Okay, first off, that’s an incredibly badly made theme. Your item number 2 there indicates to me that he making AJAX calls in entirely the wrong way.
Secondly, look for anything in the theme that is using http but not in a link. allow_url_include basically lets you include some PHP from a remote site, which is indeed bad, but he might just be using it wrong.
If the theme was freely available, I could look at it and give you more information. Is this theme available for download?
Related Posts:
- Memory errors with media upload, WordPress can’t use more than 96M (while there’s 512 available!)
- Set WP_MAX_MEMORY_LIMIT higher than PHP.ini memory_limit
- WordPress Ignoring .user.ini
- adding custom user input fields in WordPress admin dashboard gives error The link you followed has expired. Please try again
- WP & Server Speed [Teacher Question]
- PHP E_WARNING being shown despite php.ini [closed]
- WordPress upload file size error even after raising php limits
- php_gd2 extension not loading on Windows
- Maximum file Upload
- How does WordPress rewrite URLS using its PHP scripts
- How to fix UpdraftPlus’s memory issue?
- WordPress article with 50 000 words loading slow – 100% cpu
- Restricting page by user role
- PHP Catchable fatal error: Object of class WP_Error could not be converted to string
- What exactly does “Posts page” do in WordPress?
- How do I make my function add variables/values to the $post object?
- Change comments form title on a page by page basis
- Get the title before comma
- “Can’t use function return value in write context” error
- Display 4 chronological posts starting with a random post
- Displaying Only Certain Tags in Loop
- Duplicates with WP_Query loop
- WordPress automatically adds tags when pasting code, how to stop it?
- ACF: Only get first row of a Repeater Field
- How can I use wp_query to show all product data using just the products ID?
- WP add_action factory
- how to retrieve uploaded url of zip files
- save imported posts as drafts
- How to show phpinfo() only in a new tab?
- RecursiveDirectoryIterator not working in admin
- Ajax call not working
- WordPress Sending data to Ajax with select option
- Auto-Select Parent Category as Primary
- Long running queries
- comments sorting incorrectly across multiple pages
- auto-populating custom nav with all items from custom post type
- How can I modify footer when footer.php calls to another file?
- If tag equals then show else show
- WP_Query fails despite having 1 post
- Download PDF after CF7 form submission
- 3 different times on my WordPress website
- Flexslider won’t work on WordPress
- Do I have anything to worry about when switching to a default theme to test for plugin conflictions?
- Unable to Find Space in Custom Function
- Unable to process php via shortcode
- Is it possible to create new user from external form using REST API?
- WP_Query: getting posts where custom field exists
- Foreach loop inside an array_merge
- Export Form Data to a CSV then send it as an attachment – contact form 7
- Show the section only if custom taxonomy was chosen
- How to separate categories with commas?
- Cant display an image via PHP in wordpress
- Template Loop – add switch case php
- Alphabetically Ordered Category in WordPress
- change default RSS feed URL
- How do I make this Metabox show current DB value?
- Limit posts when visited with mobile devices
- Gravity Forms merge tags in templates?
- PHP Warning: Missing argument 2
- Image rotation issue (horizontal picture uploading as vertical) — Exif issue?
- Make a page (url) not cacheable [closed]
- mySQL queries are executed twice on wordpress website
- Populate custom field on publish or update
- Search page results conflicting logic – Search result caching?
- Trying to load category thumbnails on wordpress page
- Insert PHP code in Text
- Site DOES NOT LOAD after 3.1 update
- Order users by random not working?
- $_POST returning empty values
- var_dump() and print_r() display null in php
- add custom link to gallery images
- Sessions with WordPress
- How to Insert an advert banner for every third Slide using JS Composer Slider
- Dynamic Banner Text based on Subdomain
- How can I copy an ACF field to AIOSEO field? [closed]
- How to find php variable of wordpress theme settings
- WordPress post insertion from PHP file
- How can i get the same ajax result using WP REST API instead of admin-ajax?
- Use WP user status (logged_in) to manage access to independent application
- Date of last blog update for specific authors only?
- I was wondering if it’s possible to implement card.js on WordPress
- Display tag links on archive page?
- How can I add “.html” to the end of a single URL on a WordPress website?
- Adding an IF Function to Current Custom Category If has Child
- Ajax call URL 404’ing when pushed to staging server
- Replace content in WordPress Page after GET from php page
- main menu page redirects to user ID
- error with WP custom form
- WordPress won’t display errors at all
- Not able to call class in NHP framework
- How can I clear the theme mod settings?
- PHP Syntax getting PHP terms
- how to get category name if my category got custom slug
- Get Products within Current Product Category
- Disable single posts, but keep archive
- Import js variables loaded via wp_localize_script() into js module without global scope connection
- Why plugins can’t add(inject) their code in my comments?
- How rename wp-content and wp-admin folders correctly
- Pre_get_comments and orderby comment_karma
- Custom Post Types in WordPress Dashboard List Rows But Data is Blank