I have a personal blog that I don’t blog on much, but I randomly thought today I might decide to change that. I don’t have much time to devote to it so I wasn’t very interested in creating my own theme but I knew wanted something techy, dark, and simple, and I really liked this one:
So even though I didn’t get it from the WordPress site, I downloaded it out of curiosity. Things almost immediately started to look suspicious – all the PHP files were password protected, so I couldn’t extract the files from the zip file.
Well, that’s ok – I can just upload the zip file to WordPress. Maybe they just don’t want people messing with their design. It uploads fine, and it loads…wait, what’s that in the footer?
Oh my gosh – I don’t want to advertise an overseas pharmacy! People get arrested for that stuff in the U.S.! Crimeny! I’ll just take that link off…
Hmm. I guess not.
And of course, if you delete the entire encrypted footer code, the entire design breaks – and on top of that you really have no idea what code these folks have put on your site, or what else it may be capable of doing besides selling Viagra because it’s encrypted.
Just another reminder of precisely how you, sometimes, can thwart your own site’s security.
I really liked that theme, too.