73 Comments

Summary:

WordPress is growing quickly – both as a hosted platform and also via standalone blog installations. The rapid growth and its open, flexible approach to blog design, means it may become a target for hackers who embed malicious code within themes they distribute. One of the […]

WordPress is growing quickly – both as a hosted platform and also via standalone blog installations. The rapid growth and its open, flexible approach to blog design, means it may become a target for hackers who embed malicious code within themes they distribute.

One of the reasons for its success is the flexibility it offers for customization. WordPress is built around a central engine, written in PHP, called The Loop. Every time a blog is viewed, The Loop processes each part of the page — a header, the body and posts, a sidebar, and a footer. Blog operators are free to change these elements: They can modify the stylesheets to change fonts and colors. They can change the PHP code to display things like author details, popular tags, and so on. And they can put in plug-ins to further extend the capabilities of their site.

Designers bundle up stylesheets, PHP code, and sometimes plug-ins, into themes. A WordPress theme isn’t just cosmetics: It’s code. If you change a theme in Powerpoint, you’re just changing fonts and colors. But when you change a theme in WordPress, you’re also modifying the underlying structure of the site, including database queries and PHP execution.

The tremendous flexibility this offers gives us the rich variety of blogs available today. WordPress distributes some of these themes through its own theme browser, but themes are also offered by many sites and by individual developers. And WordPress has worked hard to make enabling a new theme as easy as copying it to a blog and clicking on a thumbnail.

With any successful platform, the hackers aren’t far behind. Apple’s Mac is widely regarded as more secure than a Windows PC, but that security may also be a result of fewer people attacking it. So as WordPress grows, it becomes a prime target for attack.

The richness of WordPress themes is an excellent opportunity for attackers. And that code executes on a server, where it can do all kinds of bad things. Because of the ease of theme installation, blog owners who’d never install untested code on a server are deploying themes on their blogs, not realizing that hidden code is coming along for the ride.

Here’s a real example.

Seattle-based designer Derek Punsalan makes acclaimed WordPress themes, and has released several of them to the world. Other theme sites have copied his themes. One such theme copier is WP-Sphere.

When you download Punsalan’s theme from the WP-Sphere site, it contains some extra code that he didn’t include. It’s a long string of cryptic-looking characters that most users wouldn’t question:

wordprescodebad1.gif

The first part of the string offers a clue: It’s using a PHP function to decode the string of text, which is encoded as base64. If we pass this through a decoder, the string looks a lot more malicious:

wordprescodebad2.gif

The code establishes a connection from the WordPress server to several sites wpssr.com, wpsnc.com, and wpsnc2.com, and allows the site operator to download an arbitrary piece of Javascript. The sites are registered to an anonymous registrar in Vancouver, British Columbia.

“These types of theme galleries are taking advantage of unsuspecting WordPress users who assume that the themes they are downloading are no different than the next,” says Punsalan. “Although it is difficult to police and prevent individuals from following requests not to redistribute, it has become quite apparent that the WordPress community needs to make a stand.”

Paul Carroll wrote about this string a couple of weeks ago. He concluded that, at its most innocent, this is a way for WP-Sphere to keep track of who’s using themes, but that it presents an excellent back door for injecting malicious code every time someone visits a site. In theory, WP-Sphere could inject advertising into the pages of people who use their copied, modified themes. Punsalan has a write-up on his blog of the situation as well.

Perhaps most disturbingly, until yesterday, WP-Sphere was the number one paid search result for “WordPress Themes” on Google. Today, there are sites and plug-ins devoted to blog security and detecting vulnerabilities. But WordPress is popular enough that it’s going to have to tackle this directly. The flexibility that makes it great also allows those with malicious intent to put bad code inside the blogs of innocents. Now, the blogging community has to figure out some kind of a certification process that doesn’t stifle innovation.

One approach proposed by Matthew Mullenweg, founding developer of WordPress, is a marketplace consisting of certified, GPL-licensed themes.”This is no different from malware, and in many ways much worse,” says Mullenweg. “All 2000+ themes in our official directory are vetted for this kind of thing, and it’s obviously dangerous.”

[Disclosure: Automattic, a start-up founded by Matt Mullenweg is backed by True Ventures, lead investors in the parent company of this blog.]

 Alistair Croll is a co-founder of Coradiant. He writes about online user performance on Coradiant’s corporate blog and tries to out-guess the future at bitcurrent.com.

You’re subscribed! If you like, you can update your settings

  1. Chat Marchet News Digest » WordPress Themes & Web Security Monday, November 26, 2007

    [...] Read the full story… This entry was posted on Tuesday, November 27th, 2007 at 4:12 am and is filed under le Chat Marchet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. [...]

  2. » Malicious Code In Themes and Templates – Webfeed Central Monday, November 26, 2007

    [...] what I read today, specifically talked about WordPress and some extra code that’s already been found in at [...]

  3. It’s true those “cryptic-looking characters” is a code that allows the owner to place a text link ad on the blog of the person that’s using the theme, some designers use the code to prevent bloggers from editing their footer link thus ensuring that the sponsors link remain intact.

  4. Vuelven los problemas con los themes de Wordpress | aNieto2K Tuesday, November 27, 2007

    [...] descubro otro posible caso, digo posible por que no se han pronunciado los grandes de WordPress sobre el tema. Esta vez se [...]

  5. Dr Farrukh Malik Tuesday, November 27, 2007

    This article gives a newer level of understanding regarding security issue with wordpress platform. It’s the wordpress who need to come in action and only than we can have something substantial. The proposed idea of certification for themes and plugins is intelligent one and we need to look into it since it will save many newbies like myself from getting trapped into any malicious act. Thanks for writing such a nice article.

  6. Hackers can easily hack code, if you’re using PHP files as your template files or in other words messing Core logic with UI. You need to use .html or .tpl files as templates as PHPBB and 4Images do. They are a bit slow but yet your code is more secure this way.

  7. Kr±g Starszoharcerski “Matrix” » Blog Archive » Bezpieczeñstwo: skórki Wordpressa Tuesday, November 27, 2007

    [...] jest to bezpodstawna obawa – istniej± do¶æ powa¿ne przes³anki ku temu. Co zatem mo¿na [...]

  8. Wow, I was with you all the way, right up until you said: “Apple’s Mac is widely regarded as more secure than a Windows PC, but that security may also be a result of fewer people attacking it.”

    That arguments been and gone. Warning! Trust rank running low!

    But seriously, this to me sounds like an argument for some kind of registration system. I know it’s onerous, but it would do away with a lot of the security problems.

    An example would be where the template designer registers their template with WordPress, who then issue an MD5 code.

    When anyone then runs the template — which is inside a ‘wrapper’ file — the template itself checks back with WordPress to verify the hash code is valid.

    Or something like that…

  9. You make some excellent points. I believe the multitude of plugins pose similar threat as well although it might be easier to bury such malicious code in a theme. The comment thread in Matt’s post about the WP Theme Marketplace is awesome. Thanks for the reference.

  10. @Wayne:

    His statement that Macs are more secure is true. Just look at the facts. Hackers don’t go after Macs as often. You cannot argue this point. You can say the reason is because Apple has a smaller marketshare, but you cannot honestly argue that Windows computers are more secure than Apple computers.

    I only hope that in making a statement such as this, you have used an Apple computer for a longer period of time than a visit to the Apple store.

  11. This is a relatively common problem that rears its ugly head in many different shapes including encoded links such as the examples you and Derek have pointed out, sponsored links in themes that originally did not have them and unwanted, surreptitious code hidden in relatively benign code. http://weblogtoolscollection.com/archives/2007/11/09/blogsthemecom-warning/
    http://weblogtoolscollection.com/archives/2007/08/04/warning-templatebrowser-dot-com/

    Those two examples also include comments from readers who have encountered other sites with similar themes. However, I wish you would not have linked to WPSphere and the other sites on this post and just pointed them out in plain text instead.

  12. Sakib Al Mahmud Tuesday, November 27, 2007

    OMG.

    just today I download this theme at 3:00 pm. But, didn’t manage time to install.

    Oh… many many thanks dear GIGAOM to inform us.

  13. Exploited WP Themes « C.H.’s Blog… Tuesday, November 27, 2007

    [...] Exploited WP Themes Jump to Comments Good article on WP themes being exploited by 3rd party “designers”.  Also, another reason why I rip WP themes apart when I get them.  Link. [...]

