wade_watson
October 30th, 2009, 01:31 PM
This forum has a lot of WordPress newbies, so I thought would be a good idea to talk bit about website security with WordPress. While WordPress is a great platform and very safe in it's basic form, as with anything else regarding computers, you have to practice certain safety measures.
While checking out some free WordPress themes lately and ran across one theme with the entire footer code hidden in a mysterious code. Actually, I've seen this type of code before and I believe it's called "base64" code. That's not something you need to remember, but what is important is that your WordPress theme should not contain any secret codes like this. If it does, there's a good chance it's malicious and at the least can harbor issues like hidden broken links that can hinder your search ranking.
Malicious hidden codes can also occur inside plugins, too. You want to be very careful of any plugin that doesn't come from WordPress.org, and even then, exercise caution.
There are a couple of special plugins designed to detect malicious code in an existing WP install and I suggest running them both. It's best to install it fresh every time you run one:
WordPress Exploit Scanner (http://wordpress.org/extend/plugins/exploit-scanner/)
TAC (Theme Authenticity Checker) (http://wordpress.org/extend/plugins/tac/)
I also recommend reading these 2 excellent articles on the subject:
How To Evaluate A WordPress Theme For Your Blog (http://website-in-a-weekend.net/getting-started/evaluate-wordpress-theme-blog/)
Free Wordpress themes and Hidden code (http://aliyev.ws/?p=119)
If you do find one of these codes in your theme, you probably want to change it or, better, switch to another theme.
Wade Watson
While checking out some free WordPress themes lately and ran across one theme with the entire footer code hidden in a mysterious code. Actually, I've seen this type of code before and I believe it's called "base64" code. That's not something you need to remember, but what is important is that your WordPress theme should not contain any secret codes like this. If it does, there's a good chance it's malicious and at the least can harbor issues like hidden broken links that can hinder your search ranking.
Malicious hidden codes can also occur inside plugins, too. You want to be very careful of any plugin that doesn't come from WordPress.org, and even then, exercise caution.
There are a couple of special plugins designed to detect malicious code in an existing WP install and I suggest running them both. It's best to install it fresh every time you run one:
WordPress Exploit Scanner (http://wordpress.org/extend/plugins/exploit-scanner/)
TAC (Theme Authenticity Checker) (http://wordpress.org/extend/plugins/tac/)
I also recommend reading these 2 excellent articles on the subject:
How To Evaluate A WordPress Theme For Your Blog (http://website-in-a-weekend.net/getting-started/evaluate-wordpress-theme-blog/)
Free Wordpress themes and Hidden code (http://aliyev.ws/?p=119)
If you do find one of these codes in your theme, you probably want to change it or, better, switch to another theme.
Wade Watson