firewall Spyware removal internet speed test web security service free software and tips


Go Back   Web Security > Special > Wordpress
Reload this Page Wordpress Theme Scam
FAQ Members List Search Today's Posts Mark Forums Read

Wordpress Wordpress installations, themes and mods.

Advertisements

Wordpress Theme Scam

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 12-29-2007,
AMPC's Avatar
Administrator
  
Join Date: Jan 2007
Posts: 1,415
Default Wordpress Theme Scam
I have always picked up my wordpress themes from wordpress.org, but recently, a friend turned my onto a wordpress theme site that's not official. No big deal, and the site is fantastic!

I hate sticking anything on my box unless I do a cursory review of the code as I did with a theme I just installed for a few new sites. What I found in the footer is listed below (except that I replaced the feed url with my own for testing):


Code:
<div class="feedx">
<?php
require_once(ABSPATH . WPINC . '/rss-functions.php');
get_rss('http://tweakedoutthemes.com/feedmenow.xml', $num = 2);
?>
</div>
Here is the section of the style sheet that contains the class 'feedx':
Code:
.feedx {
  position:absolute; 
  overflow:hidden; 
  left:1px; 
  top:1px; 
  width:0px; 
  height:0px; 
  z-index:0;
}
What this little bit of code does is grabs a feed from the author's site and places it in the footer of your site. So, the author can place any type of link on your site he/she likes! (even site promoting, well, you know).

The author even styled the links so they appear off the page (hidden), so you would never even see the links unless you looked at the code.

What's the harm in that you ask, after all, the links are hidden anyway, right? Well, link to the wrong site and you could end up getting removed from a search engine's index for linking to bad sites (read - no more traffic!). Same can happen for hiding links like this.

So, make sure you review your theme (or ask me to do it for you) if you get it from a site other than wordpress. This Wordpress Theme Scam is dead wrong, especially when no warning is given to the person downloading it!

By the way, a better looking method would have been:
Code:
<?php
include_once(ABSPATH . WPINC . '/rss.php');
$rss = fetch_rss($uri);
// Get RSS Feed(s)
include_once(ABSPATH . WPINC . '/rss.php');
$rss = fetch_rss('http://tweakedoutthemes.com/feedmenow.xml');
$items = array_slice($rss->items, 0, 2);
foreach ( $items as $item ) : ?>
<a href='<?php echo $item['link']; ?>' 
title='<?php echo $item['title']; ?>'>
<?php echo $item['title']; ?>
</a> &middot;
<?php endforeach; ?>
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT -5. The time now is .

Audit My PC - Sitemap - Top

Powered by a CPU
vBulletin® v3.8.4, Copyright ©2000-2009, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.3.2 © 2009, Crawlability, Inc.