An abstract digital artwork representing the concept of website security and code analysis.

Tracing Irresponsible WordPress Code

Throughout my career I’ve handled plenty of WordPress websites, tackling everything from malware recovery to bespoke customizations. In my free time, I do some freelance work on job portals helping others with their WordPress installations, fixing their bugs and errors, doing migrations, and post-hack malware recovery. This lets me hone my skills and get exposed to more interesting possibilities, allowing me to make tools like WP-Narcan, an automated post-hack recovery script.

Today, WordPress powers an impressive 43.2% of websites globally, offering vast customization options. Sometimes, I come across wild cases that really highlight the power of open source – though it can be a double-edged sword. I think that’s the cool and fun part about working with WordPress! Recently, I encountered a particularly intriguing case of irresponsible coding that offers valuable insights for both developers and clients alike that I thought I should write about.

I came across a client that reported a caching issue where updates made in WP Admin weren’t visible to site visitors. I diagnosed it as a conflict between WP Rocket and Cloudflare’s settings but was shocked to find the client didn’t have access to their hosting account or their Cloudflare account. The client, who only had domain access through GoDaddy, had hired a non-responsive agency to create their site but the account details were never handed over to him. Without hosting access, we couldn’t resolve the caching issue directly or even ascertain when the hosting account would expire. Though proxied through Cloudflare, I was able to obtain the server’s true IP from WP Admin which led us to a regional host that would tell us when the hosting account would expire but understandably not grant us access.

To address this, we decided to move the site to a new host and set up a new Cloudflare account, since we had GoDaddy domain access. This, I anticipated, would be a 20-minute job, starting in the dead of night, using Duplicator Pro to create a snapshot and move it to the new host, then swapping over domain access to our new Cloudflare account.

Unexpectedly, the site reloaded with a plain text message that read, “Keep on copying, maybe one day you’ll find your own creative spark. We’ll be cheering you on… from afar”. This message rendered all pages inoperable, appearing everywhere, even in WP Admin. I tried disabling all plugins and doing a clean install of WordPress Core but the problem persisted, pointing to an issue with the theme. Switching to the default Twenty Twenty Four theme worked but the site would not look correct. I started poking around the migrated theme trying to see why this message was appearing – especially since the plaintext message wasn’t on Google at all.

Upon inspection, the theme “SWE” was created from the vendor that ghosted the client. Having worked with enough WordPress sites in my life, I quickly realized that the theme is rebranded Salient theme, a fork of v15.0.7. A quick grep through the theme files yielded no results of the plaintext message, suggesting it was encoded. Since the problematic page was completely plaintext with no HTML tags, I suspected it was the code doing a die() somewhere, but grep didn’t turn up anything suspicious either.

Moving on, I searched for eval() and base64_decode(), finding three suspicious files in ../nectar/helpers/, “header.php”, “footer.php”, and “wpbakery-init.php”. I pulled a copy of the latest Salient theme to compare the file structure, which matched up, except these three files were completely encoded. Tracing the theme’s functions.php by essentially placing print/echo statements all over, it was clear that if any of these three files were called, the page will only load the plaintext message. Three different declarations, talk about redundancy!

Here’s a prettified version of wpbakery-init.php:

<?php

$__ = "printf";
$_ = "Loading Class/Code NAME";

$_____ = "    b2JfZW5kX2NsZWFu";
$______________ = "cmV0dXJuIGV2YWwoJF8pOw==";

$__________________ = "X19sYW1iZGE=";

$______ = " Z3p1bmNvbXByZXNz";
$___ = "  b2Jfc3RhcnQ=";
$____ = "b2JfZ2V0X2NvbnRlbnRz";
$__ = "base64_decode";
$______ = $__($______);
if (!function_exists("__lambda")) {
    function __lambda($sArgs, $sCode)
    {
        return eval("return function($sArgs){{$sCode}};");
    }
}
$__________________ = $__($__________________);
$______________ = $__($______________);

