Malicious code in FREE WordPress Theme Footers

I have been looking for a Theme for WordPress for a little while now, some are very close to what I’m after looks wise but they end up having some weird links in the Footer going to places like Chat Rooms or Online Pharmacy sites.

I actually discovered today that some WordPress themes may contain Malicious Base64 code which may comprimise your WordPress site. Do a Google search on  “wordpress malicious footer code” and see what comes up.

Before you install any new Themes grab yourself the Plugin TAC (Theme Authenticity Checker) do a search for the Plugin via WordPress as TAC or grab it off their web site http://builtbackwards.com/projects/tac/ once installed click the TAC link under Appearance when logged in to the Admin page of your site.

As you can see by the above screenshot TAC picked up a Theme with Encrypted Base64 code. Clicking the details button shows you what it found.

Personally any Theme remotely having anything looking like this below is suspect…

Line 1: “base64_decode(‘JF9fQz1iYXNlNjRfZGVjb2RlKCRfX0…”

I’m all for the Theme Designers wanting links to their page showing they designed the Theme but when they they code it up with the Base64 lines what else are they trying to include.

It looks like it is a common practice going by the amount of free themes I have installed that TAC picked up with Base64 code.

TAC also allows you to go straight to the offending section in a Theme to edit that section, I found a site that explained how to view and then edit the code at http://www.templatelite.com/how-to-remove-footer-encryption/ It worked for me and the Theme then became green to TAC.

Remember always check a Theme via TAC or grab a Theme off a reputable site like http://www.wordpress.org/.

A