ThemeLab's Blog

Stay up to date with our newest WordPress themes, WordPress plugins, WordPress tutorials, and other announcements.

WordPress Theme Authenticity Checker

Last Updated on by

I just came across this excellent WordPress plugin, and thought I would share it with all of you. It’s called the Theme Authenticity Checker, or TAC for short. What this plugin does is scan for encrypted code and other suspicious looking material within a theme. If you have a theme with base64 encoding, for example, it will let you know which file in the theme contains the code. It will also list any external links within a theme and separate them by file.

Small Studio TAC

Once you’ve downloaded and installed the plugin, a new page in your Design menu will appear called “TAC.” I tested this plugin on the demo server, and let me tell you – this plugin loads surprisingly fast, even with all of the themes hosted on it. In case you were wondering, all the WordPress themes here got a big green Theme Ok! message.

About

Leland Fiegel was the original founder of ThemeLab. He is a web developer who loves WordPress and blogging.

  • http://pangeran.org/ Pangeran

    I wonder what’s the benefits of having that plug in for user or developer?

    What’s the “Theme OK!” means?
    Valid XHTML?

    • http://www.ceneb.com Peter

      Pangeran, I’m not too sure if you read the post Leland wrote, fully, but I seemed to get a good idea from:

      “What this plugin does is scan for encrypted code and other suspicious looking material within a theme. If you have a theme with base64 encoding, for example, it will let you know which file in the theme contains the code. It will also list any external links within a theme and separate them by file.”

  • http://pangeran.org/ Pangeran

    Yeah, I’ve read it twice to make myself clear.
    Don’t know what is base64 emcoding, etc…

  • http://www.ceneb.com Peter

    Ah, from what I know, base64 encoding changes normal readable text into a string of characters which are not readable without using a decoder.

    Template creators occasionally use base64 to try and limit the amount of links being removed from templates.

    E.G. in the footer, instead of the footer being something like

    “Theme by Ceneb and Theme Lab

    it would say:

    VGhlbWUgYnkgPGEgaHJlZj1cIiNcIj5DZW5lYjwvYT4gYW5kIDxhIGhyZWY9XCIjXCI+VGhlbWUgTGFiPC9hPg==

    Until you use a decoder:

    http://makcoder.sourceforge.net/demo/base64.php

  • http://pangeran.org/ Pangeran

    Ah, I see.

    So using an encrypted code such as

    VGhlbWUgYnkgPGEgaHJlZj1cIiNcIj5DZW5lYjwvYT4gYW5kIDxhIGhyZWY9XCIjXCI+VGhlbWUgTGFiPC9hPg==

    is unethical to put our credit in the theme that we make?

    But I though that this will help people not to modify it.

    Still in confusing.
    So if the plugin found the encrypted code, so what?
    That’s what I’m trying to ask.

    What’s the benefits.

  • http://www.ceneb.com Peter

    Well, people don’t just use it for “protecting” links in templates. It’s ethical to encrypt code for good intentions such as encypting designer links in the footer, but, it’s unethical when people encypt harmful material into themes.

    • http://pangeran.org/ Pangeran

      AH…
      So far, I never find such theme that using any encrypted code.

      Beside, most of theme is from trusted designer like themelab, and Justin Tadlock.

  • Leland

    Like Peter said, there are a few theme sites which bundle malicious code in “encrypted” form. Although some encrypted code is harmless (just protecting links), the truth is a lot of users don’t know what this is or how it can potentially harm (if malicious) their blogs.

  • http://pangeran.org/ Pangeran

    A user like me.
    :-D
    Glad that I never encounter any malicious code etc.

  • http://www.csbygg.se Lagerhall stålkonstruktion

    if you trust the corecode u should trust the theme to…
    Lagerhall

    • http://www.ceneb.com Peter

      Where’s the logic in that? That’s the same as saying if you trust an operating system you should trust any program available for it.

  • Pingback: Obfuscated code in themes: Your opinion? - Page 3 - WordPress Tavern Forum