Herself's Webtools

Scripts, HowTos, Templates, Plugins, Widgets, Tips

Archive for January, 2008

What lurks in your free WordPress theme?

without comments

It is up to you as webmasters to know what is on your site. Serve up a virus or trouble just once and you’ll be blacklisted far and wide. Many WordPress users do not like to edit or dig into their themes. If that is you, you need to stick with themes from the WordPress site. If you are downloading themes elsewhere you need to roll up your sleeves, break out an editor and take a wander through those themes.

. . . Here’s a real example.

Seattle-based designer Derek Punsalan makes acclaimed WordPress themes, and has released several of them to the world. Other theme sites have copied his themes. One such theme copier is WP-Sphere.

When you download Punsalan’s theme from the WP-Sphere site, it contains some extra code that he didn’t include. It’s a long string of cryptic-looking characters that most users wouldn’t question:
( click read more link for images and more information )

The first part of the string offers a clue: It’s using a PHP function to decode the string of text, which is encoded as base64. If we pass this through a decoder, the string looks a lot more malicious:
( click read more link for images and more information )

The code establishes a connection from the WordPress server to several sites wpssr.com, wpsnc.com, and wpsnc2.com, and allows the site operator to download an arbitrary piece of Javascript. The sites are registered to an anonymous registrar in Vancouver, British Columbia.

[read more ]Are Hackers Exploiting WordPress Themes?

Written by Linda MacPhee-Cobb

January 21st, 2008 at 5:00 am

Posted in security,things you should know

WordPress Widget to list all posts in a single category in your sidebar

with 6 comments

TimesToCome Category of Posts WordPress sidebar widget

This is just a widgetized verzion of the Category of Posts plugin for those of you that prefer widgets.

Unzip the download, put it in your WordPress->Plugins->Widgets directory
Activate the plugin
Go to your Presentation->Widgets page and drop it in your sidebar
Set the title to a title you like
Set the category number to the number of the category you’d like displayed. ( This is available on your Manage->Categories page )

4/2/10 See also How to lists posts by category in WordPress; for a newer, easier way to do this.

Written by Linda MacPhee-Cobb

January 17th, 2008 at 5:00 am

Posted in wordpress

« Older Entries
Newer Entries »