How To Use Nulled WordPress Themes Without Getting Hacked

How To Use Nulled WordPress Themes Without Getting Hacked

Pradeep Bhattarai's photo
Pradeep Bhattarai
·

5 min read

You might be annoyed with low-quality WordPress themes which are available for free. There are tons of premium WordPress themes available. But, you also don’t want to spend on purchasing themes. So, what’s the option? You will be using nulled premium WordPress themes which different websites provide you with for free.

You will be using such themes in your site, and you never know when your site starts getting less responsive, starts showing abnormal behaviour, and a lot more. It may probably be defaced or different admins might be added to your site without letting you know. Why’s this? Today, you will find out why this happens.

How to Use Nulled WordPress Themes without Getting Hacked?

First, you need to know that 99% of the people and brands seek to benefit. None will provide you with things for free. But, some websites on the Internet are providing you with premium WordPress themes for free. Do you see any benefit here? No. But still, they are taking benefit from you. Very few of them may be providing totally premium themes for free. But, most of them provide you for free, by injecting some extra codes into the theme files. Such codes are PHP codes that allow uploading of files, creation of new files, etc. into your web hosting file manager. They also inject codes that track your website and provide the URL of your website to them so that they can get full access to their website.

But, if you have some knowledge of PHP, you will easily be able to remove those harmful codes from nulled WordPress themes. Today, I will be showing you how exactly you can remove such codes from nulled WordPress themes. You can follow the same process that I am going to provide you below in case of nulled WordPress plugins.

Before getting started, you need to have a little bit of familiarity with playing with codes. But, even if you don’t have any experience in playing with codes, I am going to be explaining everything in detail.

Step 1

Download a nulled WordPress theme that you would like to remove the harmful codes from.

Step 2

Upload the compressed .zip file of the theme from your WordPress Dashboard by going to Appearance, then Themes, then clicking on “Add New” and finally clicking on “Upload Theme” to get the theme uploader.

Step 3

After the theme is uploaded, you can activate it.

Don’t worry! Your site won’t be hacked in just a few minutes. In the next few minutes, I will be showing you how you can remove all the harmful codes from your installed nulled theme.

Step 4

Just visit your website once and close it again. The theme files will make some changes to your web hosting account by creating certain files.

Step 5

Log in to your web hosting cPanel.

Step 6

Go to File Manager and browse the directory containing your website files.

Step 7

Go to the wp-includes folder and you will see a file named wp-vcd.php and another file named wp-tmp.php.

Once browse to the original WordPress wp-includes folder here: github.com/WordPress/WordPress/tree/master/... You won’t get these files there. This means these two files were created by the nulled theme.

Step 8

Just delete those two files from the wp-includes folder. But, this isn’t the end. The theme will create those files again when you visit your website. So, don’t visit your website yet. Instead, keep following the next steps.

Step 9

Go back to the home directory of your website and get over to the wp-content folder.

Step 10

Once you have reached the wp-content folder, you can go into the themes folder.

Step 11

Now, when you are in the themes folder, go to the folder where the nulled theme is uploaded.

Step 12

Once you get into the nulled theme folder, search for filenames with the word “class”. These are theme class files. There might be just a single or a couple of class files in your theme. Open the file and you will see some codes.

Now, you have to look for certain codes in the file. These are some of the harmful codes that might be included in the file:

  • system($_GET[‘cmd’]);

This code allows anyone to run Linux shell commands on your website. People can easily upload files, delete files, view a list of files, rename files and do a lot of things if this code is included in the file.

  • $username=’….’; $pass=’….’;

Inside $pass=’…’, there’s usually a 32-digit text, it is MD5 encrypted text.

  • or code similar to this.

This code allows people to upload files to your website.

  • fopen(“wp-vcd.php”,”w”);
  • fopen(“./wp-vcd.php”,”w”);
  • fopen(“../wp-includes/wp-vcd.php”,”w”);
  • fopen(“wp-tmp.php”,”w”);
  • fopen(“./wp-tmp.php”,”w”);
  • fopen(“../wp-includes/wp-tmp.php”,”w”);

If this kind of code is included, then it creates the wp-vcd.php and wp-tmp.php files into your web hosting.

If you find any codes similar to these codes in the file, you have to remove the piece of code starting from <?php to ?> where the above codes are included in the middle of these two starting and ending codes.

But, remember! You shouldn’t delete the class files in order to make the process a lot easier, since the codes above or below these codes are the theme core codes and they help in making your theme look good.

Step 13

After you remove such codes from the theme class files, also look for every other file with the .php extension in the theme folder and look for similar codes and follow the same process. When you have made the changes by removing such codes, you can save the file.

Now, you have successfully removed all the harmful codes from the nulled premium theme in your website, which means the owners of the website from which you got the theme for free won’t be able to access your website.

This is how you can easily remove all the harmful codes from every file in the nulled WordPress theme. In the same way, you can remove such codes from nulled plugins. The only thing you need to do is to go to the plugins folder rather than the themes folder in Step 11.

I hope you are able to remove such codes from your website and make your website protected from hackers and other cybercriminals.

If you are having problems in making changes in the codes, you can leave a comment below with full details and I will try to guide you in removing such codes from the premium WordPress themes or plugins that you got for free.