Check your WordPress themes for malicious codes!

Check your WordPress themes for malicious codes!

If you’re using free WordPress and Joomla themes, then you should check your theme files for some malicious codes. This issue was first raised by Derek of 5ThiryOne (via JaypeeOnline) which hit Digg’s frontpage the other day. One of Derek’s free WordPress themes have actually been modified and inserted with malicious codes.

On the same note, I got a call from Michael Rogers (commonly known in the local SEO circles as seoluv) pointing me to a similar case he wrote on his blog accusing SEO World Champion Benj Arriola of willfully distributing WordPress themes with PHP codes that pulls out hidden links when search engines visit blogs that uses his free themes.


The infected WP themes include the Transformers Fans, among others. I have not checked all the other themes if there were other PHP codes inserted in them. These themes will spew out several hidden links to the On top of this, Michael Rogers is also accusing Aileen Apolo of conniving with Benjie Arriola to rank for the keyword “Google Country Consultant”. Here’s the screenshot of the codes with links to the respective keywords.

Janet Torral called me a while ago so I could explain to her what this fuss is all about. Apparently, she was also contacted by Michael Rogers to expose this story in her column in the newspaper (SunStar). He quoted Janet getting feedback about this story to Aileen, which the latter vehemently denied. It is still uncertain whether Aileen knows about this Black Hat SEO technique which Benj implemented for her blog using his freely distributed WordPress themes.

I believe this issue is more geared towards the WordPress community as WP Founder Matt Mulleweg announced on his blog earlier. As to the issue of black hat SEO, my take on it is that if you wanted backlinks in exchange for the free themes you are distributing, just put them right there for every theme user to see and let them decide to retain it or not. Putting them via hidden links so only the search engines can see (term used is cloaking) is just plain no-no. Benj might want to explain why he implemented this experiment.

Abe is the founder and Editor-in-Chief of YugaTech. You Can follow him on Twitter @abeolandres.

You may also like...

10 Responses

  1. dennis says:

    If seoluv blog could rank on page 1 for ‘Google Country Consultant’ how much more for Aileen’s. It’s not a difficult keyword to rank. Certainly Aileen doesn’t need those template tricks, to rank high, if she wanted to for that keyword.

  2. Marcvill says:

    I’ve checked my ‘Dapit Hapon’ theme made by and there’s no hidden links naman… hehe

  3. brVince says:

    Would this also be related with Google’s collaboration with I tried to search my name using google and one of my links is with a label: “This site may harm your computer” as if I’m a spyware, too :( Wala naman akong bad links. and it’s just new!

  4. Jaypee says:

    This was just waiting to happen. WordPress users should really be careful when downloading themes and plugins. What could be next? A trojan masquerading as a WordPress plugin?

  5. Jaypee says:

    Btw, thanks for the mention and the link love! :)

  6. Lorelle says:

    Where humans tread, evil lurks. Honestly, you are so right. If you want credit where credit is deserved, put them out where the credit is clear.

    WordPress Themes aren’t the only templates at risk. For many years, “free” template downloading sites have had problems with malicious code and spam links. It’s not new. It’s just bad form.

    Hopefully, something will be done to keep WordPress Themes clean and to identify sources of WordPress Themes as “good and clean” or “malicious code free”.

  7. adam says:

    Thanks for the info.

Leave a Reply

Your email address will not be published. Required fields are marked *