ThemeGrill Demo Importer

Hi @mauldincultural,

Yes, if you have updated the plugin ‘ThemeGrill Demo Importer’ to 1.6.3, then you should be secure now.

Also, as this plugin is used to setup/import the initial demo for ThemeGrill themes, if that purpose is fulfilled, you can simply delete the plugin from your site. If you need it later, you can simply install it.

Thanks.
Sanjip S.

Okay, thank you.

I had this same issue, but my host isn’t able to figure out the issue, it seems. I don’t have a wealth of technical skill in this department, so instead my site is just down until I can figure it out.

Any idea how I can fix it?

Nat

The ThemeGrill Demo Importer is NOT listed in my Plugin-List.
However, it IS listed in the backend unter “Design/Appearance”.
How do I delete it from there??

It’s also found within the foldertree of the theme – can I delete it from there?

Please reply ASAP.
Thanks!

Hi @jbt-csm,
Please go to Dashboard > Plugins and you can deactivate and delete the ThemeGrill Demo Importer plugin from the list.

Thanks.

Hi Ashish,

thanks – but as you can read above, I wrote, that it is NOT listed in the list of plugins.

BUT it is listed under “Design/Appearance”.
Maybe that’s because the theme is an older version (Accelerate Pro 2.0.9)?

@jbt-csm
In that case, it is alright. However, I recommend you to update the theme you’re using to the latest version. Thanks.

Hi there, Ashish,

Thanks for caring!

… ‘alright’ means in this case, that there is no danger that the Demo Importer can be called up or mis-used by hackers?

I apprechiate your resonse.

• This reply was modified 4 years, 9 months ago by jbt-csm.

I wanted to add an update to our situation. We deleted the plug-in, but the damage had already been done. Our files were infected with malware, and our host suspended our site until the infected files are cleaned. We’re taking care of the situation, but just wanted to post our experience in case other people go through the same experience and are looking for validation or explanations of what’s going on.

I lost all my data due to a security breach, I no longer have a website now ! What will you do ?

@anonymouskane – I’m not from ThemeGrill Support (!), but just a quick tip:

Usually, your provider keeps regular backups of your WP-database, so you can clean up the system and then try to re-import the data from the backup or your system can be resetted to a point of time before the breach…

Hope it helps.

I’m gonna try this thanks

Found out about this on Ars Technica. I just deleted this plugin as the article recommends. I’m also using Spacious theme. What’s disturbing to me is the fact that the vulnerability has been around for three years. I like the minimalist design of Spacious but I don’t think I could deal with this kind of security threat on my sites. I may know the security basics (which probably saved my site) but still…

@jbt-csm, where can I find “Design/Appearance”? I’m not so savvy on the backend side of WordPress.

I never knew this plugin should be deleted once it has done its job, or should just be re-installed “on call.”

Themegrill, are you considering dropping the demo importer plugin all in all? Why not make Spacious (among others, maybe) available without the need to install the plugin?

I came upon this discussion because someone attempted to hack my site with this theme. Gladly my firewall detected it and blocked it and I blocked the IP They did however tried to get to the database to overtake the site. I suggest to install a security plugin and be vigilant of the traffic and have backups of your site to have a clean install should that happen. Believe me I suffered a massive hack 4 years ago.Not fun at all.

Thank you for sharing the information.