14 Nov 2013
Updated Themify Framework to fix the vulnerability
In an effort to resolve the vulnerability issue found in the older versions of Themify framework before 1.2.2, we've released a new update which will delete the legacy file 'themify-ajax.php' and any unknown files in the theme 'uploads' folder. This update (framework 1.6.3) is intended to save your time from removing the legacy file manually as posted here. Themify users are recommended to upgrade to this version. To upgrade your theme/framework, go to the Themify option panel page and you should see the upgrade notice. After the update, please verify if the file 'themify-ajax.php' still exists by checking the file list in WP Admin > Appearance > Editor. You may also use a FTP software to check the file in 'wp-content > themes > [themify_folder] > themify' folder.
NOTE: this vulnerability issue only affects the themes installed with Themify framework version before 1.2.2, released on November 9, 2012. Even if your theme is not affected, it's recommended that you update to this new version.
REMEMBER: if you have any inactive/old Themify theme sitting on the server, download the theme(s) to your computer for backup and delete it on your server. This fix will only apply to the active Themify theme.
Anders
Nov 15, 2013 @ 11:46
“…delete the legacy file ‘themify-ajax.php’ and any unknown files in the theme ‘uploads’ folder”
Will this update delete images I have put there before?
Anders
Nov 15, 2013 @ 15:29
One more thing…
The Themify Banners & Links widget use some images in the theme uploads folder. It’s icons for YouTube, Facebook etc.
Problem, no problem? How do I move theme if it’s a problem.
Elio
Nov 15, 2013 @ 22:11
Hi Anders, the images you’ve uploaded will be perfectly fine, they won’t be deleted.
Juanmi
Nov 16, 2013 @ 09:45
Hello, i dont see any update notice for the “Elemin” theme.
CPowers
Nov 16, 2013 @ 19:56
Help! There’s no upgrade notice on my dashboard. I’m using elemin 1.4.2 and framework 1.5.9. Should I reload elemin?
Nick La
Nov 16, 2013 @ 20:00
If you don’t see the upgrade notice, you may also upgrade with FTP or reinstall it using the WordPress upload: https://themify.me/docs/upgrading#ftp.
CPowers
Nov 16, 2013 @ 20:23
Thanks for the quick answer. So should I reinstall elemin? Will that upgrade the framework too? Sorry but I don’t know very much about this stuff. I watched the video about how to upgrade so I’m good to go on the how, I just don’t know what to install.
Chris Shevlin
Nov 18, 2013 @ 12:29
I got an email from my host this morning saying that they’ve removed permissions from index.php because it was using too much processor time – presumably because someone has exploited the vulnerability in themify-ajax.php. I tried to update the theme using WordPress, but the page just stopped responding whenever I clicked ‘update’. So I’ve backed up the theme to my hard drive, deleted it from the server using an FTP program, and uploaded the latest version from Themify.
Will that sort out the problem, or do I need to do more? Presumably the hackers have uploaded something. How do I find out what? I’ve asked my hosting company but haven’t had a reply yet.
I hope you can help me.
Nick La
Nov 19, 2013 @ 18:22
You can upgrade the theme using a FTP software: https://themify.me/docs/upgrading#ftp. Check the theme ‘uploads’ folder for any PHP or unknown file. Remove them if you see any suspicious file. If you need further help, please contact us: https://themify.me/contact
George
Dec 08, 2013 @ 13:31
What about the speed of this framework?
Nick La
Dec 10, 2013 @ 19:26
This framework update does not affect the speed.