I did a little research about your issue and found some. Hope this topic helps.
Solution – WordPress Theme Reverts to Default (Kubrick)
OK, as some of you may have noticed if you come here every now and then, this site has been periodically reverting to the big, ugly default theme for WordPress, known as Kubrick. It has been seemingly doing this all by itself. I thought perhaps it was a bug introduced by the Amazon Media Manager plug-in, so I completely removed it. The site ran fine for a few days and then, all of a sudden, the damn site reverts to Kubrick yet again. So, obviously it wasn’t AMM. I then began to wonder if perhaps WordPress has a security breach that is allowing somebody to change my theme on me just to annoy me. Problem was that nobody else has reported this as a bug. There are a few other WordPress users having the same problem, however it is certainly nothing widespread. So, it’s not a security problem either.
So, I investigate. First thing I do is look at the server MySQL query log. The log is called access_log, and each day’s logs are compressed via GZIP and stored in the same directory (/usr/local/var/logs). Now, in my case, the access_log file is WAY too big to open in a local text editor. So, instead, I use the grep command on the command prompt after logging into my server with Putty. I run the following on my access_log (after browsing to the above directory) to do a pattern matching:
grep "UPDATE wp_options" access_log
I get a long printout of all lines of the access log which contain that string. Sure enough, I find two lines, back-to-back, with the following:
UPDATE wp_options SET option_value = 'default' WHERE option_name = 'template'
UPDATE wp_options SET option_value = 'default' WHERE option_name = 'stylesheet'
Well, there’s my culprit. Unfortunately, it doesn’t tell me much. So, I open up WordPress’s files in my text editor and start searching the code for this query. I find that there is a function called update_option() in the functions.php file which is used to update any option in WordPress. So, I run another search for a query which would update specifically the “template” option. I find the get_template() function which does this. And, sure enough, if you look at the code, it is designed so that if the theme directory is not found, it will set both the “template” and “stylesheet” to default. That is by design, and not a bug. So, the question is, what is calling up this site’s WordPress files from another location? If this site’s database was called from another location using a WordPress installation which did NOT have the same theme installed, it would obviously set me back to “default”.
Well, now I’m onto something, but unfortunately, on first glance, I don’t have anything installed on this server which would be calling the same database using different WordPress files. But, do I? Here is the “kick my own ass” moment. Yes, I did. I had had a WordPress installation on this site sitting in the “blog” sub-folder which I used for testing back in the day. Something on that site must have been spidered and somebody came upon it. The moment I went and called up https://www.webbyonline.com/blog/, my theme on this site reverted to “default”.
So, the simple handle was to find the WordPress copy which was calling up the same database (in my case in the /blog/ folder) and delete it. I guess I should give this a few days to make sure I really solved it, but I bet this is the problem.
For those few who may also have this problem, there are a few options if, for some reason, you can’t find the source of it:
Put the files for your real theme into the “default” theme directory so that if it happens, your site will still look OK
Change the code for the get_template() function so that if sets the options to your desired theme rather than default if the theme files cannot be found
If you simply CANNOT find the source, you can modify the get_template() function so that it will email you the referrer information in the event that it resets your theme. Something like:
mail(“YOUR EMAIL”,”WordPress Debug”,”Self: “.$_SERVER[REQUEST_URI].”\nDoc Root: “.$_SERVER[DOCUMENT_ROOT]);
added right below:
update_option('stylesheet', 'default');
Then, just monitor your email. If the site resets, you should get an email in your in-box which displays the path to the offending WordPress installation. If you suspect it could be on a different server, then just include a line to print the IP address, too. Once you take care of it, just go back and remove or comment out the above line of code.
This should help those who have this problem. For the rest of you, sorry about the overly technical post.
