With affordable hosting services and domain names available at a bargain, creating a WordPress website has become cheap and easy. As a consequence, this also nurtures a mindset where website owners desire premium themes, but do not wish to pay for these. Instead, they illegally download the cracked or nulled versions of these premium themes. Unlike the basic free themes, these cracked WordPress themes offer a full-feature set similar to their premium counterparts. The premium feel ends there, though. These cracked themes are usually hacked, and contain malicious code that allows hackers backdoor entry to your site.

Once your site has been hacked, there are a number of things that can go wrong with your website. Below we list some of the most common signs of website hacking caused by nulled themes:

  1. Hacked website defacement
  2. Awfully slow loading on hacked site
  3. WordPress theme causes website crash
  4. Pages redirected to other websites
  5. WordPress site banned by search engine/web hosts

Let us elaborate on what happens to your website when hackers infect your website with a cracked theme.

1. Hacked website defacement

One of the most common forms of hacking is website defacement. If your website has been defaced, then you would most probably find some form of a social or politically charged message on the site posted by the hacker. This form of hacking is typically conducted by hacktivists (‘activists’ acting by means of hacking) as a way of bringing awareness to some socio-political issues that they are passionate about. Instances of hacktivism that come to mind are the Anonymous’ hack of the Philippine Comelec or the defacement of the ISIS websites with ads of performance-enhancement drugs.

Another form of hacktivism involves hacking websites to access private and sensitive information, which is then published for all the world to see. Some instances of such hacktivism are the  Panama Paper leaks or the time when FBI and CIA websites were hacked, and personal information of officers was released.

2. Awfully slow loading on hacked site

A common form of hacking involves the hacker using your website and its resources as a storage space for anything from pirated movies to shareware. Running these illegal files on your server slows down your WP site since it consumes valuable resources. And as we know, slow websites are bad for business, thanks to the ever decreasing attention span of readers. Moreover, when pages take too long to open, the server throws a 500 error. When your website fails to load, it fails to retain visitors. It affects the SEO of your website and can cause your search engine rankings to plummet.

hacked wordpress site down

3. WordPress theme causes website crash

From hosting company issues to human errors, there are several reasons for WordPress websites to crash. Sometimes websites may crash when you are trying to update a theme or plugin. Other times, a website crash could be the result of malicious activities that use too many resources. Or even accidental deletion of files and folders. (It’s worth mentioning here, that accidental loss of data on any such occasion can be prevented by taking backups.)

4. Pages redirected to other websites

Attackers have a number of ways of exploiting your site’s resources. They could be performing Black Hat SEO that’ll allow them to redirect your website traffic to their websites. Besides stealing your traffic, redirection could cause harm to your site. When visitors from your website are being redirected to another that is selling website selling illegal, it could adversely impact your online reputation. Moreover, as your site is unable to retain visitors for more than a few minutes, search engines like Google would see this a sign of a poor website. Hence, your search engine ranking will take a hit.

5. WordPress site banned by search engine/web hosts

Google advocates safe browsing experience, and for this very reason, it blacklists websites that are hacked. In fact, more than 10,000 websites (including hacked websites) are blacklisted every day. Since these blacklists are designed to stop visitors from entering an unsafe site, often websites end up losing up to 95% of web traffic!

A salt-in-wound situation arises when your web hosting providers end up suspending your hacked WordPress sites. But there is a good reason for taking this course of action. In the case of shared hosting, there is a real danger of a hacked website infecting other websites on the same server. Oftentimes when one website on shared hosting consumes too much bandwidth, other websites’ performance also gets affected. This too may cause your web host to suspend your site.

Given that there are a whole lot of things that could go wrong due to a single hacked WordPress theme, it’s to clean your hacked site before any major damage occurs.

Here is How to Fix and Clean Corrupted Theme –

There are many ways to fix your hacked theme and plugin – that includes using various tools such as WordPress plugins as well as manual methods. Let’s begin with the manual method.

1. How to Manually Clean a Hacked Theme?

Hacked themes typically open backdoors to your website through which hackers inject malicious code into your site. These hidden backdoors can be found in /wp-content/themes/ folder of the WordPress root directory (the /public_html folder) as well as in other folders like the uploads folder. Compare the /wp-content/themes/ folder present on your website with the one publicly available in the WordPress repository and look for any unknown php files or extra folders as they could be part of a hack. You can also look for common malicious PHP functions like ‘base64’, ‘eval’, ‘stripslashes’, ‘move_uploaded_file,’ etc.

That said, it’s important to note that these PHP functions may not all be part of the hack – some may be a valid part of the theme! Also in some scenarios, files and folders that are part of the theme may not be part of the repository.

Looking at recently modified WordPress files can lead you to discover a hack but hackers these days are far smarter. They’ll change the timestamp making it impossible to find the file they modified.

As you can see, even though it is possible to use manual methods to clean a hacked theme, the success rate of the method is always very low, given the complexities involved.

2. How to Clean a Corrupted Theme Using a Security Service?

When it comes to cleaning a hacked theme and in turn your affected website, the best option is to use the best-suited security plugin from a range of WordPress security plugins. Security plugin doesn’t just scan WordPress site to serve malware warning, they also help clean your site. Different security plugins offer different cleaning services. Most of these plugins do a thorough clean-up of the entire website including the infected theme. Let’s look at the different cleaning services that you can choose from to clean hacked theme on your site.

hacked site clean up

i. One-click automated cleanup:

Hack cleanups are best handled by security professionals. The problem with this method is that it involves waiting, which can be disastrous to your website. As we discussed earlier, a lot can go wrong (Google blacklisting, web host suspension) when a website is hacked. Services, where the WordPress user or website owner can auto-clean the website without the help of an external professional, can help fast-track this critical process. MalCare Security Service is the only plugin that offers automated one-click cleanup of a hacked website. Moreover, MalCare offers unlimited cleanups no matter what plan you choose.

ii. Different Levels of Cleanup Services:

Security plugins like Sucuri Security offer different levels of clean up services. Depending on the plan that you choose, they can clean up your hacked site between 30 minutes to 12 hours. Cleaning up with Sucuri typically involves communicating with external security personnel. With him/her, you’ll have to share access of your website and SFTP credentials. Sucuri has a year-long plan that offers unlimited cleanups. No matter how many times a website gets hacked, they’ll clean the website for you.

iii. One-Time Cleaning Service:

There are several WordPress security services that offer a one-time cleanup. Wordfence Security Services is one such WordPress malware removal plugin that you can avail that scans your website and cleans malicious codes. A major drawback with Wordfence is that it does not guarantee a time period to clean up your hacked site. It could take from hours to days. And as we have mentioned earlier, it’s harmful to delay the removal of malicious codes from a hacked site.

In conclusion

Before leaving, we’d like to emphasize the importance of using good, legitimate themes on your website. With hundreds of free and premium themes available, it is important to know what to look for in a good WordPress theme. Finding good themes is not that hard. Let’s leave you with this excellent guide on how to choose a WordPress theme. And needless to say that you must buy themes from trusted sources or vendors.


Tweet