$__________ = $__________________('$_', $______________);
$_____ = $__($_____);
$____ = $__($____);
$___ = $__($___);
$_ =
    "eNrtXVuTosi2fu+I/R/6YUfU7NgnZnMpZ5fR0Q9CK0IpXULJ7WVCoEQUlGnLC/z6s1YCihZoYVX1nDMjFTO2XDJXrrVy3fJL/Pw5Pf75Oxxfb6If/vx5fPOFfM2Orzd8MFou/8Mv3KfPcqvf/ky+//rrrzdfPmWPf/7Hp+vf+/99Qjl8fsfj64szNwbdXJo67VtC++sNObWX6quOTFe+fr4e1+N6XI+/5nHjhBrlGtJKFDTG1DcLqdMcG/Hsv6nRBKuZmuvfr6y6HtfjelyP63E9rsf1uB7X4//bcS1nXI/rcT2ux1/3uLFHy6ffbn93n5yF+3Tz5cqR63E9rsf1uB7X403HEYDAv/vj3lt49z6XuMzQ02iON/XnwJnPPEfozC2V8109WFqCFotCsBoZSmTq2+gp7FAjvbni/dYf+J/Y5jamLv8wdTcQO7KhqK2kN23di/zCG3Rl2pxzE5N5nljQx0jQlg6052xIvy03hH8zwdr2W9s+f0tje73N4r4X33mKMYlcnossH5+XA4eVA4vnZiNDCkxWWT4NIrjWWoh82wMaw5HegOueJ1EdfkhznNb25iI/8+5V7r+8FwRPQkB930RNPgzCe14ZDylN1Waaqsfuo6JJOvw3HgyV9tB3XfGR8vuPbbY3bcdA17av3lJ9VYyeGCWyVM9XGS1weA7o5qY2yzWg73mP555NI/CBb2s7HAJNnYbYDdau6i5tnkP6ZuS7IXo2665EQY4tHXhpWIHYlTemIf3o+ZxhpfdjO1PgV+CEwcqKuYbNDj2buV31/FvPmktrW+UmVtiJe74YfWcpGONi3Yu5R406lOXI6HsgH9IP0Oi7xsBzhUkmK6Rfgv65pau7EYwncmJuZbODFfJJBH6azHYCvB9bIA+HVZJ7vjXftx/oIwNkrG+/2Qy9sUFGzqzjw30x9inFrUjkzVAUlMDCcegDkJcLNGpjbSYDv+Whqlmd3X0gy7L+hrTbMSh57YTDgkwX97yOsmxNRMGi7VAmemkw2i3QRDmxN7dDbeoKndhgranBbCNzLk2A5rHJdCj87rCD+b0KfXeX97zaAr5qK9CtCPjsveLZRUrHzBP5lkc+uxR8Bk2gTTJ1ZWYwHWgD9dubu6E8NkMtRH4bDM6nAehMq0CjuzHDzg/LkBoGg/zq0HZXGdt6Z+PETvR9g+Pdj1MUGjgPJk7QZB1BmowYLX7SmjNLtyauvgUa6YnT7e9pbC0kkecYk26CnsK8gT6dsNO4J+dbksQ0JrYO/P1G/VsUtATuW7gCvTToO5SZZIeNwPE5kPOWtvVbQrvDugHKrrdrA3jEZG3wLvY1Te9vjEH/V5Yhzvf3BnDtNr83MpnmqmcAD3w6tlmncJ+8NA05gX6aD35rLsUbIitedVmgf4P2xKi+B/poUE7YXAIPvYfHW09igIfCptB+Z2kLTdbSlTHSALKIQCbQpra0dDqw54OMJ9bE7spBga61PVfgujK29G1g69rK5dM+QHZL4MMy5ftsDvp40HZKJ0c5c63QnhI4jByPDI7IN7sHz41HXeXZ7jTHZC4IW7CHQy9tD/vkAlvQni0dxhlzkT2XI0sYpnMc7Db2B7ZmbXe1Z9t3lsBrtPc4j3b0gb2H+Upn/ONAz6XJk+qlPBwER99nksQqDUfYyTkA2iKLd/L2JOD7AmzbDO1i1TiUHc84SeFL6cJ20C5ObK25AvqCXL7Ab9CnwU6GQNPcQp1lpcjpkvmb0gZ2Fe2nK5iLEp3uoPxAp3f8E9tBW+Qn321WCb77YM/BxkEbNNgdsKMDYktdvRE5hga87awsnE/gE+ETfRTYJ+g7dID3d96D0PZGXSmwppQvGX1f7MJcDd3A/Ub5BiMtTb3xQ5w22D7T9xyWC0wmAB8hT4i9mG7W5uNt1DuSl8g76