How to find and fix spam script in wp themes and plugins

“No Lunch Is Ever Free, Someone Somewhere Has To Pay For It” absolutely correct!!!!
Be careful while selecting any free Premium WordPress Themes because the theme can be no doubt free but you don’t know if its spam script free too. Else you too will have to invest your time in researching the reasons like me or recovering your losses due to these scam scripts.

In most case spam script are always there if you get a premium theme or plugin from the internet for free. So next time if you get any premium theme or plugins from the internet for free make sure it is spam script free, otherwise you have to pay much more than original cost of the themes and plugins.

As in the traditional way you go for cross checking the theme with your antivirus software and gets a green signal “No Virus Detected”,  you stop here and get it, but the reality is some spam scripts not detected by antivirus,  google webmaster tools or any wordpress security plugin.

Let me share my experience in brief. I got an amazing impressive theme used by labnol for free. And the offer for me no doubt was like a “BUMPER PRIZE” . I tested it with antivirus and Google fetch and it shows no error and according to me I became a saver by saving $200. I was really happy with the theme and was using it over my official website. But after one month i realized that by traffic decrease to 80% !!!

This was the time when I was to search for the reasons. Why is my traffic drowning with such a dratic rate… ? What’s wrong with the world???

And after my research I found something that shocked me!!!! Yes it really shocked me when realized that after few refresh my blog redirect to some others site. My website was being controlled by a scam script. But it was quite late for the losses that I bared. I lost my genuine organic traffic, business and of course the hard work that I invested.

This spam script was in themes header file which redirect to other site. So I immediately remove this script and back to my twenty eleven theme.this tutorial will tell you how to find and fix spam script in your theme or plugin

But with every loss you learn something. And no doubt I had lost my ranking but got some answers, and I think they can help my friends and readers.

 Why spam script not detected by the antivirus ??

Because this spam script do nothing with your PC

Why spam script does not detected by Google fetch ??

because it redirect to another site only after few page view .

Type of spam scripts in themes and what they can do :

Scam Script implementation can be done in many ways.
-Some spam scripts are placed inside the theme or plugin because for traffic and back link .
-Other scripts can take control of your site and these are much dangerous as it can destroy you website or blog.

Two ways how hackers place these scam scripts:
-The hackers placed spam script in two way either by javascript code or php code.
-Common and interesting thing in both is that in both the cases scripts are encrypted so you can not be sure what this code does?

 

Encrypted JavaScript spam script

encrypted spam script in wordpress theme

Encrypted php spam script

find and fix spam script in wp themes and plugins

How to find and remove spam script in wordpress themes and plugin????

 

Okay we need an IDE you can choose Notepad++ , Edit plus or Eclipse its your choice.

Whenever you download some suspicious theme or plugin extract it to your desktop.and do the following steps.

  1. Open your IDE . I choose Notepad++ because its light .
  2. Go to search and click find in files menu
  3. Now Find in files Box will be open in Find What enter the keyword eval.
  4. Now choose your theme or plugin directory.
  5. Click on find all.
  6. If result comes click on the link in result bar. You wil see the encrypted line in the line.
  7. Now Remove it.

Follow the same steps for the keywords curl.

cURL is a computer software project providing a library and command-line tool for transferring data using various protocols

curl has no use in your wordpress theme . Although some seo plugins use curl for making connection with remote server.

This method no doubt remove the encrypted script but my recommendation is that use genuine plugins and theme.
Below is the simple video of this tutorial hope it will help many wordpress users.