I ran across an article that I just had to share. I’ve often written about cheap versus paying for what your web project. Moreover, I constantly warn my Atlanta business associates from doing the same thing. But the seduction of downloading free WordPress Themes are often very powerful when people are trying to avoid paying a Web Developer. However, this article explains whey: Siobhan McKeown wrote:
WordPress Themes Base is in the lucky position of being the top ranking site for “Free WordPress Themes.” Someone’s been working hard on their SEO! The blurb at the bottom tells the visitor that unlike other sites offering free WordPress themes, the themes at WordPress Themes Base are fresh. Great, there’s nothing better than a fresh theme.
I downloaded Prinz Branford Magazine. Already things are looking problematic. Branford Magazine is a theme released by der Prinz. There is a very old version of the theme which (as far as I can tell) isn’t up-to-date with WordPress 3.0 and a Pro was released earlier this year. That means we’re looking at either a theme that doesn’t work properly with WP 3.0 or a theme that is a knock-off of a pro.
After downloading the theme, I used a program that protects my computer from malicious code. (kind of like I work with it in a bubble)
Encrypted code found! First site on Google and we’ve already come across Base64 Poor me…..Base64 is often used to hide malicious code. I can see that the code is in the footer. Let’s take a look at that:
Yeah, copyright me, damned right! But what is that Base64 hiding. Here it is in the footer code:
Lots of blah.
You can decode this base64 code in two ways :
- You can try Otto’s decoder – handy!
- You can also do it manually – this involves changing the
echo()to force whatever’s been hidden out of hiding. This post will walk you through the process.
I’ve gone for option 2. Turning my
eval() into an
echo() produced this result in my footer:
Eh? A minute ago it said copyright me!!! Bah! Now there’s something about Free Anti-Virus Downloads. Where did that come from? Hidden by the base64 methinks.
I downloaded another 2 themes from this site and they all contained base64 code. Base 64 does not necessarily just hide links. It can also hide malicious code which can run amok on your site.Not only that but the site, while maintaining that its themes are fresh, is pushing themes built by other designers that the site owner has put base64 code into. I contacted Michael Oeser at der Prinz, who told me that he’s been trying to get in touch with the site about removing the theme but is having no luck. He’s posted a warning on his own blog about the dangers of downloading pirate themes. He’s the designer of Branford Magazine and his advice is to stay well away from sites like this – good advice!
Going through the entire 10 “free” listing on Google and testing themes on “free” sites. Almost ALL of them had hidden code that was of a malicious nature. That’s 10 out of 10 sites listed as “free” were found to have bad code.
To read more of the article. Thanks to Siobhan McKeown for taking the time to test.