In an effort to resolve the vulnerability issue found in the older versions of Themify framework before 1.2.2, we've released a new update which will delete the legacy file 'themify-ajax.php' and any unknown files in the theme 'uploads' folder. This update (framework 1.6.3) is intended to save your time from removing the legacy file manually as posted here. Themify users are recommended to upgrade to this version. To upgrade your theme/framework, go to the Themify option panel page and you should see the upgrade notice. After the update, please verify if the file 'themify-ajax.php' still exists by checking the file list in WP Admin > Appearance > Editor. You may also use a FTP software to check the file in 'wp-content > themes > [themify_folder] > themify' folder.
NOTE: this vulnerability issue only affects the themes installed with Themify framework version before 1.2.2, released on November 9, 2012. Even if your theme is not affected, it's recommended that you update to this new version.
REMEMBER: if you have any inactive/old Themify theme sitting on the server, download the theme(s) to your computer for backup and delete it on your server. This fix will only apply to the active Themify theme.
As was mentioned in the previous post, there were some issues regarding the existance of themify-ajax.php, which was a legacy file used in a very old framework version, leading to a vulnerability. In this post we'll address how to completely clean the theme folder. If you find the legacy file themify-ajax.php file in the theme folder, follow these steps on how to fix it:
- Download an updated theme zip from your member area and unzip it on your computer. We will upload it later by FTP.
- Access your site through FTP and navigate to the Themify theme folder in wp-content/themes/
- Download the current theme folder on the server to your computer for backup.
- You have 2 ways to delete the old files:
- A) if you have made changes to the template files (we recommend to create a child theme for template modification) you can delete the uploads directory inside the theme and the themify-ajax.php file inside the themify folder, also located inside the theme. If you continue having issues, you should delete the entire theme folder.
- B) if you haven't made any changes to the parent theme, great! you can delete everything. However, make sure you haven't created the files custom-functions.php, custom-modules.php, custom-config.php or custom_style.css. If you did, you can upload these files again from the backup folder.
- Whatever method you have chosen in the previous step, themify/themify-ajax.php and uploads folder inside the theme should now be gone. You can now step out of the theme folder, and upload by FTP the updated theme you downloaded from your Themify membership account.
The file themify-ajax.php was retired in framework version 1.2.2, released in November 9, 2012, so only if you started using Themify themes at a later date you're safe and no action is required. If you use Themify themes since an earlier date or are unsure about it, check your installation following the steps outlined above.
Updated Fix (Nov 14, 2013):
We've released a new framework update to fix this issue. Please read this post and upgrade your theme.
Hello Themify users,
We have recently received and confirmed reports of a vulnerability that exists within the Themify framework, and we would like to shed some light on the situation and ensure that you take the proper steps to protect yourself from this vulnerability.
The Low Down
In older versions of Themify framework, we used to include an unsecure file called 'themify-ajax.php', that was fixed and removed in framework version 1.2.2, released on November 9, 2012. However, users that upgraded through the auto-upgrader did not have this file removed from their server, and we have recently received several reports of intruders using ‘themify-ajax.php’ to upload files to users servers.
Am I Affected?
This vulnerability only affects users that installed a Themify theme with framework version before 1.2.2, released on November 9, 2012 (you can find the changelogs here).
To be absolutely sure, check for the file 'themify-ajax.php' on your server by following these steps:
- connect to your FTP server
- from the root WordPress folder, go to 'wp-content' folder
- go to 'themes' folder
- go to [themify_theme_folder]
- go to 'themify' folder
- and check for the 'themify-ajax.php' file (note that the 'themify-wpajax.php' is the fixed version in 1.2.2)
If you can’t find it, you’re safe.
However, if you see it, you will have to download the latest theme from the member dashboard and replace entire theme folder. Here is a tutorial on how to use FTP to replace the theme folder. You must absolutely do this in order to prevent this vulnerability from being exploited on your website.
Once you have replaced your theme folder entirely, you are safe. If you are unsure and need help, please contact us immediately and we will respond as soon as possible.
We know that this vulnerability is an inconvenience and an issue that should never have happened in the first place, and we’re very sorry that it did. We hope that you can trust us to make issues like this known as soon as possible, and to have a solution in place for all of our users.
As we mentioned, please do not hesitate to contact us with any concerns or support requests. We will do our best to respond as soon as possible during this very important time.
Thank you so much for using Themify.