  14. It’s not just WordPress, I think this is just a new idea hackers have come up with. I’m sure it will spread to other open source products such as phpbb and others as well. :/

  15. Hackers Maybe Exploiting WordPress Themes? « Sakib on WordPress Tuesday, November 27, 2007

    [...] On 26th november, Alistair Croll did a post on GIGAOM  – Are Hackers Exploiting WordPress Themes? [...]

  16. Hacks embedded in Wordpress Themes | TechWag Tuesday, November 27, 2007

    [...] Interesting breaking news on a code chunk from WP-Sphere based themes that could allow a potentially evil person to send malicious code to a user via a wordpress theme. Of course all the attention o n this one is going to drive the code deeper into the PHP code, but in the mean time, maybe it is time to audit your themes and make sure that they match up with what is expected not necessarily what is intended by the bad guy. Seattle-based designer Derek Punsalan makes acclaimed WordPress themes, and has released several of them to the world. Other theme sites have copied his themes. One such theme copier is WP-Sphere. When you download Punsalan’s theme from the WP-Sphere site, it contains some extra code that he didn’t include. It’s a long string of cryptic-looking characters that most users wouldn’t question. Source: Gigaom [...]

  17. Una breve pero interesante colección de noticias — Criando Cuervos Tuesday, November 27, 2007

    [...] themes de WordPress pueden ser explotaros por hackers. Es algo obvio ya que no solo cambian la hoja de estilo de CSS [...]

  18. Thank you Alistair for bringing this to light. I took the time to post about it on my blog, but failed to follow through with anybody.

    This is one of those situation where code auditing is essential. Also, if you are in an environment where you can control the traffic to/from the server, it’s probably a good idea to limit the class of traffic that can originate from the server. I’m not sure if this would have been caught by a Web Application Firewall, since it was a Request originating from the server.

    Build a better mousetrap and somebody will build a smarter mouse….

  19. Generally Speaking Production Network (gspn.tv) 036 Podcast Answer Man – Wordpress Themes Warning Tuesday, November 27, 2007

    [...] this episode, I talk about An Article From Gigaom that discussed an increased concern about where you might be downloading your wordpress themes [...]

  20. WordPress Hacking « Ed Bellis – ClearText Tuesday, November 27, 2007

    [...] within various WordPress themes created by outside developers. There’s a pretty decent write-up on GigaOm. It’s good to see this kind of attention outside of the usual security crowds. [...]

  21. Al Gore’s Wordpress Blog gets hacked | OverFl0w Network Blog Tuesday, November 27, 2007

    [...] i was wondering when wordpress is coming with the new update patch Post a [...]

  22. A very interesting read, to say the least. Thanks for the warning.

  23. Broerse Blog » Blog Archive » I pays to be lazy Tuesday, November 27, 2007

    [...] When I started testing Blogging with WordPress I was to lazy to change the default look and didn’t even search for a fresh new WordPress theme. Seems like a good thing now. Read about theme hackers here. [...]

  24. The Cosmopolitan Blog » Welcoming hackers to the blogsphere Tuesday, November 27, 2007

    [...] blogs, so used for advertising purposes, but some can be used for more harmful stuff as well. Read this post for more detailed info. If you’re gonna go through the trouble of installing your own blog on [...]

  25. Detourned life » Blog Archive » links for 2007-11-27 Tuesday, November 27, 2007

    [...] Are Hackers Exploiting WordPress Themes? L’uso di WordPress si va incrementando e con esso i problemi di sicurezza che possono derivare addirittura da temi GPL in distribuzione gratuita creati ad hoc per fare danni… meno male che il fido Knef non ha di queste tendenze. (tags: wordpress security themes opensource) [...]

  26. Internetpret voor 2007-11-27 at Dikkie Tuesday, November 27, 2007

    [...] Are Hackers Exploiting WordPress Themes? – GigaOMJe meer en meer op je hoeden zijn als je van theme wilt veranderen…(wordpress themes security ) [...]

