«
»

Is Your Wordpress Theme Authentic and Secure?

Today, on the internet, there are many websites which help you download Wordpress Themes. While the first choice for any theme you intend to download and install for your Wordpress blog should be Wordpress Theme Directory, but often there is a chance that after having looked at the 1000+ themes listed in the Wordpress Theme Directory, you still are not convinced and do a google search.

While there is nothing wrong with doing a Google search to find wordpress theme for your blog or website, what is certainly important to note is the fact that there are many scammers and spammers who have evil intentions and are waiting for potential users like you to visit their site and download the theme.

How does this entire Spamming and Scamming work out of Wordpress Themes?

Lets start by first identifying the threats and how the spammers and scammers gain by doing something like putting up an Unauthentic wordpress theme for users to download and install on their wordpress blog.

Lets start with a use-case example. Imaging yourself as the user who is looking out for a new and cool theme for your Wordpress blog, but somehow haven’t yet found the theme of your choice at the Wordpress Theme Directory. Next, your option is doing a search. The search results as we all know are still not perfect, even though companies like Google are investing a lot to get better with it everyday, but the system can still be gamed. Next, assume that you click on one of the link which was shown in Google search and imagine that the downloadable theme hosted on the site is a cracked up theme which the spammers have put up for you to download and install, so that they can gain.

1.) Such themes usually either have a backdoor exploit (written in PHP) to ensure that when you have downloaded and installed the theme, the scammers can access your servers and gain entry to your blog / server.

2.) Some themes even have hardcoded links to websites and blogs which promote spam/ scam. Such links are usually found in footer.php. If you link to a website which promotes spam, hosts malware, Google and also other search engines will drop your ranking and also mark a warning against your website/ page.

3.) Some scam themes also have the potential to replace all or some of your ads by the ads of the scammer. This ways, even though your site is getting traffic, you won’t be earning what you should be earning out of the website or blog.

4.) If you are not a techie, as in, you do not understand coding, you are at further risk, because most of these links and malicious code, i wrote about above, are marked hidden from the eyes of the end users ( but not the browser or bots like Google).

Well, this was how the theme spam works and some of the benefits it has for spammers and scammers.

How to identify if your Wordpress theme is authentic or bogus?

Well, the best way is to read the files of your Wordpress theme but that’s time consuming and not easy. Some specific files to look out for such encrypted/ obfuscated code can be header.php, footer.php, functions.php.

For me, i usually first look at the code of the theme and then also make it pass through a free to use Wordpress Plugin called Theme Authenticity Checker.

Theme Authenticity Checker searches the source files of every installed theme for signs of malicious code. If such code is found, it displays the path to the theme file, the line number, and a small snippet of the suspect code. As of the latest version, Theme Authenticity Checker also searches for and displays static links.

If Theme Authenticity Checker finds some code and displays it as a result, one important thing to note is that just because the code is there doesn’t mean it’s not supposed to be or even qualifies as a threat, but most theme authors don’t include code outside of the Wordpress scope and have no reason to obfuscate the code they make freely available to the web. We recommend contacting the theme author with the code that the script finds, as well as where you downloaded the theme. The real value of this plugin is that you can quickly determine where code cleanup is needed in order to enjoy your theme.

Image: Theme Authenticity Checker Wordpress Plugin

Image: Theme Authenticity Checker Wordpress Plugin

If something is malicious or simply unwanted, Theme Authenticity Checker tells you what file to edit, you can even just click on the file path to be taken straight to the WordPress Theme Editor.

In my opinion, what Theme Authenticity Checker does is very vital and crucial for independent blog owners and website master who run Wordpress powered blogs and websites. Overall, a must have plugin which helps you clean up your themes before you go ahead and open up the doors for hijackers and scammers.

My sincere thanks to developers of Theme Authenticity Checker.

Also Read: [Wordpress] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog.

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Related posts:

  1. [Wordpress] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog.
  2. Make your WordPress Site and Blog Mobile Friendly with dotMobi WordPress Mobile Pack
  3. [Wordpress] 10 Steps to a Secure WordPress Installation
  4. Build your own BlackBerry Theme With BlackBerry Theme Studio
  5. [Wordpress Plugin] WPtouch makes your WordPress blog ready for iPhone, iPod & Android

This entry was posted on Sunday, December 13th, 2009 at 9:38 am and is filed under Wordpress, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply