Lately, there have been more and more cases of users downloading WordPress themes that contained internal links and the user actually did not know.
There are also those who suffered security attacks on the blog, and saw a series of malicious code injected into the theme, and also did not know.
It is important then to know how to confirm that the WordPress template you use has not been hacked, or at least has not suffered any attack on your security and integrity.
How do I know if your template has been hacked?
One of the most practical ways to check if your template has been hacked is by opening the blog in your browser and clicking the right mouse button to see the Source Code of the template.
Usually, illegal injected links are placed in the header or footer of your template, so it\’s important to analyze these two sites carefully.
These links are usually directed to pharmacies, drugs, pills, credit cards, and related systems.
If you use Firefox, you still have another very interesting possibility.
Open the Tools tab, click Page Info, and then choose Links.
This section shows you a listing of all the external URLs that are within the page you are viewing, so it is extremely simple to find some link related to pharmacies, drugs or the like.
It is also advisable to thoroughly scan various files in your template as well as WordPress installation files, in search of any suspicious links or information.
How to solve the problem of malicious links?
Usually, when a blog suffers an attack it is because it was making use of a lower version of WordPress. At this moment WordPress is in version 2.5.1, so using previous versions is dangerous from the point of view of the security and integrity of your blog.
One of the great advice I can give you is to keep up to date on your version of WordPress. The Automatic Upgrade plugin is the simplest and most effective way to upgrade your version of WordPress without running any kind of risk.
Another option is the creation of a .htaccess file, which only allows access to the administration panel of your blog, certain IPs.
Create a file with that name and apply the following code inside:
AuthUserFile / dev / null
AuthGroupFile / dev / null
AuthName “Example Access Control”
order deny, allow
deny from all
allow from xx.xx.xx.xx
allow from xx.xx.xxx.xx
</ LIMIT >
Then place this file inside the / wp-admin / folder, to block access only to your IPs, and you will have to fill in the code with the IPs you want to access that information.
One last option may be to turn off directory browsing so that no one has access to the plugins you use, your internal folders, and all the information about your theme.
To do this, look for the .htaccess file that is in the root of your server, and add the line of code: Options -Indexes
There are also those who renew the admin panel passwords with some regularity to avoid problems, and you should also remove the theme-editor.php file from the WP-Admin folder, although these two actions are slightly more aggressive than recommended.
Protect yourself and confirm that your WordPress template has not been hacked!