Seems to be some dodgy files in Storefront on client site

Hi @kristinubute

Thank you for reaching out — we’re happy to help!

Seems to be some additional php flies that shouldnt’ be there in those directories .

It appears so, indeed. The source code for the Storefront theme is available on GitHub, and the files mentioned above are not part of it. Below, I am attaching a screenshot, for reference.

Is there somewhere I can look and compare what directories/files should be there and not be there?

Of course, here you go:

https://github.com/woocommerce/storefront

Website seems to have been partly compromised

It appears malicious code has been injected, indeed, as the reported files above are executable PHP. The site’s been hacked, in other words.

Feel free to give Jetpack protect a go.

I trust that points you in the right direction, but if you have more questions, let us know.

We’re happy to help.

• This reply was modified 4 months, 4 weeks ago by anastas10s. Reason: typo

HI

I have already cleaned out and removed those files, and they haven’t come back in.

I will check all files and compare with your version.

So as you mentioned elastic-slider.php shouldn’t be there

and this one ?

storefront/assets/images/admin/welcome-screen/automattic.php

It only seems to be in the STorefront theme where the issue resides.

Why would that be ?

Maybe one of the Storefront Theme versions had a security issue at one stage ?

I’ve had a look at Github, there are a heap of extra files that I assume shouldn’t be there in Github … so I’m getting a bit confused …

Where can I just download a Zip file and I’ll compare with that …

THanks

This part of the functions.php is slightly different … Does that mean anything?

/** * NUX * Only load if wp version is 4.7.3 or above because of this issue; * https://core.trac.www.ads-software.com/ticket/39610?cversion=1&cnum_hist=2 */ if ( version_compare( get_bloginfo( ‘version’ ), ‘4.7.3’, ‘>=’ ) && ( is_admin() || is_customize_preview() ) ) { require ‘inc/nux/class-storefront-nux-admin.php’; require ‘inc/nux/class-storefront-nux-guided-tour.php’; if ( defined( ‘WC_VERSION’ ) && version_compare( WC_VERSION, ‘3.0.0’, ‘>=’ ) ) { require ‘inc/nux/class-storefront-nux-starter-content.php’; } }

Seems I thought I had a current version of Storefront updated … It doesn’t show ANY new updates available but when I compared my version of STorefront it is not 4.6 – is that the current version?

How can I update Storefront if there is NO OPTION to “Update” on there please?

Thanks

Hi @kristinubute,

and this one ?

storefront/assets/images/admin/welcome-screen/automattic.php

That one also isn’t part of our theme’s core files. In that folder currently only three pngs reside: https://github.com/woocommerce/storefront/tree/trunk/assets/images/admin/welcome-screen.

This part of the functions.php is slightly different … Does that mean anything?

Yes, you seem to have a corrupted version of the theme. It’s important to know that besides looking for additional files, you could also have legit files that have been compromised as well. Your best path forward is installing a clean copy of the theme from scratch.

How can I update Storefront if there is NO OPTION to “Update” on there please?

You can download a clean copy of the theme from the WordPress repository, here: https://www.ads-software.com/themes/storefront/, then manually install it on your site.

1. On your website, go to?Appearance > Themes?and click the Add New button.?
2. Click?Upload?to upload the .zip file you downloaded from the public repo.
3. Go to?Appearance > Themes?to?Activate.

I hope this helps so far!
-OP

HI

Thanks for your reply. And as I have a Child theme already installed and using your Storefront theme as main theme. If I just delete the STorefront theme, then it will break the Child theme won’t it ?

I don’t want to actually redo everything in the Child Theme to link it back to the new Storefront theme.

What steps do you suggest that I can do to link the Child Theme easily to this new Theme please?

Thanks

Hi @kristinubute

Yes, deleting the parent theme (in this case, Storefront) would indeed break your child theme. However, there’s a method to update the Storefront theme without affecting your child theme. Here’s what you can do:

1. Ensure you have a complete backup of your site. This is a best practice before making any changes to your site and could save you if anything goes wrong.
2. Download the latest version of the Storefront theme from the WordPress repository: https://www.ads-software.com/themes/storefront/
3. Access your website files through FTP (File Transfer Protocol). You can use a free FTP client like FileZilla to do this.
4. Navigate to /wp-content/themes/ and find the “storefront” folder.
5. Rename the existing “storefront” folder to “storefront-old”. This is a precautionary step to ensure you can revert back if needed.
6. Upload the new “storefront” folder (from the .zip file you downloaded) to the /wp-content/themes/ directory.
7. Once the upload is complete, check your site to ensure everything is working correctly.

Your child theme should continue to work as before since it references the parent theme (Storefront) by name, not by the specific files in the theme. So, as long as the new theme is named “storefront”, your child theme should work as expected.

I hope this helps! Please let us know if you have any other questions.