I took over a website from another developer. The website, specifically code inside a .zip folder (required plugin) of a theme contains malicious code.
The way I see it, there are two possibilities:
- The theme was pirated and the person distributing it added malicious code
- The theme is legit, but the website got a virus which infected the .zip folder
Is there anyway to tell if my theme is legit / was purchased? I do not know the account that purchased it.
the best way is purchase theme from your own account for your website and give the theme to your developer to work on. If the theme purchased by your developer then ask the developer the purchase code for the theme (if purchased from themeforest). For each purchase envato/themeforest provide purchase code as a license code for the purchased item.
Unfortunately the developer went AWOL.
I am assuming there is nothing in the actual code that could give me any clues as to the authenticity?
Are themes related to a domain name at all? Or is it per account?
most of all theme has it license registration (theme license activation) process using purchase code. If customer will register then the theme will be registered under the domain you are using the theme. Each purchase code is unique and can be used only for a single website.
Okay, is there anyway to check if my domain has been registered?
I don’t have a purchase code
In this case have to contact theme author but definitely from the original purchaser account. Theme author has own database to maintain registered theme. Thanks
If you don’t own the license or have the purchase code, then unless auto updates are already setup (seems unlikely based on what you are saying), then you will never have access to future updates or support - it would make far more sense to buy a new license and have full access to everything
That way it’s guaranteed to be legit, safer and no risk of problems if the original developer tried to reuse the license again
I agree it’s safer, but I was under the impression purchases were made per website. It wouldn’t make sense from a financial perspective to buy it twice for one website.
I don’t think auto-updates are setup. I’m not sure how auto-updates normally work. Are they setup for all themes after purchase & install? Or do the theme developers decide how they want to deliver updates?
For now I’ve removed the malicious code from all of the files.
The issue is that without access to updates and a copy that is defintiely only being used on your website then there is lots of valid reasons to buy another copy e.g. it will be significantly more expensive if you need developer help to make even basic upgrades that would otherwise be avaliable to buyers.
Auto updates (when possible as not all themes have them) are done by adding purchase code to the admin, although the actual update process/frequency is dictated by the author