  27. Blawg.it » Rischio temi Wordpress Tuesday, November 27, 2007

    [...] GigaOm oggi riporta un articolo sui rischi connessi all’installazione di temi (o plugin) wordpress di terze parti non verificate! Non solo i plugin, ma anche i temi possono installare surrettiziamente codice di varia natura (javascript ad esempio) e comunicare con siti terzi ad insaputa del titolare del dominio web. Occorre fare molta attenzione, come spiegano molti esperti di sicurezza: l’età dell’innocenza di Worpress è oramai un ricordo, ed è indispensabile affilare le contromisure per evitare che i nostri amati blog si trasformino in un covo di spam o peggio.. Nel frattempo si spera che le prossime versioni di WordPress investano nella sicurezza strutturale, del sistema, consentendo ad esempio di modificare in modo semplice i prefissi delle tabelle o rinforzando i criteri di autenticazione. Il filmato mostra graficamente quanto riportato da GigaOm e dalle sue fonti (Either JavaScript is not active or you are using an old version of Adobe Flash Player. Please install the newest Flash Player.) This work, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Italy License. [...]

  28. האם הקוד הפתוח רע לאבטחת מידע? » ZuLL, יומנו של האקר. Wednesday, November 28, 2007

    [...] עוד מידע על העניין פה: http://gigaom.com/2007/11/26/wordpress-themes-security-problems/) [...]

  29. Nutzen Hacker Wordpress? « M2blog Wednesday, November 28, 2007

    [...] Hacker Wordpress? 28Nov07 In einem interessanten Artikel behandelt Alistair Croll die Frage, ob und wie Hacker WordPress Themes nutzen um ihrem [...]

  30. brams.dk » Blog Archive » Vicious WordPress Designs Wednesday, November 28, 2007

    [...] This was a new one in my world. Just read the article at gigaom.com about how innocent looking WordPress themes sometimes carry a nasty payload opening the door for [...]

  31. Bitcurrent » Blog Archive » Wordpress and theme hacks Wednesday, November 28, 2007

    [...] an interesting weekend, I wrote an article for GigaOm about WordPress Themes and vulnerability. Got lots of press — even made the front page of Digg! — and several people propelled [...]

  32. Bram.us » Their growing demand: Wordpress Magazine/Gazette/Newspaper Themes Overview Thursday, November 29, 2007

    [...] within the WordPress Themes Scene. I’m not talking about some of the free themes that contain tracking codes, but the rise of the Magazine/Gazette/Newspaper themes. During the past three months quite a few [...]

  33. Information Security Update » Blog Archive » An Inconvenient Truth of blogging. Saturday, December 1, 2007

    [...] ways to protect your blogs is to keep the software up to date. It is also common for hackers to add malicious code to blog skins then distribute them publicly through sites like WP-Shere. [...]

  34.   Beware downloading Wordpress Themes. by Tdot-Blog Sunday, December 2, 2007

    [...] read Alistair Croll’s post, click here. Email This Post Print This [...]

  35. Teh Blarg » Wordpress Theme Arbitrary Code Execution Monday, December 3, 2007

    [...] I found a post on GigaOM that found this same issue, and even mentions WPSphere.com by name. I’m glad I’m not [...]

  36. WordPress Themes and Security | Earn Blogger Wednesday, December 5, 2007

    [...] GigaOm reports that some themes of Seattle-based designer Derek Punsalan has been modified by a site called WP-Sphere. When you download Punsalan’s theme from the WP-Sphere site, it contains some extra encrypted codes that he didn’t include. The code establishes a connection from the WordPress server to several sites wpssr.com, wpsnc.com, and wpsnc2.com, and allows the site operator to download an arbitrary piece of Javascript. [...]

  37. WordPress Wednesday News: WordPress Themes Hacked, WordPress Schwag for Sale, Life Without Akismet, Flickr Edits, and New WordPress Baby : The Blog Herald Wednesday, December 5, 2007

    [...] spam links in the footer even after they had been deleted. Reports on other Theme hacks, including on Gigaom, are coming out frequently. All because WordPress users are not upgrading WordPress and their [...]

  38. Security: bulletproof your Wordpress blog | Design daily news Thursday, December 6, 2007

    [...] Are Hackers Exploiting WordPress Themes? http://gigaom.com/2007/11/26/wordpress-themes-security-problems/ [...]

  39. tech.twomadgeeks.com » Are Hackers Exploiting WordPress Themes? Thursday, December 6, 2007

    [...] Link: GigaOM [...]

  40. 7thgroove » Blog Archive » WordPress Themes & Web Security Sunday, December 9, 2007

    [...] for hackers who could embed malicious code within themes. Om Malik breaks down the threat…read more | digg [...]

