When new module is added, xScape wasn’t able to apply settings for it, and initially it appeared blank. Now, that is fixed. Web Fonts module is a bit changed and it also have one more option for adding important! to styles override. All themes have own default set of fonts for major title. If you don’t want Web Fonts, simply disable it. Also, there is a video explaining how the module is used, so check it out:

Google Web Fonts Module: http://d4p.me/1ac

To see the theme and framework in action, visit the WordPress MultiSite powered demo website. You can get your own demo website to test themes controls. If you want one, use contact form.

Demo Site: http://xscape.info/

R8 with Google Web Font

Image on the right is example from R8 with custom Google Web Font. Currently module for Google Web Fonts contains 62 fonts to choose from, more will come in next versions.

To see the theme and framework in action, visit the WordPress MultiSite powered demo website. You can get your own demo website to test themes controls. If you want one, use contact form.

Demo Site:
http://xscape.info/

Both themes are complete as the features go, and they will get updates only when something major is changed in xScape to require changes in the themes. I don’t plan to release minor updates for both themes if not required, but framework only updates will work as always.

To see the theme and framework in action, visit the WordPress MultiSite powered demo website. You can get your own demo website to test themes controls. If you want one, use contact form.

Demo Site:
http://xscape.info/

Millions of websites run on WordPress, and that makes WordPress and everything related to it great target for hackers to exploit security holes and to plant some of their own into plugins and themes. Every now and them you hear that some plugin is used by hackers to get access to websites or to send users data to a remote website. Similar methods are used by themes. Themes are also used to plant spam links into header and footer of websites using encoded content (base64 or some other method). Some themes also had a malicious code that was able to replicate itself to other themes installed on the website.

Preventing something like that happening to you is not very complicated, and it requires that you only be careful where you get the plugins and themes, and what are you installing on your website.

Find and download themes and plugins

Best source for free themes and plugins is main WordPress website (wordpress.org). Themes uploaded there are always scanned prior to publishing to make sure that malicious code is not embedded. When the plugins in the repository are concerned, it’s not nowhere near as strict as the themes, and plugins are removed only if multiple users report plugin as problematic. Over the years, there were cases of plugins uploaded to repository that where malicious in nature, but they are always quickly removed. Still, plugins repository needs a massive overhaul to make it up to date (90% of plugins are not compatible with latest WordPress versions, they are not maintained and they are not tested). But, as a source of free plugins that is the best way to get plugins.

If you don’t download plugins or themes from there, you must make sure to get plugins and themes directly from their authors websites. Be careful downloading them from some third-party website. Free plugins are not big problem, but premium (or commercial if you like) plugins and themes are usually target of hackers. They get them illegally, change them and offer for free from their websites or other warez forums or sources. All commercial themes developers were affected over the years, and their themes end up on such websites, and always include some sort of malicious code.

Check what you have downloaded

Before you upload theme or plugin on your website, test it on your local computer. Also, you can search files in theme or plugin for a code that is potentially problematic. This is easier to do in the theme than plugin, since plugin can have not only more files, but there are legitimate reasons to use some functions that may be considered problematic.

Any theme file can be affected, but most common files to be infected are: functions.php, footer.php and header.php. Encoded content is usually recognized by use of base64_decode function that contains long string that doesn’t make any sense on its own. Also, footer or header can contain long lists of links that are displayed as hidden. There is a free plugin called Theme Authenticity Checker, and you can use it to scan themes you have installed to find malicious code or links that shouldn’t be there.

There are several ways that plugins and themes can send data to remote servers. That can also be a big security concern and check if curl functions are used, functions like wp_remote_get or file_get_contents. Checking for that requires that you are familiar with PHP and WordPress development.

Conclusion

Be careful what you add to your website, make sure to get plugins and themes from authors or some reputable source like official WordPress repository. Spend some time to test what you have download.