Theme Authenticity Checker (TAC Plugin)
Written by Bec on September 3, 2008 – 12:08 PM -
Here’s a truly wonderful addition to the WordPress family of plugins: a Theme Authenticity Checker (or TAC for short). If you want to be sure that malicious code hasn’t been added to a Wordpress theme you’re thinking of using, TAC can show you if, and where, any suspect code is located within that theme.
The developers of TAC at Builtbackwards.com discuss why they decided to code this valuable plugin:
TAC got its start when we repeatedly found obfuscated malicious code in free WordPress themes available throughout the web. A quick way to scan a theme for undesirable code was needed, so we put together this plugin.
After Googling and exploring on our own we came upon the article by Derek from 5ThirtyOne regarding this very subject. The deal is that many 3rd party websites are providing free WordPress themes with encoded script slipped in – some even going as far as to claim that decoding the gibberish constitutes breaking copyright law. The encoded script may contain a variety of undesirable payloads, such as promoting third party sites or even hijack attempts.
Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
Here’s a screenshot of the TAC plugin in action:
Just because the code is there doesn’t mean it’s not supposed to be or even qualifies as a threat, but most theme authors don’t include code outside of the WordPress scope and have no reason to obfuscate the code they make freely available to the web. We recommend contacting the theme author with the code that the script finds, as well as where you downloaded the theme. But the real value of this Plugin is that you can quickly determine what and where code needs to be cleaned up.
What if I find something amiss in the code or links?
The developers say to contact the theme’s original author to double check if that section of code is supposed to be in the theme in the first place – chances are it shouldn’t be there as there isn’t a logical reason to have base64 encoding in a theme. Static Links aren’t necessarily bad, TAC just lists them so you can see where your theme is linking to.
If something is malicious or simply unwanted, TAC tells you what file to edit, then you can just click on the file path to be taken straight to the WordPress Theme Editor. Just be sure you have chmoded your theme files to be writable (777 usually) in order to do your edits within the WordPress Admin panel.
Click here to read more about the Theme Authenticity Checker and to download it for free.
Related posts:
Tags: malicious code, theme checker, wordpress plugin
Posted in Adult Themed Templates, Blog Plugins & Widgets, Wordpress | No Comments »
Leave a Reply
You must be logged in to post a comment.