  41. I put together a light weight “anti-spyware” plugin for WordPress. When you activate a theme, it scans the theme for suspicious code, and alerts the user.

    More @ http://headzoo.com/wp-anti-wares

  42. WordPress Hacker’lar için mi Kullanılıyor? | Cnkt Wednesday, December 12, 2007

    [...] Yukarıdaki yazı İngilice olarak 26 Kasım 2007′de http://gigaom.com/2007/11/26/wordpress-themes-security-problems/ adresinde Alistair Croll tarafından [...]

  43. WordPress Themes & Web Security | My Blog Quest Thursday, December 13, 2007

    [...] read more | digg story Related PostsWordPress Plugins December 4th Calendar Cloud displays yearly calendars containing 12 months weighed by their post counts. f…Three Types of Feed Formats Supported by WordPressIn the blog world, web contents are syndicated by feeds, which are a short summary of content presen…How Are Feeds Generated in WproPress? In WordPress, the feeds of posts and comments in formats of RSS or Atom are generated automatica…How To Survive A Digg StormHow To Make Money With 404 Error PagesShare This [...]

  44. Ваш блог – могут взломать! | AltBlog.ru Friday, December 14, 2007

    [...] Также советую ознакомиться с Are Hackers Exploiting WordPress Themes? [...]

  45. Güncel Blog » Blog Arşivi » Hackerlar wordpressi kullanabilir mi? Saturday, December 15, 2007

    [...] İşte bu konu ile ilgili güncel bir yazıyı ingilizce olarak Alistair Croll yazmış ve şuradan da okuyabilirsiniz. Bu yazıyı ise geçtiğimiz günlerde Cnkt, Türkçeye tercüme etmiş. [...]

  46. i caught on to this experimenting with some themes i just found using google but didn’t realise how widespread it is…am far from a php expert but noticed the footer of some themes now just include cryptic lines of text but many strange looking sites appear in the footer…gonna share…thanks for the info

  47. ‘ + title + ‘ – ‘ + basename(imgurl) + ‘(‘ + w + ‘x’ + h +’) Wednesday, January 23, 2008

    [...] gigaom: at its most innocent, this is a way for WP-Sphere to keep track of who’s using themes, but that it presents an excellent back door for injecting malicious code every time someone visits a site. In theory, WP-Sphere could inject advertising into the pages of people who use their copied, modified themes. [...]

  48. How to Protect Your WordPress Site » Small Business Trends | small business experts Wednesday, February 6, 2008

    [...] not download templates from unofficial sites — Some vulnerabilities have been linked to free design themes downloaded from disreputable sites. Once your site is infected, the malicious code will keep [...]

  49. WordPress Themes & Web Security | Easy Place To Blog Tuesday, February 26, 2008

    [...] means it may become a target for hackers who embed malicious code within themes they distribute.read more | digg [...]

  50. Daw Hosting Blog Thursday, March 6, 2008

    Even with anstispam and protection from spam bots my blogs still get spamming comments. I think it is very important to regularly update WordPress… something I must admit I underestimated in the past.

    Another thing is to buy themes only from trusted sources.

  51. WordPress Security | Easy Place To Blog Monday, March 10, 2008

    [...] means it may become a target for hackers who embed malicious code within themes they distribute.read more | digg [...]

  52. Rss VURSAKnoktacom » Blog Arşivi » Links for 2008-03-22 [del.icio.us] Saturday, March 29, 2008

    [...] Are Hackers Exploiting WordPress Themes? – GigaOM wordpress temaları yüzünden siteniz hacklenebilir. [...]

  53. Blog Hacks Coming Back to Roost? – GigaOM Monday, April 7, 2008

    [...] Croll, Monday, April 7, 2008 at 3:22 PM PT Comments (0) Back in November, we looked at WordPress themes being distributed by third parties who’d embedded hidden code [...]

  54. Business News Research » Blog Hacks Coming Back to Roost? Tuesday, April 8, 2008

    [...] Back in November, we looked at WordPress themes being distributed by third parties who’d embedded hidden code to allow the insertion of arbitrary content. Now a rash of sites are reporting that their blogs have been subverted. [...]

