Premium WordPress Themes Free is a Scam!

| April 14, 2015 | Tips & Tricks | No Comments

nulled scripts cryptoPHP infections scam site screenshotAre you looking for a premium WordPress themes for free? If so, you came to the right place. Not because I will give you one, but because I am going to warn you- Don’t download it! A lot of webmasters are putting pirated WordPress themes on their blogs, and their servers are being hijacked, and crashing. From what I could gather, it happens 99% of the time. Any time you see a website claiming to have a free download of a premium WordPress theme, it is a scam! Don’t believe it. Oh, you will get a download alright. But it won’t be just the theme you so desperately think you need. It will contain malicious PHP code that can and will take over your server. It’s known as nulled scripts and cryptoPHP infections. Please read the rest of this.

What are Nulled Scripts and CryptoPHP Infections?

Nulled scripts are scripts (WordPress themes, plugins, programs, apps, etc) that have certain parts of the code erased. Usually PHP calls are erased and replaced with PHP calls to a different home. The problem is, they don’t just erase the PHP calls like you think. The word “nulled” is misleading. A PHP call is supposed to do something good, like verify the integrity of the script, or update it. Anyone with half an understanding of computers knows how important updates are. So even if all they did was erase the PHP calls home, you’d still get hijacked when your pirated theme can’t update. You can’t win with a bootleg (or pirate) theme.

But they don’t simply erase the calls home. They replace those PHP calls with PHP server functions and calls to malicious servers (cryptoPHP infections), and that’s how they hijack your website and your server. Not only do you lose your entire site, you cause every site on that server to go down. So, if you have a shared hosting plan with a bunch of websites on it- you lose it all, and all the other sites on that shared server that you don’t know about. According to PcWorld, over 23,000 servers have been hijacked by nulled scripts with cryptoPHP infections.

CryptoPHP is a malicious script that provides remote attackers with the ability to execute rogue code on Web servers and to inject malicious content into websites that are hosted on them. What they do is, hijack your website, so they can give away more premium WordPress themes free on your site. It’s a viscous cycle- they give you a free theme so they can hijack your server, so they can give more free themes, so they can hijack more servers. It’s a snowball effect, just like that old cocaine commercial that said, I have to work more, so I can buy more cocaine, so I can work more, so I can buy more cocaine. I will never understand the mind of a hacker.

What to do if You Have Already Downloaded Nulled scripts:

Delete them all immediately. And if you have any installed on your website, delete them all immediately too. Then, go through all of your pages and posts and delete the hijacked pages. But if you only have them on your computer and you didn’t install them on your site yet, whatever you do- do not unzip the file on your computer! If you did already, it may be too late. The sooner you delete any pirated software, the more likely you can remain safe.

If your site has already been compromised, you may find pages with free premium theme giveaways on them, and other free software which people usually pay good money for. It might be Photoshop, Joomla, or just any premium script or app. Delete them all and maybe you will have a chance to recover.

I saw a website for sale on Flippa that was hacked by one of these. All the files were corrupt, and I couldn’t even access the site thanks to my anti-virus program. (Whew.) The seller explained the fact that he was hacked, talked about how much traffic he had and how many years the site had been running. The only problem was- the site didn’t exist any more. The files were corrupt. All that age and rank went down the toilet. He didn’t sell the site because his price was too high. He used to have a great website. Now all he had left was a domain name.

You Don’t Need Premium WordPress Themes Free Anyway:

There are plenty of good free WordPress themes out there that are even better than the premium ones. It all depends on the designer. Some theme designers are better than others. So what good is a premium theme from a sub-par designer? Take a look at Customizr WordPress theme for example. It has so many options, it’s sick. I like it so much, I use it on a few sites and they look completely different from each other. Plus, I wrote an article about Customizr WordPress theme. You couldn’t pay me to take any premium theme when there is quality like this available for free.

There’s more too. Magazine Basic is another free theme that’s loaded with options. It’s not as loaded as Customizr, but it has a nice news/magazine look to it and it’s easy to work with. But there’s a lot more out there. Don’t steal a crappy theme that will ruin you. Get a free theme that will help you.

I would name names if I could. But I don’t want to download them to see if they are hacked. That’s why I say they all are. Just stay away. Here are some red flags you should steer way clear of:

  • The domain name has the word “null” in the name.
  • The domain name has the word “share” in the name.
  • The domain name has the word “files” in the name.
  • The site requires you to go to a file-share site to download it.
  • The download file ends with .rar
  • The download link ends in html

If you see those things, run away. Then go download the real deal. If you can afford it, buy it. If you can’t, use a free version. They’re pretty darn good too.

Tags:, , , ,

Related Posts

Add a Comment

Your email address will not be published. Required fields are marked *