Premium theme users report “critical malware” flags from Sucuri on multiple Shella versions (≤4.6 and the 4.10 demos). One merchant removed three flagged code blocks, which lowered the scan to “low risk” but broke Ajax features (search, menu). Google Ads remains blocked for “suspicious malware.”
MPI_themes clarifies this is not malware but obfuscated license-check code included in the theme. They commit to reworking and releasing an update without obfuscation.
Actions taken: After the merchant granted staff access, MPI_themes removed/adjusted the code on that store and shared confirmation links. Another user asked when a fixed version will ship; the developer replied via their support system, with no public ETA.
Support process: Users should open tickets at https://mpithemes.ticksy.com/ and, if needed, grant staff access to support@mpthemes.net. A valid support period is required; extensions are handled via ThemeForest.
Status: Issue acknowledged; developer plans an update. Key open points: release timing and whether changes will clear third-party scanners and restore ad eligibility. Discussion ongoing.
My site was showing some malware in critical risk category on site check at https://sitecheck.sucuri.net/. Couldn’t believe at as I was using Premium Shella Theme. Checking the files containing the malware code, I removed three codes from my files. I have mentioned the file names and line number containing the codes in the pic.
After removing the above codes, my site now showed in green low risk category, but to my surprise I see some ajax functions not working on my site like ajax search will not work and menu dropdown not working in desktop as well as mobile. So, I wondered whether I have deleted some code or some malware entered my coding or the ajax or jquery coding has some functioning problem.
I checked my previously used Shella theme versions still existing in my shopify. Till 4.6.0 version all site urls were showing the same critical malware result. Version 4.10 is released and I checked the latest Shella Theme demo sites and they too are showing critical malware alert as seen in pics below. Although my site kavrafashion.com is showing green low risk category but google has blocked my google ads siting sucspicous malware.
Kindly request mpthemes and other shopify experts to look into this and help out as google has blocked google ads mentioning presence of malware and many are facing the problem. thanks
The theme includes obfuscated code for the theme check license.
Thank you for information, we will rework this code and release update without obfuscated code. Please create a staff account for support@mpthemes.net we will remove it from your store, asap.
@MPI_themes@Hi i am using your theme as well. When will you release the new theme with the malware errors fixed? I’m using 4.9 and was going to update to 4.10
I Have an issue of theme code at my theme, im unable to contact mpi support
store url : makfashion.com
i have added suppor@mipthemes.net as staff please resolve my issue i have added license code but still getting demo error