CryptoPHP backdoor in pirated CMS themes & plugins

A backdoor that has been dubbed “CryptoPHP” was found hidden in pirated (“nulled”) themes and plugins for WordPress, Drupal and Joomla.

Discovered by security company Fox-IT, this backdoor is primarily used for blackhat SEO – injecting hidden spam content into the website for search engines to read – but could also be used to take full control of the site or spam/attack others.

If you have a website, make sure you never install themes and plugins from untrustworthy sources – especially pirated ones – because they can contain a backdoor or virus. It is much safer to install from the official repositories – e.g. – or buy premium plugins direct from the author.

If you are worried that you may already be affected, Fox-IT have released two scripts that can be used to scan your site, and instructions for removing it. Note that simply removing the affected themes/plugins is not enough, as the script may have created additional administrator accounts which must be deleted. You should also reset all user passwords.

About Alberon

We have been designing and building bespoke software solutions and websites for organisations in Oxford for over 12 years, helping them to work more effectively and realise their full potential.

Our friendly, highly experienced team of web designers and software developers are dedicated to helping our clients achieve the outcomes they want. From web design and development, to complex software solutions, we apply our creative and technical know-how to deliver the perfect solution.

leave a comment

Your email address will not be published. Required fields are marked *.

Bloomin’ marvellous new website Santa's little helper