Because Alex was using an outdated version (v3.1.8 is many years old), it lacked critical security patches for modern Magento versions. Alex was liable for the leaked data and had no support from the theme developers to fix the mess. In the world of web development, "Free is never free."
Deep inside the v3.1.8 archive, someone had injected a base64-encoded script . It didn't break the site; it just quietly waited for a high volume of traffic. Porto v3.1.8 Magento.rar
A week later, Google flagged the site for malware. Alex’s search rankings vanished overnight, replaced by a "This site may be hacked" warning. Because Alex was using an outdated version (v3