x7rsm4Mz7Ey+IcmyLW/Al147oEtsNj+2jQUmPvgQ2AupnJpgD1tHfD1Xt28VrYU2GEKbDfw6JDf4JsmloC+KdN5QwY7OaFskI0Rox/Wbt2uBLY5nZtgr4h9KbMb2F6mg2M77Dxbaj5XteV+bm8KNOJc1IIX8x2vvXYewThtmCfYL/B8CjZz4qA/B3tBdEHYzX/w5UFowTzC83Z35vXQ9woDz0T/KXQS9Jmon5lOwH0W6hVlw3zEGAbjBBd8ks1Q3oCWH3vl87COXKbER+pK5ArN+HD8kwB8D+phlS3/NqQhJgibt/CcJ7Eyi/ze9419gQ0AORhFn0D67B/OOVaCeKZV1U8bdCKywJc+sqkswAa/ddwzsOUbC+w12rI69kZjgpkrePX0j3Ujq6ssqnWPe0Evrx/zwdnu7W/rWfzWXvcfxQM60rE5217SPpBlSVt7Wz7vgx624Bmzoi2zKCvpxfxM+uhDIO6jQS4pXfKhHU55kKTnd7weBC94K/Nc7ucTkae8vnqXHOpWOk+z86fGRx+Nj8548qItWb3b9v0zdPkv6Ior6DrHd/aILraSrvg8Xd+P+eVX8Ms/y6/GEV1JLxmU6UN6/qQ+tDcveV+qW/R53Wpvj/W0n8mrRL9eo/fw7AtZbitkuT03h/r8MJs7w4q5MzwzvsFGUnHOiGtZLRtTev6kbk5bARlHfEeXjiM9f2oct9k4qIpxUEfjiGrYbhXGvAFfmJD8tN3ckLhk3q+0n6Xx18t2HzFWNtnBzvaI3dTGVvlEsO2JK2QxeGoj92NS9/dBnBibxmxReI56MrhdjJD3ZzDN0JrLgVszXh2GWuII4MOYgIE4ICC+sFYsU9rvHPwZ7fAVMRQtQT/cGmN6F2LQc34U2pthGxDzpvLyq2IzGOtcS9ydHcKcpQm+RYmsEGKXkMTlKM/Agmsw5t8so78S2yTniW1m47mpP12KQj4ubmKHA88Ng2SkS5EtBNSTyiUWxKPIVycuzxkLMizkkVECeXdkGU7u93WTyuxJkJ7P7o3uHyF3994lt1VJ3llCYy9uFu8hcxLOzyFfT/axgjU1cE7RzSi9dyfn+S5X6zR3uUamZyHkD9DGLl+NHJIzNyhTD0i+nOYxSuzqhXxSl3eyzfLoZ5fl/J4B/cf7fl1Gg/hrkvUFNvhba7PjMSsvbNYdO4xGuRjHQzwJ/Y5R5pBDBBX0vU6/aA7yGzkgPoDkyBBD5/let++BPoCOKJBbKQtL5TJ+cXEV//N4NM/hj+f6ublfli+ezV9o5OWfnpuu02dAf3nCH08dDmAe0pMRA7kLCzmJmuYYkIPQdhhsUU+yPCQ/v8tR4d8V+ebCgxzVu2/TtAO22Q6bkP9MJmhz4F7IbbXkXn2Ri95B/kMBD+aWMWiKQdOHXGg1isVd3gvzBrJVZ+UmcmIykzXYmqQXgk6oTdBvN+kxHQrmxNwWmr6Z8m0Fud5GnAKP+BKZMFvQleWhr+PR35J8+eJcCnRhOmKk9VPdGobRoU19g3XtbJ7VyqcCx9AwR4d+gvmo+wqdKbFdls9l9GuzYswF9jmvI4MNHpCahHVE7wmfizpD57Ytn18l/VvgF0piD7eB5392jjfY18SwFh1lNqrW/C3Y6g3o8zSvARZl44YdiCVyf3Loa0rjRSqv55bG5qdjTVpZO2V5GZuePxVjPurBzBK2QVl8ae+vnYgxXd5mFaxblMnY312rijHrx4Ql8uPYkaEsRhCH7PPVs7HEeZ/QldaOoKxdoKteXWs/xyyms6k55+cQn9TSJSnhNk9ZfCglB8/CtU7hWvvomlS4Jh5dkwvX+kfXlMK1wdE1rXBteHStvXG63i5O7x/o5mzefyw+2z7MbVTIybrcbS6b/vR4nCJdaDs+zK2g7QMe9TdHbSeyUWj7RE7ksMpsd9+hL3hl3CNjfDcF/UU5eyZuT2O0wC7mrqBbYhdji7frsIm1PuYZ5qFXU4eVyGE6Pql/hk22pg7PRoY8McNtUFwjKfSP65B5vJzaWDWtj/a8N/q3NF4kcZALtsLgXYhTcP3SgvEEZDy4dkfWProcDTRGZsylsSbkKfn6K8jEh/spS731dL2JNaeJTdbBA8pkPFLrh9h+Ooohp5nPoL0A8rjbynyvdA7zL/2TDva1zBY/kfOX6QDYy1tXgJxI385q1oE7T5BXHNew68YwMLbs+YvmC/UEth9kBTGBEpmstjRBPmVrWwe5qbBtYO0E11hFIV8z7ntpvp3moXBfaKGsIe4hazfoP1jIeYXmM+Sxj8P3mH+snMAcgPkAvrhurELLj6C7JOasFZ+wR2shjAvzQdtUxqgg95Hurs7WcF6bh2NeRL97Dn5mXflVa8UexiSQP+znRkjWXUnMUFgTflWOXSNn/4iceHqSH2/Mhy/2G7QG4+YYpNOOOR9xP6SOqDdmD3E9PXZDiD/15tgMnTfnPT1+RxM70rfL1CcArTrYcchr0cfBOcQhkXob2IdVtZ0rXd8p4QXE23FZXE7OF9vczzH9RXw3d7vBZl9DUgKwyZCXg1+tmYuiH9O6GuZ7S7jvR007nvKPbvoW3aSdcFMdo/Luwu0qGydZ5GvRDbA/lKtLQZbbs6ahTEffmsyDvpXVYHI76kjCY9L5UbRbiPFC3JZpaEt3Lz/su/Za7gD9QAd8u6aAz4cYAPFq8e2pWvUG5jPoX2P6pJbPIXLfEa5DQlsoaGuDkeaHMaa7glxoDLHQxu3OyuzJgV/5GbnwkNSgt+BP66557sdopLqyBP9++7Y1UPc72NvSPPRM/vk4Ap5CXFeWf+7W6ns6vXYJTu50PqxBfDfi0X4rpbTs4w762QY+QOz0DHn7zCrmG+pl9XaLz2JhYTt54jlij49sUlqDP5UbXHX3jO5e9fXP0dfW4jFsUtbjwlN1E+JwiLl1OsX8GsV6M/HVxXZTf90lccVBPAF58jPBFAtWjLiZkjg2OlG/hHFC7hCCTwnlRqXcVfcotquMSzAGxVj/GeKSRhl+78DP18khDAXiUHlhMOl4a+Zwkq0jVrte7OXs5tdknMnphL+/KD7b1fRyPcgwy8+IWTJJjIJ8kRofIUOnaD8OZNhYk3ge4oncdrpdibYK8dHPjtsKto7ME0sfXGzzDFYG36DNjMzWn8LM9dVb+hLcnAJ8xrzaeUk3xNm4N+DOu28Dn4Xhb2J7V/f2Mp0i9gD7Rrw85uSH52cf6veq4pkP9IGX4yfpPa24VohyrRnT7+1sp5k4ghZYHYjvD+s0B+s8UtJeHdRWX+0vsCajxaSOc0Qz+AeyxljA1bZzjLrYTXUSbH0ifsO+N56tY3304HxUOW7UWfB/IN+Vyc6qa+jHWO4ib47q1Lj2eYmdx1oDYvUNBnxnp0nwmabeiGw93S9zz+d1g9br7QrBvwa163pFPPMF9bxjLHepDsCcj0doC3yvWh8KGFp1ONjbBeHk+rVnkr0yoANCAHFAZwpxTpzOFcTUtnDdeYH1vQdVhFwba3yd2GI06kGVwG9vJ3a49B/mToK1XwdrBLoV4b4NlMMD35w8+LPj/N+T4rs1ZLNsD54Dm7ewGdwz0ICYjQKaO3Mnbk4g7x1bzHZtgo6jXHphJ0Hszs/2GQrYFCc8rnvWxylkz1/k32EsS5Adtg18lWmY83FpbQv3bOlWaBkS7pVYPiFuTiDx5TE2PJO7FCDWGuzvGuY/RdZLBJl2WAXjB8QuV9VuaswrOXHoZgA6RdmsWHf973EYc2ntrBb+Sz6ukZ/GflHoj4O57XMPGQYkefu4ldhmuRnuP6tpU4yRrkAuUrPGl2Ou37J2nrT3WMEM91mBI01x1SfbEl9inivaks9gePvxCzwqVYFHpc7gOKmXmO5+BS61f2Z8w6PxDauw5vQrMLfMS7qqcOvn+O4c0eVU0cW+gq7bI7riCn7F5/k1O6KrX4GB75/FwPcfWy94X65bw/O69dg+1tNtFd4c7n2F3rdL9g20q/YgnJtDGfa5XYF9bp/HPn/LsM9+BfbZP4t9ZjLsc1KBfU7OY7i9bByDinEMDsdxWEf5c3C7e3zBDreb2dgT6xkyZe1xF+t+YUx1MHL5Pk6