Themify themes, a premium and reputable WordPress theme developer have issues a security warning for their themes. A file present in old versions of their themes allows hackers access to upload files to your Webserver.
What to do if you use Themify Themes
The security vulnerability affects a file called themify-ajax.php which was present in old versions of WordPress themes by Themify. An issue however is that even if you’ve updated your theme to the latest version, the vulnerable file may not have been removed.
Security measures if you have an active Themify Theme
Themify must be commended in their great communication regarding the vulnerability. To remove the security flaw just follow the instructions at Themify.
If you have an inactive Themify Theme
I highly recommend deleting any themes that aren’t active on your WordPress Website. Having unneeded themes and plugins (active or inactive) on your Website increases your security exposure/vulnerability.
Please, go right now and delete any unused Themes or plugins from your WordPress site.
Is it safe to continue to use Themify
I have no hesitation in recommending the use of Themify themes. They are really high quality themes and, providing you follow their update process, you’re unlikely to have any problems.
All code in an open environment like the Web is vulnerable to badware or malware. Congratulations to Themify on communicating this flaw.
If you need assistance in updating your theme or would like a security audit of your Site please contact me.