due to some security issues at my WP installation I have made beside other things a theme check with this plugin: http://wordpress.org/extend/plugins/theme-check/
And there are obviously a lot of issues with CORONA; I’m mostly concerned about the red “warnings” like
... base64_encode ...
in avia-export-class.php for example, fopen, fclose, and why is there a hidden file/folder “.ds_store”??
It is in the original CORONA files, freshly downloaded at Themeforest.
What is there to do with all these issues concerning the security?
(my WP has been hacked by the “pharma hack” –> http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php
And this although I have installed Antivirus, Limit Login Attempts-plugin, several WP security plugins, using strong passwords, having no “admin” user, protecting wp-admin and wp-config.php with .htaccess and having the wp-config.php moved above the WP installation folder etc.
So I’m currently checking all security vulnerabilities in my network – and therefor I’m worried about the “theme check” of CORONA.
Any suggestions for this?
Thanks a lot!
Here is a PDF (600 kB) made with Fireshot of this theme check:
The dst_store is a file created by apple. Since Kriesi compiles and works on a Mac it gets added in. See: http://en.wikipedia.org/wiki/.DS_Store
There was a security fix in the most recent version of corona (1.4) so you should definitely download it and update. You can do so by re-downloading the theme from themeforest and then installing the theme in the same way you first installed it.
The topic ‘Serious issues in original CORONA theme files – hacked WP installation’ is closed to new replies.