bsULEjNb0Hwd4chux1DXXi8r7Pb32eYDZVs/60TrrDX/gfq79vh4uhDjiYJ8Y5D8gT4L9gDFHEKfeegSf1pXWNql7oT+FfCcbV76fcGTIkRkGy5GhNKCNwEWaQzc5u2dsr5/z0Vweu5BzuvmeV9qaDjJ7oqXn03v5WbqvGJ7P85d7/qjGArnxXg5lPC7Hj1Tiowv45Nfti33lPuHL8MxTvGZBfpHXFErxXmlMW7E2fbj3OONjZPt0YrMSZeoSxMl0oUb1oevGH4ehvhQvl+KoE9D7wBXkRc18NHT17dJ4l3147q7ucEldP6c/rXeXrfvKFL6O3GQm4wxTVaO9FLOyr+efb99gCnp5Ej+aP+dl6+DEzuz3ufKTlR3jOzyUWbpPY1a2drGTX7bHYfc8yGuNdUfU0cP85k3+bdcf0iQKu5p/Yc3hmGf7NQh8/4SFa9ACYqJp0AvyTgvEjMUjGCtZlzIkyEXJ+0XQ35B5VbRFiH+H2AvyPMQcWUuYV7/BucgSgOe+SPbxil2cb2AT50rjXr1iUq+Y1Csm9XJMKnkvx25vAqEnuatZY8E2tuPCfozasR2uX2ZjwPcNZVjTkr0Ucw3P5Xs3/m/iiS6v93zb6UaXWyNWNuVZvfcF5G0YbBrDZOsyZ/eZfPCehqHNtsp8HEXOn9zHATrZxTpkiZyY/bVT9A9z33TSx3vvuaciqyOU76nAmOAj1mDJ/Cjf2/Rx67CMDP3JP7J3W9RaMyF7sfbzue57SraujmsCk2Ckuwv3EjtNBSHE+IR+glvcy62AaST7bPG9IsERvX9B+5PFp2+yP1mM+o72R9lhFkt4dQ7PA3Fsmd1y0/OnbJYMOd6sAlf0vLv2nrZLfWt96qX8cK+/CzF0MfZ4j3fhXLp/UzNksncE8QFH2Kb/XIyfjd8895c7moBfGBMhptU1yPsPcQ8viUnI/pS0/gX53F9ub4oF4xoiplgUXu75rYdh1WL7xJwHWii3yyXf/Xz9F/cIERxx9l4td4J56ANrNu02fa93J4vhzHro68vjPU+zAq4hkx/0Xd93c/huqWM898/Fun2Uf77YHwyKeI3L9hm44wpc2AX7eRv4js8L9vLKEfB0aZXa4F0959nWm0xqt076BANjOHwvofVqvCmdY0nL5FgPb3+A9SH2+MgmpTXxj4ov/w66e9XXP0dfC1g13GeE9dEoxdkSnNIOU5T66mK7qb9GX32MlT7CwZa8G2+2+gCcW3lcMkjXXj4A74gYqQnWqMtwxedrQDsM9KU4xyjHQ1f6+/hNNbRcD0KQ67Mo0IghmmCMkr4f+ENk+O5YxQ+M2wq2jksxp/zl2PQUV6yMU1t/dwqjvu1Nh5fg2PL37Gxe0s0Bj+DZwt4GpbBfLdUptAct7BvycxrzmoPz9+pH+r3KeObvg3M/2sv098W4vzuuPdvHzY3T95gTvOTEDsE+G2Q+LfL3YRf1+i/8Hq783VtXDPP71Fvb+TtEStbTz8tWCBKCq9CaL3EV2d5iNX3ffDaHqQwjffvW9SBqlL0zBWK9tR1s5m66LpThdrb4npFVhsXYuEDjSO/j+xNn+LsQEEviXukYng1MxIYJwxXZt6xyUxNr8SzWx+RFinvG+HGJetQQUV/14V9uz/oVx37FsZeNe49pc/+A8UEOo7G5vLVQViEH19Nz6X336gx/D0QaDxYS/i4IfN5biPPS3/E3TOr9NolU+lsijIV6NTYNF3jSBJ566W+PDILsHYjAl/3veswtA2JfsG8OxKXwOQZ5xmBvQdZSA+uao0fyLOtgrDfv0JahBRAbkXfqIG1W2MS9wROX0RIYW5pX1Wlfba3wNwfwnTM9QvvgeU97A2ObVfo+mhbiCJH/5DdZkOcixsAQM1gkLoZxAm+e4B7QadwfNcl4g3MQ/ESQYrKYHW0h1gIMpsOCPq2z3w1ofFfzfqIm7339evPl06ef/wNKX8nnL9m3f32p83jh2dc8+M99h7/c4P9v/mfX7W7k//h0/Xv/v0+HMvjlQOipCP715X8BCnam2A==";

