Are your Themes safe?
Last Update: July 01, 2012
Where do you get your Themes.
In my travels today I ran across a post over at WPMU.org
A fairly trusted site in my opinion (of course I may have been snowed)
There was a post on the security of free themes. Are they everything they are cracked up to be and what are your really loading when you grab a free theme.
Well I'll tell you I learned a bit about security. The author checked his themes using TAC. I had no idea what that was so after Googling and sorting the results I finally found that this Anagram is a Theme Authenticity Checker.
This will tell you if the Theme Author has been a bad boy or girl and embedded stuff that you don't want in there.
I was also clued in to the possibility of 64 bit encrypted stuff in themes. These can be nasty code or just some stuff that you don't really want to be there but won't really hurt you. Either way the presence of encrypted code is probably not a good thing.
TAC will identify the presence of encrypted code in the Themes.
He did identify two places where the code appears to be clean: Wordpress.org is the good one and FreeWPThemes is the other. FreeWPThemes appears to be less desirable as some of the Themes he checked weren't error free but they had no malicious code attached.
Bottom line: Check your Themes even if they are from a trusted place.
Here's the link for the TAC plugin: http://wordpress.org/extend/plugins/tac/
Here's the link to the article if you would like to read it in it's entirety: http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/
In my travels today I ran across a post over at WPMU.org
A fairly trusted site in my opinion (of course I may have been snowed)
There was a post on the security of free themes. Are they everything they are cracked up to be and what are your really loading when you grab a free theme.
Well I'll tell you I learned a bit about security. The author checked his themes using TAC. I had no idea what that was so after Googling and sorting the results I finally found that this Anagram is a Theme Authenticity Checker.
This will tell you if the Theme Author has been a bad boy or girl and embedded stuff that you don't want in there.
I was also clued in to the possibility of 64 bit encrypted stuff in themes. These can be nasty code or just some stuff that you don't really want to be there but won't really hurt you. Either way the presence of encrypted code is probably not a good thing.
TAC will identify the presence of encrypted code in the Themes.
He did identify two places where the code appears to be clean: Wordpress.org is the good one and FreeWPThemes is the other. FreeWPThemes appears to be less desirable as some of the Themes he checked weren't error free but they had no malicious code attached.
Bottom line: Check your Themes even if they are from a trusted place.
Here's the link for the TAC plugin: http://wordpress.org/extend/plugins/tac/
Here's the link to the article if you would like to read it in it's entirety: http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/
Join the Discussion
Write something…
klrrider
Premium
User error is the biggest source of security breaches in WordPress blogs with not keeping WordPress and themes updated being #1 cause. 2 part article on subject and how to take action to plug the holes... http://goo.gl/e4sJE