Beware downloading WordPress Themes.
02 Dec
Posted by Sherif as Security, Wordpress
|
|
Print This Post
WordPress is now very popular due to it’s ease of use, and the increasing number of themes and plugins freely available for download by the user community.
I knew that allowing comments, or visitors to upload photos can present additional risks to your wordpress site. Yesterday, I read a post by Alistair Croll that presented another aspect of security issues with wordpress, that I even didn’t think about before. In his article, he wrote about a theme that was downloaded by wp-sphere and had a code pointing to another site.
WordPress in it’s core has very minimal coding. As opposed to other software packages that let you only change templetes, a wordpress theme or plugin designer will write php code in addition to html for the theme that you download.
Beware, when you download a theme, whether it’s from an original author or not, make sure the code doesn’t contain encoded strings, unless you check with the author his/her intent and what this string contains when decoded.
Here is were it can become dangerous. The theme can potentially have malicious code injected in your site or code that allows the author to get information from your site, that you don’t want to give away.
Just be causious when you download code for your wordpress site, check it out first. Or just ask me about it, I will be happy to check it out.
It seems that we sometimes just download stuff and when we first see it and like it.
Before you install any theme, I would recommend to:
- After downloading any scripts, search in the text for any “decode” string.
- Google it, check if anyone else has written about it: what they say?
- Make sure you download from the author site, ask him/her if you have any questions before you use it.
- Read other people’s comments, see what they comment about and any issues they bring up.
To read Alistair Croll’s post, click here.
Popularity: 12% [?]
Last Related Posts
4 Responses
Wael Jassar
December 6th, 2007 at 7:38 am
1Hello webmaster…Thanks for the nice read, keep up the interesting posts..what a nice Thursday
fatiah
January 3rd, 2008 at 12:54 pm
2All the scripts look Greek to me, so I will not put unnecessary stress on my poor little brain looking for codes.
My website has got some funny codes written under the categories which ends up in error page if I don’t change it. So I just have to remember to click other category when writing a new post.
Sherif
January 3rd, 2008 at 8:29 pm
3Fatiah
Thanks for your comment, that’s no problem. Just let me know if you are interested in a theme.
I will download it, check it / test it out, and let you know what I find.
jack parler
March 8th, 2009 at 4:11 am
4Thank you for using commentluv
RSS feed for comments on this post · TrackBack URI
Have your say, your comments are very welcome.
I appreciate you taking the time to comment, please consider the following when commenting:
- Use your real name or a pseudonym you frequently use.
- Be relevant and contributive to the post.
- If you want to ad a link, pick a relevant link to the post.
Please note: I reserve the right to edit, censor, and/or delete any comment.
Welcome ...
My name is Sherif Elsisi and on this blog I share my knowledge, discovery and experience with hosting issues, Webmaster tools, security and usability.
About Me | Free blog setup | Value added Web Hosting
Categories
Links
Sponsors
Archives
Calendar
Select eBooks
Most Popular Posts
Latest Posts
Your Testimonials
News Headlines
Article Headlines
Web Hosting
Wordpress
Most Commented
Tdot – Blog hosted by TdotHost | BloggingPro theme by: Design Disease | Hosting and Blogging Guide is powered by WordPress