[wp-hackers] Themes Being Unofficially Distributed with Security Vulnerabilities - Time for an Official Theme Repository?

Ronald Heft ron at cavemonkey50.com
Mon Nov 26 06:21:46 GMT 2007


It has come to my attention that sites are beginning to unofficially
distribute WordPress themes with security vulnerabilities injected into
them. As Derek Punsalan points out, many of these themes are making sites
spam zombies and the re-distributors are purchasing adwords to bait more
people.
http://5thirtyone.com/archives/870

While issues like this will become more common as WordPress continues to
gain popularity, we can do some things to stop sites like this from
some succeeding. One idea comes to mind of an official theme repository. We
already have one for plugins (and it appears successful), why not themes?

Sure, there are already semi-official theme directories, but there is no
current central location to download themes. Having an official theme
directory/repository would help ensure users they're downloading the themes
directly from the author and not a hacker. Obviously this won't completely
stop the issue, but in my mind it should make downloading themes a more safe
experience.

-- 
Ronald Heft, Jr.
Information Sciences and Technology
Pennsylvania State University

cavemonkey50.com
9rules Network


More information about the wp-hackers mailing list