Update (Nov 13, 2013):
Please read this post for more detail on how to remove the legacy file 'themify-ajax.php'.
Updated Fix (Nov 14, 2013):
We've released a new framework update to fix this issue. Please read this post and upgrade your theme.
Themify is looking for a developer and a designer to join our team (these are two separate positions). If you like to code cool stuffs like our drag & drop Builder or design beautiful themes, we would love to hear from you. We're open to fixed-hour scheduling or freelance basis. You can work anywhere remotely.
2) Designer - Up to the trend, good visual design, and strong CSS/frontend coding skills.
To apply, email your resume and portfolio/work sample links along with your hourly rate and availability to jobs @ themify.me or send via our contact form. Please specify which position (developer or designer) you are applying for. The right candidates will be contacted via email.
The Themify team has been incredibly busy lately: we celebrated our three year anniversary, we released the beautiful Magazine theme, and we released the Themify Builder, a powerful tool that gives the power of design into the hands of anyone who can drag and drop their content. We’re very proud of what we’ve released and accomplished lately, and we continue to work hard to bring more and more changes and features that make it easier for you to build beautiful WordPress websites.
One of those changes is a business decision: Themify will no longer be giving lifetime updates and support for those who purchase single themes, including both Standard and Developer versions of a single theme purchase. There will be no changes to the Club memberships, and existing members who have made a single theme purchase will not be affected. This only affects brand new single theme purchases.
Themify is doing this to ensure that we can provide the best support possible for those who have recently purchased themes - we want to focus our small team’s development efforts towards improving and fixing the themes that are being purchased instead of spreading ourselves thin and delivering a lackluster experience. As mentioned earlier, the Themify team is working hard to bring even more changes and features to give you more power when building your WordPress websites, and this is a step in that direction.
We understand if there are concerns around this change, so please don’t hesitate to contact us or comment on this post!
Thank you for your support!
Since the initial release of the drag & drop Builder, everyone is asking how to intergrate the Builder in their own themes. Because you wanted it, we built it! After two months of development, we've made a Builder plugin that works on ANY theme! All drag & drop features and functions work the same as seen in our themes. You can use it on any theme: static, responsive, premium (with or without framework), and custom coded themes.
NEW: Widget & Widgetized Module
Along with this release, we've added two highly requested modules: Widget and Widgetized. Widget module allows you to drop any available widget on the page via the Builder and the Widgetized module displays any sidebar or widgetized area. It automatically pulls all widgets and widgetized areas registered by the theme or plugins. If you are an existing Themify member, update the framework to have access to these two new modules. They are also available in the Builder plugin.
Get Themify Builder Now!
You can get the Builder plugin for just $39/year. It includes support and updates. For a limited time offer: enter 'builder-plugin' coupon code to save 30% off the plugin purchase. Offer expires on September 15, 2013.
Get Builder Plugin
We are looking for a support staff to join Themify's growing team. This position involves providing theme support via the forum. The right candidate must have good written communication skills, familiar with WordPress backend admin and strong CSS knowledge. Having experience with our themes and framework is a plus. This is a part time position where you can work remotely anywhere. Please help us spread the words if you know anyone who might be interested in this position.
To apply: please email your resume (or sample WP works) along with your hourly rate and availability to jobs @ themify.me or send via our contact form.
After several months of hard work, Themify is very excited to annouce our new drag & drop framework, Themify Builder. Unlike other drag & drop frameworks, Themify Builder provides easy to use user interface which allows you to arrange the content blocks on the frontend by dragging and dropping. In other words, what you see is what you get. The content blocks can be built using various modules: Text, Slider, Video, Image, Post, Gallery, Tab, Accordion, Menu, etc. It works on all post types such as post, page, and any custom post types registered by plugins such as WooCommerce. Also, shortcodes are supported within the Builder modules. Not to mention that Themify Builder is completely responsive and works on desktop and mobile devices. Watch the video below to see how it works and check this demo site built with the Builder.
Get It Now With Discounted Price!
To celebrate this awesome release, we are offering a 30% discount off all themes and club memberships. Use 'builder' coupon code on the sign up form to redeem the discount. Promotion ends on July 14, 2013. Here is the good time to join our club memberships because Themify Builder is included in all themes.
Since Twitter has retired their API v1, you are now required to create your own Twitter Application in order to use Themify Twitter widget and shortcode. We've updated our framework to work with the new Twitter API. You just have to create an application with your own Twitter account and enter the keys in Themify > Settings > Twitter Setttings panel.
