Dangers behind downloading WordPress themes

There is an interesting post by Jeff Chandler on the WeblogTools Collection site titled “Watch Where You Download That“. The post talks about being careful where you get your WordPress themes from because, apparently, a lot of people are stealing themes and adding unknown, potentially bad code to the themes. The post has a video of the author downloading some random themes returned from a simple Google search and then examining their code to find sections where the theme runs some unknown encrypted PHP code.

While I entirely agree with the author that you should be very careful where you get your themes from and you should check your themes for any bad and/or odd-looking code, you shouldn’t over-react and freak out about all this. A simple examination of the mysterious code can reveal exactly what is happening.

I downloaded the first theme that the post’s author used in his video (“StudioPress_Red”) and I looked at the actual PHP code that was generated by decoding the “encrypted” code. Here is what the code actually is:

?> <div class="topcurve"></div>

<div id="footer">

<div id="credits">
<p>&copy; 2008 <?php bloginfo('name'); ?> . <?php if(is_home()) : ?><a href="http://dvdtoipodpro.com/" title="ipod video converter">ipod video converter</a><?php endif; ?></p>
</div>

<div class="cleared"></div>

</div> <!-- Closes Footer -->

<div class="bottomcurve"></div>

<?php wp_footer(); ?>

</div> <!-- Closes Wrapper -->

</body>
</html>
 <?

As you can see, the “encrypted” code adds a link to some site, which apparently hosts iPod video converter. Now, I don’t know what would happen if you click on that link (and I recommend that you don’t) but as you can see, it is just a link. The “encrypted” code does not seem to automatically go there, it doesn’t seem to secretly download anything, etc. Most likely, the author of the stolen theme encrypted this section so you wouldn’t be able to remove the iPod video converter link from your blog.

With all that said, if you are running a WordPress blog, you should check out the TAC Plugin. It examines your installed themes and lets you know whether there is anything suspicious about them.

Related Posts

• Use Arras’ Featured Display For Other Rankings
  19 May 2011 2:52 PM | 4 Comments

  While I was in the process of developing my own child theme based on the Arras theme, I wanted to modify the original to display different rankings and posts in [...]

  Read More
• Small Quick jQuery News Ticker
  12 October 2011 11:05 AM | 2 Comments

  There are a very large number of great WordPress themes out there and a lot of them offer a Featured Post Slider, which is a great way to show off [...]

  Read More
• How to Add Additional Tabs to the Arras’ Tabbed Sidebar Widget
  01 March 2011 1:53 PM | 8 Comments

  Recently, I had a visitor to my website ask a very interesting question after reading the post on the Tagged Post Widget – How can I add more tabs to [...]

  Read More
• Change the look of the Popularity tab in Arras’ Tabbed Widget
  30 July 2010 1:45 PM | 39 Comments

  After upgrading to WP 3.0 and Arras 1.4.3, I also re-arranged some of its layout – most notably, I stopped displaying the Featured posts in the Tabbed widget and replaced [...]

  Read More
• WordPress backup script
  20 January 2010 2:56 PM | 2 Comments

  While setting up my WordPress site, I was looking for backup solutions in the case where something goes wrong. WordPress offers a lot of plugins which will create and manage [...]

  Read More