Facebook reviews by long-term WPX customers


Why 'Nulled' (Cracked/Pirate) Plugins & Themes are Forbidden on WPX Hosting

It has come to our attention that some of our customers have attempted to use 'nulled' (cracked/pirated) plugins and themes on WPX Hosting; this is grounds for immediate and permanent non-refundable termination of hosting accounts, as per our Terms of Service.


Usage of those plugins will eventually end to a blacklist to the site and non-refundable termination

Some commercial plugins and themes can be found for free on seemingly legitimate websites where it seems safe to download. Nothing on these safe-looking websites appears to suggest that the plugins or themes offered there are infected with a very powerful backdoor script called CryptoPHP.

What can CryptoPHP do?

After being installed on a webserver, the backdoor has several ways of being controlled, including command and control server communication, mail communication, and even manual control.

Backdoors of this type are mainly used for illegal search engine optimization, also known as Blackhat SEO. The backdoor is a well-developed piece of code and dynamic in its use. The capabilities of the CryptoPHP backdoor include:

  • Integration with popular content management systems like WordPress, Drupal, and Joomla.
  • Public key encryption for communication between the compromised server and the command and control (C2) server.
  • Backup mechanism in place against C2 domain takedowns by using email communication.
  • Manual control of the backdoor besides the C2 communication.
  • Remote updating of the C2 server list.
  • Ability to update itself.

When installed, it can actually integrate itself deep into your website and use its functions, code, and database. It can add additional administrator user, add/delete/modify the content of the website, change your websites settings and anything you can or can’t imagine.

So we HIGHLY recommend ONLY using plugins from TRUSTED SOURCES.

Here is a list of some of the websites that distribute plugins with CryptoPHP backdoor:

nulled domains list

The following websites host the actual plugin and theme files used for direct download:

nulled domains list2

If you have installed a nulled plugin or theme from one of these websites, it is very likely that your website could be infected with CryptoPHP.

The least you can do is delete the dangerous plugins/themes, check whether you have an additional admin user added, and ensure that all your websites look like they should for search engines.

You can do that from Google Webmasters Tools → Fetch as Googlebot .

For more detailed information on this topic, read CryptoPHP-Whitepaper-FoxSRT.


Learn more about our UK WordPress hosting here (you can also find more details about which plugins & themes are forbidden on WPX Hosting there).

Check out our plugins recommendations (and also see our WordPress hosting in France).

To find our special discounts and coupons (please visit us here). 

Find us on Facebook.

WPX Hosting provides very knowledgable, helpful customer support (learn more).

To prevent your website from CryptoPHP infection you can also visit our Singaporean hosting.

More on what CryptoPHP can do (find on our WordPress hosting in Australia here).

Read more information about plugins and about our service in Netherlands.

Take a look at how our customers perceive WPX Hosting.

Learn more details about our WordPress hosting service in Germany.

Did you read the latest case study of Mattew Woodward?

WPX Hosting simply has unmatched performance - try our service in New Zealand!

Do you want to increase your website speed? More details here.

All our YouTube videos can be seen here.

"My page load times improved by up to 227%."

Kinley McFadden, Smart Business Trends (read full review here)
Read All Independent Reviews Here