Check the Security of Your Free WordPress Themes

We WordPress bloggers must already know that many beautiful wp themes out there will charge you tens to hundreds dollars to be available for you to download. Noobs with short pockets that haven't been filled with big bucks like probloggers will absolutely think twice or even more to buy these premium WP themes. However, internet got the 'wrong' solution for this. Premium templates for WordPress are kind of easy to find and available download, FOR FREE.

Freebies vs Security Issues

We all love freebies, don't we? But there's possible security risk on premium stuff that are given for free. Many websites or people are providing free Wordpress themes with encoded script slipped in - some even going as far as to claim that decoding the gibberish constitutes breaking copyright law. The encoded script may contain a variety of undesirable payloads, such as promoting third party sites or even hijack attempts.

Not all of them of course. There are also good guys design free WP themes with no intention of stealing something from you or doing anything harmful. It's just good to be wise to check your free premium WP templates before you have them installed online on your blog. Here I'd like to share a WP plugin that helps me find malicious code on free WP themes.

TAC (Theme Authenticity Checker) WP plugin

This plugin is contributed by BuiltBackwards aimed to scan all of your theme files for potentially malicious or unwanted code. TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. TAC also searches for and displays static links found on theme files.

Installation is as just the same as other WP plugin. You can download it here and upload it to the '/wp-content/plugins/' directory from your admin panel. Next is activating the TAC plugin through the 'Plugins' menu in WordPress. TAC requires WP version 2.2 at least and had been tested up to version 3.0.1.

See how TAC works

I use it on WordPress that is installed offline on my computer. Here are some screenshots after TAC has checked all the themes files and displays the malicious code it found.

I downloaded Odessa for free I can't remember where from. It's originally developed by Camel Graph. See how TAC found encrypted malicious code injected into footer.php on Line 2 in this redistributed free WP theme. This code will be a security hole if you install it online.

And below is the picture when your theme is considered safe by TAC plugin. I got Red Carpet theme for free before Ahmad Fouad on Deluxe Themes change it to premium. TAC said the theme OK and found 1 static link to DeluxeThemes.com on footer.php which is a common link on every blog theme.

Great, isn't it? If you are mad about hunting and downloading premium WP theme for free, for security sake, you should use this plugin if you haven't.