Step 1: Creating a Twitter Application
1. Go to Create an application on Twitter. You might need to login normally using your Twitter user name and password.
2. Enter a name, description and your website's URL in the corresponding fields, leave Callback URL empty.
3. After creating the application, you'll be taken to your application home. Scroll down to the OAuth settings section
You'll see the Consumer key and Consumer secret to copy them.
Step 2: Enter the access token
Go to Themify > Settings > Twitter Settings and paste in the Consumer key and Consumer secret keys.
We've restructured the templates of our WooCommerce themes. This will provide better compatibility for future WooCommerce upgrades and third party WooCommerce extensions. This update mainly involved in backend changes. As requested by many users, we've added the product description and additional information tabs in product single page.
Since there are existing files that will no longer be used they must be deleted after you upgrade the theme. These files are common to our current WooCommerce themes: Minshop, Pinshop, Shopdock and Shopo.
If you're upgrading from a version of these themes released before June 3, 2013, please follow these steps:
- Access your site's server by FTP,
- Go to 'wp-content > themes' folder, then the active theme folder (eg. minshop, pinshop, shopdock, or shopo)
- Remove the following files and folders (if they exist):
- single-product (this is a folder)
- woocommerce/functions (folder)
ShopDock, one of our popular e-commerce WordPress themes, is known for its great user experience when it comes to shopping carts: you can add and update your shopping cart with ShopDock without reloading the page.
We are now proud to announce that all WooCommerce websites will be able to provide that functionality for their stores: the ShopDock Extension for WooCommerce is now available!
You can download the extension here, and take a look at the documentation here. This is a WooCommerce Extension that adds the ShopDock instant cart functionality to any WooCommerce website, out of the box without any coding or configuration. Of course, you can always change the look and style of the ShopDock plugin within your WooCommerce settings.
Please let us know if you have any questions about the plugin. Enjoy enabling ShopDock in your stores!
We are very proud to announce that we are releasing a very substantial update to the Themify framework, fixing many bugs, adding wanted features, and cleaning up our code to be in compliance with the WordPress standards. All Themify customers using our themes will be able to update to the newest framework, but please read the instructions below! Here are some of the highlights of updating to Themify Framework 1.2.2:
- Hooks - We are introducing hooks to our themes. Hooks help easily add content and functions without having to wrangle code and modify the templates. Check the documentation on how to use hooks.
- New Image Uploader - We have replaced our image uploader with the core WordPress media uploader. Now you don't have to worry about those pesky upload permission issues.
- Right-to-Left (RTL) Support - The Themify panel now fully supports Right-to-Left, or RTL, languages.
- Streamlined Code - We have updated the code for all of our themes, bringing them in line with the most up-to-date WordPress standards. We cleaned all of our templates by creating a new function that is more efficient and will be used, from now on, in all of our themes. All AJAX processes are now within the WordPress environment, making them much safer and standardized.
- Sidebar Changes - In order to make the sidebar name translatable, we added a sidebar ID name to all sidebar registration. Please read below before you upgrade.
Usually when you upgrade Themify themes, it is a seamless and painless process. This time however, you will have to do a bit work (We promise that it's quick!) before upgrading the theme. Because the sidebar registration name has changed, you will need to backup the active widgets before upgrading the theme, otherwise the widget settings will be erased.
To upgrade the theme without losing the widget settings:
- Be sure you are using WordPress 3.4+. If not, please upgrade WordPress first.
- Go to Appearance > Widgets, drag all your active widgets to the Inactive Widgets panel
- After you backed up the widgets, go to Themify panel page and you should see the upgrade message box above the Themify panel. Then click 'Update now' to upgrade the theme. If you don't see the upgrade message, it means the version checker is cached. Just come back later to check the Themify panel again. Read auto upgrader for more details. If the auto upgrader doesn't work, you may upgrade the theme using a FTP software.
- Then go back to Appearance > Widgets, drag the widgets from the Inactive Widgets panel back to the sidebar panel(s)
- If you forgot this step, no big deal. Simply go to Appearance > Widgets and reset your widgets or find the widgets in the Inactive Sidebar panel. The theme won't break.
This is a one-time occurrence, and it will not be a continuing trend in Themify theme updates. We apologize for any inconvenience it might cause.
1 2 3