Need a few answers ASAP!

I had a similar problem with a similar theme, and the problem was not with WP Cache, but rather with some nasty encrypted code buried in the theme which you may want to address.

As discussed, it is using this in the library.php:

/**
 * Renders the theme credits.
 */
function padd_theme_credits() {
	do_action(__FUNCTION__);

… and this in the footer.php:

<?php padd_theme_credits(); ?>

… to summon up those theme credits. In the theme I was using, these were not credits to the designers at all, but links to various fake websites and online dating sites, so that is bad practice and can diminish the ranking of your own site.

As in your case, if I removed these bits of code, the site went blank. I was not using WP Total Cache and this was not the problem.

I looked in functions/required and found the php files for template-top and template-bot. These contain encrypted code (presumably telling it to put in those nasty links). I removed the code from within those files and uploaded them as empty. (Note, you can;t get at these files through the WP admin interface and would have to e.g. ftp).

Then, when I removed the two above bits of code, the site worked, with no ‘credits’ and no blank screen.

I am not happy with the theme creators Padd Solutions, as nowhere on their site do they mention they are giving away themes that are basically parasites on your website.

Still, this fix seems to work for me.

PS. Lastly, I deleted from the footer:

<?php require 'functions/required/template-bot.php'; ?>

and the similar line of code in the header referring to template-top.php

Yes I understand. It was driving me crazy! No matter what I did, nothing seemed to work. I’m glad I got it resolved though.

@ukpockets Thanks for your help in this matter, it really saved me. I spent so much time installing and customizing the theme before I realized the parasitic credit links in the footer. I search for 2 days before I came across your helpful solution.
Padd created a nice looking theme (I used the Berylliumous theme), which is why I don’t understand why they need to stoop to such practices.

Also, I was wondering, since I removed the <?php require 'functions/required/template-bot.php'; ?> from the footer and the similar file from the header, would it be safe to remove

function padd_theme_credits() {
	do_action(__FUNCTION__);
}

from the library.php file, and similarly,

<?php padd_theme_credits(); ?>

from the footer.php file?

I know this thread is old, but I hope the participants get this. In reading above, I’m not sure the story stops with the above information and PADD SOLUTIONS ( who I may be wrong but has broken some laws as it related to GNU)

Noted in footer.php

<?php
$tracker = get_option(PADD_PREFIX . ‘_tracker_bot’,”);
if (!empty($tracker)) {
echo stripslashes($tracker);
}
?>

This is clearly not a part of any wordpress or theme. I believe even if you clear up credits issue there is still __something__ going on here.

if you have SSH access to your hosting provider cd to the theme directory and run: grep -R tracker *

There are references to $tracker in footer.php and header.php as well as includes/default.php , administration/options-functions.php , and administration/options-ui.php

I’m going to have someone from GNU look into all this.

Michael

Thanks windowgang for you efforts on this. Theses themes seem to have been around now for some time, and I am not sure why this has not been brought to GNU before. But, I applaud your efforts. At least I hope someone that is proficient at tracking such “worse practices” in themes will help pinpoint all of the offensive code and suggest fixes or work-arounds.

I also found this kind of code and I’m not happy with a fact someone is writing encoded parts of code to hide non-changeable parts of code (in free templates!).

In my case (also from this company: paddsolutions.com) I also had a line:
<?php padd_theme_credits(); ?>

With a little researching I found that this function is nowhere defined. There is one base64 encoded file called prelude.php and I guess it is loceted there.

This function puts links to dating sites at my footer!

So I tried to decode the file. I was partially successful, couldn’t read the entire code – but there are functions written, I’m sure. I saw parts of php code.

try removing all the data in prelude.php and make it an empty php file

I’m not happy with a fact someone is writing encoded parts of code to hide non-changeable parts of code (in free templates!)

Spammers offer free encoded themes as a way of propagating their links at best. Some can include malicious code that can even compromise your site’s security.

This is why you should only download themes from a reputable source such as https://www.ads-software.com/extend/themes/

try removing all the data in prelude.php and make it an empty php file

If I remove it, template won’t work. White page with text “Something is wrong” is displayed!

I somehow managed to get rid of nasty credits and links.

I searched for base64 decoder and copy paste the code that resided beetween ‘ ‘ in prelude.php file.

Decoder produced something I thought was unreadable, but after closer look I found code like this:

f4nct35n p1dd_th4m5_cr3d45ts()

which was indeed a function responsible for writing nasty code!
I also saw a line like this:

3ch4 $cr3d45ts;

it is of course:
echo $credits
?? ?? ??

I changed the
$credits='some password code which runs and gets the sponsors';
to:
$credits='';

and ugly text disappeared!
(I’m not sure about any logging bots which my draw traffic or sensible data from my site.)

WordPress themes from paddsolutions.com are very well done. However, they include nasty links in the footer. These links may negatively impact the Google Pagerank of the website that the theme is installed on. The malicious code is also possibly sending data about your blog to https:// starling.paddsolutions.com (presumably to check who installed their themes).

Simply removing the snippet <?php padd_theme_credits(); ?> from the footer.php file presents the user with this simple message: “Something wrong.” The actual WordPress function used is: wp_die('Something wrong.');

Some investigative work revealed that the encrypted file includes/prelude.php checks if the nasty links are left intact in the template. This file is in turn called from functions.php

To remove this behaviour, follow these steps:

1- find the last line in functions.php and either delete or comment it out:

require PADD_FUNCT_PATH . ‘prelude.php’;

2- in the footer.php file, either delete this snippet or comment it out:

<?php padd_theme_credits(); ?>

To comment out a section of php code, put it in between this /* and this */

For example: <?php /* padd_theme_credits(); */ ?>

i like Never die for WP [signature moderated per forum rules]