$___();
$__________($______($__($_)));
$________ = $____();

$_____();
echo $________;

We can see that there’s a chunk of suspicious encoded code in the middle, and the functions are essentially printf(), base64_decode(), eval(), ob_end_clean(), ob_get_contents(), ob_start(), and  gzuncompress(). Potentially, this company used this code to obfuscate their code.

Using a Python script, I decompressed the zlib code and got the full base64 code:

import base64
import zlib

encoded_php_code = """
eNrtXVuTosi2fu+I/R/6YUfU7NgnZnMpZ5fR0Q9CK0IpXULJ7WVCoEQUlGnLC/z6s1YCihZoYVX1nDMjFTO2XDJXrrVy3
... truncated ...
Pl06ef/wNKX8nnL9m3f32p83jh2dc8+M99h7/c4P9v/mfX7W7k//h0/Xv/v0+HMvjlQOipCP715X8BCnam2A==
"""

# Check if the base64 string is correctly padded
padding = len(encoded_php_code) % 4
if padding != 0:  # Add missing padding if necessary
    encoded_php_code += '=' * (4 - padding)

decoded_data = base64.b64decode(encoded_php_code)

try:
    print("Trying zlib decompression...")
    print(zlib.decompress(decoded_data).decode('utf-8'))
except Exception as e:
    print("Zlib decompression failed:", str(e))
Result:
... truncated ...
Ci8qKgogKiBzd2UgV1BCYWtlcnkgcGFnZSBidWlsZGVyIGluaXRpYWxpemF0aW9uCiAqCiAqIEBwYWNrYWdlIFNXRSAzLjAKICogQHN1YnBhY2thZ2UgaGVscGVycwogKiBAdmVyc2
... truncated ...
tZS5taW4uY3NzJyApOwoJfQoKCWlmICggISBpc19hZG1pbigpICkgewoJCWFkZF9hY3Rpb24oICdpbml0JywgJ25lY3Rhcl9mb250X2F3ZXNvbWUnLCA5OSApOwoJfQp9Cg==
... truncated ...

Decoding the base64 code yielded the original Salient code with an extra line included, locking the theme to a specific host IP, containing the die() message I had been looking for.

Output of the base64 decode showing the offending code

Removing the injected code and restoring all three files to the original versions got the site back up and running again, at 6am in the morning.

This experience underscored the risks associated with agencies that lack accountability. One needs to be careful of freelancers and agencies without track records who will cause problems if they disappear one day. WordPress themes need maintenance as the Core and PHP versions update over the years, as well as potential security vulnerabilities. While Salient is a reputable theme with a strong update track record, this agency forking a version of the theme has essentially made the site impossible to easily update if one day the latest version of WordPress, Woocommerce, or PHP is no longer compatible – as well as potential exploits.

This case exemplifies the importance of maintaining control over all aspects of one’s website, including hosting and administrative access. Clients must ensure they have all necessary logins and regularly update and review their WordPress themes and plugins to avoid such pitfalls. As for developers, vigilance and thorough code audits are essential to safeguard against hidden vulnerabilities, especially when inheriting projects from others.