Kill the Happyforms Ad in your WordPress Editor

I don't know if any of my small number of readers runs their own WordPress site, but I ran into an annoyance today related to the theme on one of my mine. When I entered the Editor page, an ad for something called "Happyforms" had been placed in the layout. Screen space is precious, and I sure as heck didn't want to give any up to an ad, so I immediately looked for a way to squash it.

First, I needed to figure out where in the world it came from. It was an ad for a plug-in, so the first thing I did was to find out who published it by going to the WordPress Plugins repository. I didn't click on the ad itself—not only did I not want to give the advertiser any positive reinforcement from a click, but I wanted to be sure I was headed to the official WordPress repository and not to any potentially malicious impostor site. Searching for Happyforms turned up that it was published by The Theme Foundry, which pointed me to my themes manager. Sure enough, the Make theme is also published by The Theme Foundry and is the source of the ad.

The next step was to find the code that was embedding the ad. I started by looking through the Theme Editor, specifically at the Theme Functions and Post Builder files. I didn't turn up anything in there, so I dove into the "inc" subfolder, which I think is short for "includes." In there I found the conveniently-named "happythemes.php" file. Opening it up, I found that there was a function called make_before_editor_happyforms_ad().

If your permissions are set up properly, you can't alter this file directly in the Theme Editor, so to modify it you'll need to either do it by ftp or find it in your host's file manager. In my case, I browsed the File Manager to the location /wp-content/themes/make/inc/happyforms.php

I located the function I was interested in and simply deleted everything between the curly braces {}. It's important not to delete the braces themselves or change anything outside of them. This way, the function will be called, not do anything, then return control back to whatever process asked for it. Where before there was an ad, there is now nothing but the editor.

I'll probably have to repeat this process every time the theme updates. If it gets to be too annoying I'll look into how child themes work and see if I can't build a permanent override. Or maybe I'll just jump ship and stop using any themes from publishers that pull such stunts.

Given my previous history with a determined hacker, this kind of thing is a big red flag for me. I don't know what kind of limitations are in place at the WordPress and Wordfence (my firewall) level, but a bad actor could conceivably place links that lead to anywhere they like. In this case I think it's just a matter of an overzealous publisher trying to hawk their new product in every channel they have access to. In the future…?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.