WP Sphere redistributing themes with malicious code

By Martin • November 26, 2007

And you thought you were safe? Are you using WordPress as your CMS, well if so please read this:

Hidden base64 code redistributed with public WordPress themes opens the backdoor for unsuspecting WordPress users. Highly recommended that WordPress themes not be download from galleries like WP Sphere. Check your WordPress theme source for suspicious code.

The links are inserted via an additional functions.php file which is included with the theme downloads. If you’re shopping around for public themes, I strongly recommend that you download directly from the original authors website.

read more | digg story

You can read more info on the 5thirtyone.com site. They have this to say:

The links are inserted via an additional functions.php file which is included with the theme downloads. If you’re shopping around for public themes, I strongly recommend that you download directly from the original authors website.

I’m so glad I’m beginning to create my own template themes!

Popularity: 14% [?]

Categories: Off-Topic
Tags:

About the Author

Martin

Member of the GAWDs and Web Standards Group. As a member of the Web Standards Group, as well as membership in the Guild of Accessible Web Designers, I strive to achieve maximum website accessibility in my designs, while using the latest, cutting-edge eXtensible HyperText Mark-up Language/CSS markup. My sites fully validate with the W3C standards for XHTML/CSS, as well as comply with the W3C's WAI - A, AA, or AAA standards. Separation of Content from presentation and a site that fully complies with this philosophy - will reach more than just your intended audience, it'll reach everyone! Web standards at FierceStreet Networks is all about usability - XHTML for content, and CSS for presentation.

Services and Business Solutions

Plain Old Semantic HTML

POSH!