Weblog Tools Collection: Theme Authenticity Checker
300 Views Published 10 months, 4 weeks ago in Wordpress
Outside of the WordPress.org theme repository and the GPL commercial theme vendors, there are few spots where you can download a variety of themes which do not contain some sort of sponsorship or encrypted code. One site still cranking out great, quality free themes is Themelab run by Leland. However, in most of the theme release posts that are published on WeblogToolsCollection.com, the theme has to be downloaded from the authors website. We do not install and test every theme mentioned in these release posts. However, if you are worried about downloading a theme that contains malicious code or obfuscated code, this somewhat new tool called Theme Authenticity Checker may help you out.
5 Links In Kubrick
The Theme Authenticity Checker is a plugin that scans all of the files for all installed themes looking for links, malicious code, etc. Not all obfuscated code is bad but generally, it is not placed in a WordPress theme. By the way, obfuscated code is that stuff you see in themes with BASE64 encoding typically used to mask spam links and content into posts. Giving the plugin a spin on my local server where I have about six different themes installed, all of them came back as ok. In fact, the WordPress Default theme aka Kubrick contains five static links. TAC tells me which file the links are in along with the line number.
I ended up finding a site that provides free WordPress themes that contains encrypted code. Here is what TAC tells me.
Encrypted Code Found!
While I don’t know what the encrypted code is doing, I know where to find and remove it if I feel the need. We can also see that there are two static links in the sidebar.php of the theme that I could remove as well.
TAC is free to use and is currently at version 1.4 which is compatible with WordPress 2.8. If new vulnerabilities or malicious ways of putting bad stuff into themes is discovered, they will update the plugin accordingly. I’m not sure how often this plugin updates but at the very least, this is a good way to quickly discover static links that haven been coded into a theme.
If you install TAC on your own blog, let me know if you discover any themes you have installed that report either encrypted code or bad stuff in the comments!
Tags: comments, plugin, release, server, test, Wordpress, wpSearch
About This Entry
- You’re currently reading “Weblog Tools Collection: Theme Authenticity Checker,” an entry on The Staff Lounge
- Published at 10.16.09 / 7pm
Related Entries
- Weblog Tools Collection: Footer Stuff Allows You To Seamlessly Add Content to Themes - Wordpress
- Weblog Tools Collection: Regarding Plugin and Theme Digests - Wordpress
- Weblog Tools Collection: How to Do ‘XYZ’ Without a WordPress Plugin - Wordpress
- Weblog Tools Collection: Best Of WLTC 2009 Part 2 - Wordpress
- Weblog Tools Collection: Watch Where You Download That - Wordpress
Recent Entries
- vBulletin.com Update to 4.0.7 - vBulletin AnnouncementsvBulletin.com
- Matt: Exploring Jerusalem with Barry - Wordpress
- Matt: WordCamp Jerusalem and Dinner - Wordpress
- vB.com possible downtime - vBulletin AnnouncementsvBulletin.com
- Issue with the ability to "impersonate" a user - vBulletin AnnouncementsvBulletin.com
Popular Resources
- Phorum-5.2.8 final released (12 replies) - 48114 Views
- Phorum-5.2.9a released (10 replies) - 36164 Views
- IPB Resources - 22295 Views
- Weblog Tools Collection: WordPress Plugin Releases for 02/07 - 18098 Views
- Phorum-5.2.9 released! Security Upgrade! (no replies) - 13996 Views
Powered By
No Responses to “Weblog Tools Collection: Theme Authenticity Checker”
Please Wait
Leave a Reply