Theme Security For Your WordPress Blog

Do you know what code is running on your website?  If not, you may be risking your integrity by offering up links to sites that you don’t even know are on your site.  Worse, you could get banned from the search engines for linking to sites inappropriately.  Think it can’t happen?

Who’s Been Touching My Code?

There was a good post about the hidden risks of downloading free themes from random sites on the internet. (Link below).  There are a bunch of sites who are taking free themes from other sites, adding encrypted code blocks and putting them up as their own work.  While this is obviously shady, it would likely be easy for it to happen without the original authors even knowing.  (Once you download a free theme, would even you know where it came from if all the internal links still point to the original author site?)

What’s Wrong With Free?

The scary part is many of these sites are ranked highly for free themes (of course), giving the impression that they may be reputable. The examples provided in the article are merely inserting their own links, with their keyword anchor text, to various sites on the internet, but just about anything could be run on your server if the authors wanted to.  Ouch!

I scanned the files of several of the themes on a development system of my own and found 3 that contained sections of encrypted code in the footer. Sometimes it was just author links that they didn’t want novices to be able to remove from the footer, but at least one or two contained links to random websites in Germany that had specific anchor text they wanted to rank for.  While not specifically malicious, do you really want to be passing link juice out to sites that you don’t know anything about?

How To Be Safe?

There are many sites which offer reputable verified source code, WordPress.org being an obvious example.

Also there are a variety of paid themes that are not only supported, they also are easy to customize and come with a lot of nice, built-in features that let you concentrate on creating content and less on managing your theme.  This blog runs on the Thesis theme (affiliate link) and I’ve been quite happy with it.

Article Site Links

The original article is located here.   There are a few cool utilities that help you figure out what’s being executed in the encrypted code.  Check out these links to check for any malicious junkware on your system:

Get The Next Article Sent to Your Inbox

Don’t miss the fun! Join the other awesome folks who subscribe to improve their website and content. No lame spam will be sent!

* indicates required

0 comments… add one

Leave a Comment