  55. Thanks alot for this.

    From – http://uploadxs.com (Fastest Filehosting Site)

  56. website design Monday, May 5, 2008

    Even with anstispam and protection from spam bots my blogs still get spamming comments. I think it is very important to regularly update WordPress… something I must admit I underestimated in the past.

    Another thing is to buy themes only from trusted sources.

  57. michaels craft store Wednesday, May 21, 2008

    this is by far the most interesting post i’ve stumbled so far..thanks for the contribution to the society and for the knowledge..

  58. Why did that blog/website shut down? One person’s loss is another person’s gain, why shouldn’t I start up a copycat blog/website when someone shuts theirs down? That person shut down their blog/website, someone else started up similar on Tuesday, May 27, 2008

    [...] Article #1 [...]

  59. Why did that blog/website shut down? One person’s loss is another person’s gain, why shouldn’t I start up a copycat blog/website when someone shuts theirs down? That person shut down their blog/website, someone else started up similar on Tuesday, May 27, 2008

    [...] Article #1 [...]

  60. Flash & Actionscript blog of betaruce – examples, sources & tutorials »Blog Archive » Wordpress themes: clear up rubbish codes Friday, June 6, 2008

    [...] in my web browser. However, I couldn’t find them in the theme editor. Then I came across this article. It talked about how people insert long string of cryptic-looking characters that most users [...]

  61. AOL’s Third Screen Media Serving Up Spam? – GigaOM Sunday, June 8, 2008

    [...] Essentially Third Screen is serving as a spam-farm for someone. We have written in the past about how WordPress themes are being used to embed spam links and other nefarious stuff. (He has links to everything on his [...]

  62. אבטחת וורדפרס » ITbananas Wednesday, June 18, 2008

    [...] נבדוק שאין קוד ספאם ניסתר בתבנית.| מהם הסיכונים בהורדת תבניות מאתרים |צד שלישי? [...]

  63. website designing noida Sunday, September 7, 2008

    the information on this site is very help full…… good information

  64. NusaybinSOFT » WordPress Temaları Yüzünden Hacklenebilirsiniz! Sunday, October 5, 2008

    [...] Yukarıdaki yazı İngilice olarak 26 Kasım 2007′de http://gigaom.com/2007/11/26/wordpress-themes-Security-problems/  adresinde Alistair Croll tarafından [...]

  65. trustno1 – Oleksandr Tymoshenko’s blog Friday, October 10, 2008

    [...] Гугль показал, что не я первый: здесь и у Om Malik. [...]

  66. I believe wordpress has a system to keep people like this from hacking. These are some great themes that I would like to download and use for some of my site. Just wanting to comment about that. Good luck.

  67. WordPress插件推荐 #6 – 免费软件资讯站 Saturday, December 13, 2008

    [...] 我们使用的时候不仔细检查很难发现问题. 这里有一篇英文blog的文章, 就描述了这样的一个例子. 一个西雅图的设计师Derek [...]

  68. How hackers might exploit Wordpress Themes | Sean Delaney Friday, January 16, 2009

    [...] Read full story here Share and Enjoy: [...]

  69. thank you very much for this useful website. I am new to WP techniques and need to learn a lot really.

  70. FFXI Blog Writers, heads up! | the StarOnion Friday, April 17, 2009

    [...] Also, not only wordpress flaw can be dangerous, but also Themes that we use. I’ve read that some themes now contain malicious code when you download them. Since I go into the code and do personalization, most of the time I know [...]

  71. Get Joomla and ditch wordpress. It’s a risk. I just discovered a website with very dodgy code that was inserted into it, and it was a wordpress website. Mac is 10000000000 times more secure than Windows. Or to put it in another way, Windows is not secure.

  72. WordPress Hacker’lar için mi Kullanılıyor? | Hack And Security – Artık herkes hack yapsın Web Hacking & Security Monday, July 20, 2009

    [...] Yukarıdaki yazı İngilice olarak 26 Kasım 2007′de http://gigaom.com/2007/11/26/wordpress-themes-security-problems/ adresinde Alistair Croll tarafından [...]

  73. Abhijit V. Chaore Monday, July 12, 2010

    Security is indeed a concern for WordPress users. This information helps new users as well as those who are using WordPress for a while with a Free downloaded theme. Themes ‘MUST’ be downloaded from a trusted and tested source only.

Comments have been disabled for this post