WordPress.org

Ready to get started?Download WordPress

Forums

Are these themes safe? (5 posts)

  1. supor1t
    Member
    Posted 7 years ago #

    I was browsing for a new theme at themes.wordpress.net and was wondering if anyone can vouch for the security of these themes. Many appear to be spam. This theme, for example, appears to have several spam links built in:
    http://themes.wordpress.net/columns/2-columns/3504/dark-release-10/

    I wouldn't want those links on my site, and I don't think I'd trust a developer who put those links into a theme.

    Am I off base here? Would the theme above be 'safe' to use?

  2. whooami
    Member
    Posted 7 years ago #

    Assuming you are talking about the links in the footer?

    Thats a sponsored theme.

    These days, if I were going to use ANY theme that I had not hand coded myself - I would crack open the files and examine them closely for anything out the usual.

    Specifically looking for:

    1. iframe tags
    2. Sponsor links.
    3. ANYTHING that appears to be "encoded" and anything that's calling javascript

    encoded stuff will stick out .. long strings of crap thats basically unrecognizable.

    The nature of PHP makes installing any themes a crap shoot, really, unless you know the reputation of the person who developed it.

  3. Dgold
    Member
    Posted 7 years ago #

    hopefully, to an extent, the community-driven nature of the http://themes.wordpress.net/
    site should help with reputation, as you can see # of downloads, and read user comments

    i don't much care for the sponsored themes trend :/

  4. supor1t
    Member
    Posted 7 years ago #

    Wow. I didn't know the situation was that bad. WordPress.net should put up a warning to users.

    Thanks for the heads up!

    I downloaded one of the themes to look for items above and didn't find anything obvious, but the theme's author claimed that it was licensed under Creative Commons (Attribution-ShareAlike 2.5) and that their "sponsorship" (I see spam) links needed to stay intact. But it looks to me like the theme is strongly based on kubrick (the WP default) which is GPL.

    I'm no license expert, but isn't that licensing practice questionable?

  5. whooami
    Member
    Posted 7 years ago #

    I'm no license expert

    Neither am I :) but then someone who propagates spam for a buck .. probably isnt going to be either, or even want to be.

    Wow. I didn't know the situation was that bad.

    Its not, BUT, there are those cases where bad things happen.

    For example, I helped a person on these forums rather recently, that was trying to figure out where the spam links inside her posts were coming from -- it turns out the the theme author had actually put the links inside the loop, so every post she made was going to have links attached to it.

    I have never helped someone here where Ive verified that unusual or malicious javascript was added to a theme by an author. But that doesnt mean it cannot happen, and wont ever.

    Lastly, it would be nice to be able to rely on the community - but that community is largely anonymous, and vastly under-educated. And while that might be arguable - I dont trust my own sites security to someone else :)

    --

    if your interested in the hubbub that sponsored themes has caused -

    http://wordpress.org/extend/ideas/topic.php?id=553&page&replies=161

    and then from those that spoke out on their own blogs:

    http://www.google.com/search?hl=en&q=sponsored+themes+wordpress&btnG=Google+Search

    Good luck!

Topic Closed

This topic has been closed to new replies.

About this Topic