration plugin from some file sharing websites. One person’s site was entirely overwritten with spam posts and links pirated software. While another persons entire website was completely wiped out.

The website owner (whom I wont mention here) actually threatened to sue me because five years worth of content was completely removed from their blog. When I asked for a copy of their receipt from the purchase of the premium plugin. The person stated they had downloaded it from a free file hosting website. Can you believe it! So I stated the obvious, “You didn’t purchase the plugin from my website, so you will need to contact whomever you received the files from. I am not responsible for code that may be distributed by outside sources.”

Moral of the story:

Premium plugins and themes may be GPL licensed (or not in some cases.) Unless you get them from a trusted source, you may be taking a major risk using them.

Related information:

How Downloading a Premium Theme/Plugin From the Wrong Place Can Ruin Your Site

Downloading a Premium Theme from the Wrong Site can be Expensive

Download Free Premium WordPress theme :What’s the Catch?

WordPress Premium Developer and Author Piracy My Thoughts

The Ethics of WordPress Themes at a Premium

Posted by Seth on Monday, July 19, 2010 at 11:24 am 
Filed under My Plugins, Open Source, PHP, PHP Developer News, Ramblings, Website Security, Wordpress · Tagged with

WordPress/Website Security Exploits

1

I have recently seen several websites that I maintain, as well as several that I don’t maintain, hacked by some kind of bot net. It has been a really good learning experience to say the least.

Most of the hacked websites were running WordPress, so my first thought that it was some kind of security exploit in WordPress. Then I was asked to investigate of a few static HTML or PHP driven websites without WordPress installations. All of the hacks were very similar and had their index.php, index.html, and .htaccess files modified. In the index.php and index.html files there was javascript code and iframe virus codes appended to the end of the file that would try to install different variants of badware/malware to unsuspecting visitors. I even seen a file that had stripped out part of the code within the file and replaced it with the malicious javascript and  iframe virus browser exploits. Therefore completely breaking the file (luckily we had a backup of the now broken file and were able to to get the site working again.) Continue reading “WordPress/Website Security Exploits” »

Posted by Seth on Friday, January 1, 2010 at 8:28 pm 
Filed under HTML, PHP, Website Security, Wordpress, wordpress security · Tagged with