Singing the praises of Theme Authenticity Checker for WordPress
After using WordPress for many blogs over the past few years, I can safely say that if you…
a) want to try out a new WordPress theme;
b) don’t want to download that new WordPress theme from the WordPress Themes page; and
c) are too lazy to examine the source code for “questionable” content
…you need to download and install the Theme Authenticity Checker plugin as quickly as possible.
The plugin’s author says that the reason for writing this software was that:
… many 3rd party websites are providing free Wordpress themes with encoded script slipped in – some even going as far as to claim that decoding the gibberish constitutes breaking copyright law. The encoded script may contain a variety of undesirable payloads, such as promoting third party sites or even hijack attempts.
There are many themes that look normal when installed, but put up invisible links to spam websites (among other things.)
If you don’t want to delete the encrypted contents of your downloaded themes, you can decrypt the contents and see what they actually do.
Please note that some themes don’t have “questionable” header/footer content, but rather static links to the author’s webpage/company. It doesn’t hurt to check out the contents and act accordingly!
You can download the plugin directly from the WordPress website here.
If you want to learn more about the custom of encrypting WordPress headers and footers you can do so by starting at these links and branching out from there:
Does anyone know how to decode this?
“The footers are also tainted with sponsored links that the original authors did not put there.”
Information on websites which are distributing repackaged themes with spamified headers/footers.