Risks of premium themes and plugins

The issue of security boils regularly high. If a vulnerability in a plugin or theme WordPress found itself, the update Marathon starts. Timely einzuspielen plugins, unfortunately not enough for some premium themes. The safety of various WordPress Premium Themes is therefore highly questionable.

Security problems in WordPress Themes

The themes are getting bigger and more extensive; a trend that I see as questionable. Often functions are self-programmed and embedded in the theme. I myself am not a fan of it! A theme should provide, in my view layout and design, functionality via plugins. This code is also reusable.

Free Premium Themes Plugins in

Some themes follow this approach and set of standard solutions such as a slider a plugin.This can be downloaded when you install the themes. Often the theme developer puts a premium version in the Theme. To avoid any further Koste, but the issues raised.

Where now insert the safety concerns?

The premium plugins are behind a paywall and can not be updated directly. New versions are therefore no longer reported in the WordPress backend with plugins as an update. We regularly update our plugins, but are nevertheless exposed to a risk, because we will not get any message, whether there are new versions.

Only when we know about the latest version of the communication, we can download the latest version. The theme developer has the license and thus access to the plugin. It helps to make contact with the developer and to inform him about it. Unfortunately, this approach is time-consuming.

1. Solution: Active Theme development

If a Theme actively developed, the developer can deliver new versions. If he does not, closed vulnerabilities over the years can already be left open since no update alerts are disseminated.

2. Solution: Plugins own update routine

In my mind, should the purchaser of the themes also be handed a license for the plugin and the update done directly via the Premium Theme. A separate update routine, as with WordPress, should be provided by the developer or by the purchase of either platform.

Themes with vulnerabilities by Revolution Slider

I do not want to list every single theme, as these themes have enough fingerprints to those found by Google and exploit the vulnerability.

Older versions of the Revolution Slider have a vulnerability can be loaded onto your webspace down with any file. An attacker is given the opportunity, your database passwords, etc. to steal with a single call. Currently, the version: 4.5.95-date and should reflect updatesare.

I have a vulnerability through Revolution Slider?

Whether you have a vulnerability, you can learn easily in WordPress backend your side.
Gets to the Plugins page on and look at the version of the installed Revolution Slider on. If the specified version would remain below the current 4/5/95: update immediately.

Themes from ThemeForest endangered

I have examined some themes according to the article. Older versions of Themes have included outdated versions of plugins. Therefore, it is advisable to check the plugins up to date after purchasing a theme. Often Themes are being updated, but forget the included plugins. I have already pointed Theme developers to outdated versions of Revolution Sliders.In the coming days the themes are being updated.

Add a Comment

Your email address will not be published. Required fields are marked *

Advertisment ad adsense adlogger