Acabei de me deparar com este excelente plug-in do WordPress e pensei em compartilhá-lo com todos vocês. Ele se chama Theme Authenticity Checker (verificador de autenticidade de tema), ou TAC. O que esse plug-in faz é procurar códigos criptografados e outros materiais suspeitos em um tema. Se você tiver um tema com codificação base64, por exemplo, ele informará qual arquivo do tema contém o código. Ele também listará todos os links externos em um tema e os separará por arquivo.
Depois de fazer o download e instalar o plug-in, aparecerá uma nova página no menu Design chamada “TAC”. Testei esse plug-in no servidor de demonstração e posso dizer que ele carrega surpreendentemente rápido, mesmo com todos os temas hospedados nele. Caso esteja se perguntando, todos os temas do WordPress aqui têm uma grande mensagem verde Theme Ok!
[…] vulnerable to spam attacks. I wrote about the WordPress Theme Authenticity Checker a while back here and is a great tool to check if the theme you downloaded contains any encrypted code without having […]
if you trust the corecode u should trust the theme to…
Lagerhall
Where’s the logic in that? That’s the same as saying if you trust an operating system you should trust any program available for it.
A user like me.
😀
Glad that I never encounter any malicious code etc.
Like Peter said, there are a few theme sites which bundle malicious code in “encrypted” form. Although some encrypted code is harmless (just protecting links), the truth is a lot of users don’t know what this is or how it can potentially harm (if malicious) their blogs.
Well, people don’t just use it for “protecting” links in templates. It’s ethical to encrypt code for good intentions such as encypting designer links in the footer, but, it’s unethical when people encypt harmful material into themes.
AH…
So far, I never find such theme that using any encrypted code.
Beside, most of theme is from trusted designer like themelab, and Justin Tadlock.
Ah, I see.
So using an encrypted code such as
VGhlbWUgYnkgPGEgaHJlZj1cIiNcIj5DZW5lYjwvYT4gYW5kIDxhIGhyZWY9XCIjXCI+VGhlbWUgTGFiPC9hPg==
is unethical to put our credit in the theme that we make?
But I though that this will help people not to modify it.
Still in confusing.
So if the plugin found the encrypted code, so what?
That’s what I’m trying to ask.
What’s the benefits.
Ah, from what I know, base64 encoding changes normal readable text into a string of characters which are not readable without using a decoder.
Template creators occasionally use base64 to try and limit the amount of links being removed from templates.
E.G. in the footer, instead of the footer being something like
“Theme by Ceneb and Theme Lab”
it would say:
VGhlbWUgYnkgPGEgaHJlZj1cIiNcIj5DZW5lYjwvYT4gYW5kIDxhIGhyZWY9XCIjXCI+VGhlbWUgTGFiPC9hPg==
Until you use a decoder:
http://makcoder.sourceforge.net/demo/base64.php
Yeah, I’ve read it twice to make myself clear.
Don’t know what is base64 emcoding, etc…
I wonder what’s the benefits of having that plug in for user or developer?
What’s the “Theme OK!” means?
Valid XHTML?
Pangeran, I’m not too sure if you read the post Leland wrote, fully, but I seemed to get a good idea from:
“What this plugin does is scan for encrypted code and other suspicious looking material within a theme. If you have a theme with base64 encoding, for example, it will let you know which file in the theme contains the code. It will also list any external links within a theme and separate them by file.”