In this article, we will explain the importance of understanding Nulled/Cracked plugins. Essentially, it is something detrimental to not only your websites by exposing them to malware and backdoor hacking, but to the entire server that it is hosted on. That is why we are very strict when it comes to searching and finding such plugins. More on that can be read from our Terms of Service.
Use of NULLED/CRACKED Plugins with WPX Hosting is strictly forbidden. Usage of those plugins will eventually end in a blacklist to the site and non-refundable termination.
Some commercial plugins and themes can be found for free on seemingly legitimate websites where it seems safe to download. Nothing on these safe-looking websites appears to suggest that the plugins or themes offered there are infected with a very powerful backdoor script called CryptoPHP.
What can CryptoPHP do?
After being installed on a web server, the backdoor has several ways of being controlled, including command and control server communication, mail communication, and even manual control.
Backdoors of this type are mainly used for illegal search engine optimization, also known as Blackhat SEO. The backdoor is a well-developed piece of code and dynamic in its use. The capabilities of the CryptoPHP backdoor include:
- Integration with popular content management systems like WordPress, Drupal, and Joomla.
- Public key encryption for communication between the compromised server and the command and control (C2) server.
- The backup mechanism is in place against C2 domain takedowns by using email communication.
- Manual control of the backdoor besides the C2 communication.
- Remote updating of the C2 server list.
- Ability to update itself.
When installed, it can integrate itself deep into your website and use its functions, code, and database. It can add additional administrator users, add/delete/modify the content of the website, change your website’s settings and do anything you can or can’t imagine.
So we HIGHLY recommend ONLY using plugins from TRUSTED SOURCES.
Here is a list of some of the websites that distribute plugins with CryptoPHP backdoor:
The following websites host the actual plugin and theme files used for direct download:
If you have installed a nulled plugin or theme from one of these websites, your website could likely be infected with CryptoPHP.
The least you can do is delete the dangerous plugins/themes, check whether you have an additional admin user added, and ensure that all your websites look like they should for search engines.
You can do that from Google Webmasters Tools → Fetch as Googlebot.
For more detailed information on this topic, read CryptoPHP-Whitepaper-FoxSRT.
Make sure to stick to the original source: WordPress and trusted partners
- Downloading plugins and themes from the WordPress Dashboard itself;
- Making extensive research on the plugin or theme as to when it was last updated, is it supported and how much downloads it has from other users;
- Another extra step is to check online on forums for popular user opinions on the specific theme or plugin you are looking into, to make sure that you do not get scammed or hacked.
Have more questions? Contact the WPX Support Team through the live chat widget in the bottom-right corner, and they’ll assist you promptly, typically within 30 seconds.