Security Issue

If I buy a theme vetted by ThemeForest to be free of malicious code then immediately after purchase I have to bypass ThemeForest and give up all my login information to the “creator” seems suspicious to me and I believe is a security issue that should be refundable. If your product does not work right out the box with all server settings set to your products specs then I should be able to get a refund in my opinion. Am I wrong?

Loyal customer for over 10 years.

Hi @klr454,

Envato have a very clear refund process in place, as outlined here: Can I get a refund?.


I am aware of the return policy. I am challenging it!

I would like to recommend please open an Envato Customer support Help ticket and let them know.

1 Like

Thank You I will.

1 Like

If it’s server side issue, you need to configure the server. You cannot blame “the code” if your server is not running properly or missing extensions.

In addition, you will need to make some afford to make the website look like demo, if that’s what you mean by “out-of-box”

By the way, what was the item? WordPress or Magento? Or something else? Are you using GoDaddy hosting?

Your whole question is weird:

What are you trying to actually say? It sounds like you are saying the script you bought is filled with malicious coding??

Look the fact is that you say you bought something which presumably when you tested it on the demo it all worked, and then when you installed it on your server there were some issues. If as @ki-themes suggests, you are using some sort of inferior hosting supplier, then maybe the issue is not with the script, but with your host.

If the author is saying they will help you, but they need access to your server, then again what’s the problem? Do you want it sorted or not?

If you advertise themes that are free of malicious code and theme forest checks them to make sure there is no malicious code, then OK, I buy the theme free of malicious code. And just to install it without errors I have to give up all my login credentials to the creator/author, it seems to me that’s an easy way around the vetting that theme forest does. I don’t know how to make it clearer. Its an security issue!

I want to sell themes to theme forest with spyware or some malicious code, how could I do that if themeforest vetts the theme for malicious codes??? I send themeforest a nice clean theme, themeforest says yes the theme looks good and is free of weird code, here I come along and buys the theme free of weird code, but for me to install the theme correctly I have to give up all my login credentials to someone that could possibly put malicious code on theme? Its a security issue that’s obviously never been addressed,

I give this error to the author but instead of giving me solutions that I can try they immediately want my login credentials, are you really saying you never seen that error before and have no solutions that could be offered?

“”“”…# Installing Plugin: ModelTheme Framework

Downloading installation package from *** WEBSITE DOWNLOAD LINK URL REMOVED ***

Unpacking the package…

There has been a critical error on this website. Please check your site admin email inbox for instructions…“”“”

Also I am not calling any author malicious but the potential is there, it is what it is and I want my money back, that’s all!


So am I correct in understanding you are talking about the IBid Theme?

@modeltheme is a Power Elite Author and they should be able to help you with this.

Yes, they should be able to offer copy and paste solutions without my login credentials? I guess there are first time errors but I highly doubt this is the first time the author has seen this error. Why not offer me at least a couple solutions that I could try before immediately asking for my login credentials.

I am sure its because the author is eager to help me with this problem but I would rather try a few solutions myself before I hire someone locally that I know personally to look at it. It should work out the box as stated, if it doesn’t do one click demo like stated then the product wasn’t as advertised.

It’s because you’re having issue on your current server and the author is offering help to find the problem. If you don’t share the login details, it’d be hard to “describe” what you should to to find the details and it would take more time for the “item author” to help you.

As it’s WordPress theme and it should work 99% of the servers without any problem, as the source code is being checked by the Envato team, if you’re asking the author to help you, you need to share the login details. If you don’t want to share it, you could contact your hosting provider to get the details about why the theme is not working, then you can forward to the author

1 Like

I think @ki-themes has given you the best answer for your issue/enquiry on a forum - as they said the author if given the login details could probably resolve your issues in a much quicker time, than explain to you what to do.

I understand your comments, but listen most authors on the platform (and I would say a very high percentage) are decent people who are here to sell their digital goods, and if needs be, sort out problems.

Hi everyone and thanks @ki-themes for taking the time to explain how a normal support situation should look like.

We got a help ticket by reporting the same problem that is being listed on this topic and our agents already requested a bit more details and of course, the WP credentials to take a closer look see what is the problem.

Since we use a paid third party platform for our support center and all the tickets are private, the credentials are 100% safe and we never store/save or use them on other purposes. When the reported problem is sorted out the client can remove the access or simply change the password.

It is our duty to try and solve any reported issue and this is what we did on this case too.

Hey @klr454 you can send us the credentials in your private ticket or simply let us know the error received on your admin email, as the message says:

There has been a critical error on this website. Please check your site admin email inbox for instructions."

Looking forward to your response so we can sort this out quickly.

The police policing the police! :rofl: