Written by : Nina Khoury
With WordPress being the most widely used blogging platform on the 'net today, users' demands to style their blogs is growing steadily. But not every blogger has the financial wherewithal to purchase some of the higher-end themes, especially if a search for "free wordpress themes" on Google yields over 50 million results (okay, not of all these results might be 100 percent relevant, but you still get the point). Weeding through all results is an impossible task, and finding the perfect one for your blog is even harder than you might think. I dare to compare it to buying a car: Always make sure you look under the hood, as well, to make sure there are no unwanted surprises lurking underneath.
The same is true for quite a bunch of free WordPress themes; unfortunately for most users, they only find this out after they have already downloaded and installed the new theme and learned to love the look and feel of it.
There is one exception: The (sometimes really strange) links in the footer cannot be removed or changed because the whole footer is either encoded, or when in plain text, as soon as changes are made to the content, the theme returns an error message stating you have no permission to change or remove the footer links as "this is part of the license agreement." Now, besides the fact that according to WordPress, themes are subject to the GPL, too, (which, in layman's terms means that all PHP code can always be modified by the user and cannot be copyrighted or protected) how does one know what the code does, especially when the footer is encoded in some garbled chunk of code similar to this:
$_F=__FILE__;$_X='Pz48P3BocA0KLyoqDQogKiBUaDUgdDVtcGwxdDUgZjJyIGQ0c3BsMXk0bmcgdGg1IGYyMnQ1ci4NCiAqDQogKiBDMm50MTRucyB0aDUgY2wyczRuZyAyZiB0aDUgNGQ9b TE0biBkNHYgMW5kIDFsbCBjMm50NW50DQogKiAxZnQ1ci4NCiAqDQogKiBAcDFjazFnNSBXMnJkUHI1c3MNCiAqIEBzM2JwMWNrMWc1IG0ybjJjaHIybTUNCiAqLw0KPz4NCgk8L2Q0dj48IS0t ICNtMTRuIC0tPg0KICAgIDxkNHYgNGQ9ImYyMnQ1ciIgcjJsNT0iYzJudDVudDRuZjIiPg0KICAgIAk8P3BocA0KCQkJLyogQSBzNGQ1YjFyIDRuIHRoNSBmMjJ0NXI/IFk1cC4gWTIzIGMxbiB jMW4gYzNzdDJtNHo1DQoJCQkgKiB5MjNyIGYyMnQ1ciB3NHRoIGYyM3IgYzJsM21ucyAyZiB3NGRnNXRzLg0KCQkJICovDQoJCQlnNXRfczRkNWIxciggJ2YyMnQ1cicgKTsNCgkJPz4NCiAgIC AJPGQ0diA0ZD0iYzJsMnBoMm4iPg0KICAgICAgICAgICAgPGQ0diA0ZD0iczR0NS00bmYyIiBjbDFzcz0iY2w1MXJmNHgiPg0KICAgICAgICAgICAgICAgIDxkNHYgNGQ9Imc1bjVyMXQyciI+U DJ3NXI1ZCBieSA8MSBocjVmPSJodHRwOi8vdzJyZHByNXNzLjJyZy8iIHQ0dGw1PSJTNW0xbnQ0YyBQNXJzMm4xbCBQM2JsNHNoNG5nIFBsMXRmMnJtIiByNWw9Imc1bjVyMXQyciI+VzJyZHBy NXNzPC8xPiAxbmQgPDEgaHI1Zj0iaHR0cDovL3dwY3IzbmNoeS5jMm0iIHQ0dGw1PSJGcjU1IFByNW00M20gUTMxbDR0eSBXMnJkcHI1c3MgVGg1bTVzIj5XUENyM25jaHk8LzE+PC9kNHY+DQo gICAgICAgICAgICAgICAgPGQ0diA0ZD0iY3I1ZDR0cyI+RDVzNGduNWQgYnkgPDEgaHI1Zj0iaHR0cDovL3d3dy5oMnN0cjV2NDV3ZzU1a3MuYzJtIiB0NHRsNT0iYjVzdCB3NWIgaDJzdDRuZy IgdDFyZzV0PSJfYmwxbmsiPmI1c3QgdzViIGgyc3Q0bmc8LzE+LiBJbiBjMmxsMWIycjF0NDJuIHc0dGggPDEgaHI1Zj0iaHR0cDovL3d3dy5oMnN0di5jMm0iIHQ0dGw1PSJWUFMgSDJzdDRuZ yIgdDFyZzV0PSJfYmwxbmsiPlZQUyBIMnN0NG5nPC8xPiwgPDEgaHI1Zj0iaHR0cDovL2JyMjFkdzF5dDRjazV0cy5jMiIgdDR0bDU9IkJyMjFkdzF5IFQ0Y2s1dHMiIHQxcmc1dD0iX2JsMW5r IiA+QnIyMWR3MXkgVDRjazV0czwvMT4sIDwxIGhyNWY9Imh0dHA6Ly93cGMycm41ci5jMm0iIHQ0dGw1PSJGcjU1IFcycmRwcjVzcyBUaDVtNXMiIHQxcmc1dD0iX2JsMW5rIj5GcjU1IFcycmR wcjVzcyBUaDVtNXM8LzE+LjwvZDR2Pg0KICAgICAgICAgICAgPC9kNHY+DQogICAgICAgIDwvZDR2Pg0KICAgIDwvZDR2PjwhLS0gI2YyMnQ1ciAtLT4NCjwvZDR2PjwhLS0gI3dyMXBwNXIgLS 0+DQoNCjw/cGhwDQoJLyogQWx3MXlzIGgxdjUgd3BfZjIydDVyKCkgajNzdCBiNWYycjUgdGg1IGNsMnM0bmcgPC9iMmR5Pg0KCSAqIHQxZyAyZiB5MjNyIHRoNW01LCAyciB5MjMgdzRsbCBic jUxayBtMW55IHBsM2c0bnMsIHdoNGNoDQoJICogZzVuNXIxbGx5IDNzNSB0aDRzIGgyMmsgdDIgcjVmNXI1bmM1IEoxdjFTY3I0cHQgZjRsNXMuDQoJICovDQoNCgl3cF9mMjJ0NXIoKTsNCj8+ DQo8L2IyZHk+DQo8L2h0bWw+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfc mVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==')); There have been reports of actual malicious code either hidden directly in the code or being injected in the site remotely by using this questionable practice.
Not to mention that you have no control over what might happen in the future even if your site seems to be working perfectly today. The developer can hide practically anything in the code, from simple tracking scripts to email blasters and password sniffers that not only can exploit your database and WordPress usernames and passwords, but can potentially bring down your whole server. Don't get me wrong, I give credit where credit is due (and expect the same in return). But don't advertise "free" when, in fact, it's not only not free, but also borderline illegal.
More on this issue: WordPress user: Be careful where you get your theme from.
Click here http://bit.ly/ge8Iej for full article
No comments:
Post a Comment