Sneaky code in WP theme?

4 replies
I have a wordpress theme that has base 64 code imbeded in the footer in the functions.php section of the template. I've read this is a way for the theme develepor to put sneaky snippets of code into the website that benefit them in some fashion.

Is this true? Should I just erase the code and carry on? I really like the theme but I want it to be clean.
#code #sneaky #theme
  • Profile picture of the author AnniePot
    This is common practice with free themes and in most instances you will find that you cannot remove the code.

    I believe that the themes you will find listed in the Wordpress.org free theme directory don't have these issues.
    {{ DiscussionBoard.errors[6608077].message }}
  • Profile picture of the author FredBliss
    What's the code? We can expose/interpret it for you.
    {{ DiscussionBoard.errors[6608319].message }}
    • Profile picture of the author Workman
      Fortunately Base64 encoded source can be decoded.

      If you're interested in finding out what's in there you can decode it and decide for yourself how you want to proceed (including removing any malicious code and using the theme.)

      Copy the encoded source (this string of text should look like a series of alphanumeric characters ending with two equals signs "==") and paste it into a base64 decoder and hit decode. There are many of them online for free; this one was the first to pop up on Google. Then you can inspect the decoded source code for anything. Or, if you wish, paste the code block back in here and I (or another Warrior) will look over it.

      Make sure you check all PHP files in the theme for any sneaky source and check it all for things that shouldn't be there like malicious Javascripts or links.
      {{ DiscussionBoard.errors[6608508].message }}
  • Profile picture of the author CodeShack
    It may be encoded stuff from the author - but it could also be infection.

    If you have it direct from the author site or purchased it, then it's probably encoded legit code, maybe activation/license, call-homes, update checking etc

    If you have it from a share site or similar location, it may be infection.

    If you can post the sections of the code - then I or another member here will decode it for you and give you some indication of it's safety and purpose.

    Cheers,
    {{ DiscussionBoard.errors[6608690].message }}

Trending Topics