22
Responses
Comments
Trackbacks/Pingbacks
-
[…] cool overall just to use it as a way to find all the static or hardcode links within a theme. http://weblogtoolscollection.com/arc…icity-checker/ WPTavern Twitter Account | Personal Blog | WordPress Weekly […]
-
[…] zu prüfen. Die Weblog Tools Collection schreibt (Englisch) unter der Überschrift “Theme Authenticity Checker” über ein neues Plug-In, das diese Lücke teilweise schließt: Der “Theme Authenticity […]
-
[…] it is pretty effective in detecting that kind of junk. For more information you can also check out Jeff Chandler’s post on the exact same plugin (who was also nice enough to mention Theme Lab as a good source for free […]
Translate This Page
About the Author
- Jeff Chandler
Categories
- bbpress
- Best of WordPress
- Blog Templates Blog Skins Blog Themes
- Blogging
- Blogging Essays
- Blogging News
- brainstorming
- buddypress
- Business of Blogging
- CMS
- Code
- Cold Fusion
- Community Interviews
- Cool Scripts
- General
- HOW-TO
- LinkyLoo
- Movable Type Plugins
- Photolog Script
- Podcasting
- QuickLinking
- Spam
- SXSW
- TLA
- Tutorials
- User Reviews
- Web Design
- Web Ethics
- Weblog Add-Ons
- Weblog tools blog tools blogging tools
- Weekly Plugin Review
- WLTC Community
- wordcamp
- WordPress
- WordPress Discussions
- WordPress FAQs
- Wordpress for Beginners
- WordPress Hack
- WordPress News
- WordPress Plugin Competition
- WordPress Plugins
- WordPress Polls
- WordPress Security
- WordPress Templates WordPress Skins WordPress Themes
- WordPress Tips
- WordPress Tools
- WordPress Troubleshooting
- WordPress Weekly
- WordPress Widgets
- WordPress WishList
- XHTML Tips
Obviously Powered by WordPress. © 2003-2013
Thanks for the head-up on this. We use Anti-virus and have had good results. We were amazed how many themes had questionable code inserted in them on the WP themes extend. (sorry, we didn’t take names)We’ll just stick with Justin Tadlock’s Hybrid Theme.
This is the exact plugin I needed.
I run a number of blogs but I first like to install all the potential themes on one practice blog.
TAC searches for links in all the themes installed on that blog in one go. Saved my heaps of time.
I have ran into so many themes out there with funky coding in them that it is scary. Especially those footer ones can be pretty bad with links to porn sites and other sites people just wouldn’t usually link to on their own. It’s nice to know now that there is a checker for that and other hidden things that even with my ninja-like powers can’t find sometimes.
It is great to know there is tools for theme checking because there are many creepy theme out there.
If the WordPress.org theme repository editors would allow more developers’ themes to be accepted instead of shutting the doors on them for suspicion of evil sponsorship, there might not be such a market for themes outside these trusted sources.
I was shocked to find one theme on a small WPMU install with funky encrypted code in its functions.php: Newsby (I already had stripped some ad links from its footer but this one escaped me)
TAC is one of the BEST new wordpress tools. Thanks for letting me know about it!
Sorry, that should be “Newsbie” theme. It is not in the official WordPress theme directory.
Wow, great tool. It is necessary to check the theme before putting on the server and activating. It can also cause some security threat. And it is true that many people who start blogging are not related to web languages so they cannot go on tracking what is there in the code of each template file of the theme, so just they see the feature and use that theme. It can be dangerous even due to the malicious scripts, so nice that you revealed such a good tool. Thanks for sharing.
I do my best to test as many of the themes posted in the WLTC forums as I can but alas due to time constraints I can’t get them all. As well, I don’t do this in any official capacity for WLTC. Consequently, I see this plugin as a welcome tool in the fight against these trashy (and potentially dangerous) themes.
Len, you do a great job at catching encrypted/spam themes submitted here. You’ve definitely caught a few that I missed.
Len, any interest in doing so officially? Send me an email.
@gestroud – Thank you.
@Mark – Email sent.
Does it work on woothemes wordpress themes ?
Hi…
Looks like a “WordPress Emergency Response Team” would be a good thing to have (not just because “WERT” is the German word for “value” :-).
Through combining PHP-IDS (http://phpids.org/) with wordpress and watching logfiles, I see quite some strange things happening, even on near-zero-volume blogs. For example, there appear to be waves of systematic scanning for certain plug-ins, presumably to exploit vulnerabilities.
But once I have the insight, where can I go? I’ll certainly not post it to the world, like here in a comment
Obviously, such a team would have to deal not just with core vulnerabilities but would also have to reach out to the plug-in and theme communities.
Any feedback would be appreciated!
Josef
Here’s a recent article covering that issue:
The Correct Way To Report A Security Issue With WordPress
http://weblogtoolscollection.c.....wordpress/
Essentially, the article suggests that security problems be reported to security[at]WordPress.org
I am one of the two developers of tac. I would like to thank everyone for the positive feedback, if anyone has any questions of feature requests please let us know.
Thank you again!
I ran TAC on a blog with 56 themes. It found two that have encrypted code:
SeaShore 1.0 by Sadish Bala (Line 33 in contact.php)
Web Minimalist 200901 1.0 by Effi (Line 35 in contact.php)
Icould be wrong, but it looks as if the code in those two files is there to encrypt email addresses.
Before today, I didn’t know about TAC at all, and I have been using wordpress for years. I have done more than my fair share of downloading free themes from shady sites, and not once did I find any info like this on the wordpress site. WordPress should really promote TAC as this tool can help fix a lot of security loopholes in a lot of sites.
That said, I have never faced any security issues with the blogs I had (most of which are now shut). So I guess the hidden code is mostly just to generate pagerank flowing links, but malicious scripts could easily be there.
I will write about this on my webmaster blog as well.
Thanks for the info