First, my apologies if this is not the proper forum to ask these questions. I’m familiar with WordPress on the admin level, but not an expert on the development side. The Sage theme is completely new to me.
I’ve recently been tasked with managing a WordPress site (v4.8), running Sage Starter Theme (v8.4.2). The site has fell victim to hacks on multiple occasions. I’ve updated everything under the sun, but cannot find a way to update the Sage theme (via WordPress, or Linux shell).
Is updating Sage via WordPress possible?
How do I go about finding known vulnerabilities in the theme?
Unfortunately, there isn’t an easy way to update it, and most likely you wouldn’t want to update it anyway.
You see, although the admin panel is reporting that the theme you’re using is “Sage Starter Theme” and we are in fact the creators of Sage, we didn’t actually build the theme you’re using in its current state. As the name implies, Sage is just a starter theme.
If that looks like an incomplete theme, it’s because it is. That’s deliberate. We made Sage so that fellow developers could download it and use it as a starting point for developing their own themes. We provide tools to assist developers with creating themes, and you can think of “Sage” as the brand name that we’ve given to our toolbox.
It sounds like your developer used Sage to build out a theme for you, but he or she didn’t rename it from “Sage” to “Ed’s Awesome Theme” or some such, which is why you’re here.
I would recommend reaching out to the developer of the theme if possible. Otherwise you should consider hiring another developer to review the theme to make sure there aren’t any vulnerabilities in it.
If you want someone from the Roots team to take a look at your theme, you can schedule a call with us via this page: https://roots.io/services/