[theme-reviewers] Theme standards and obfuscation

Andrew McGill list2010 at lunch.za.net
Thu Apr 26 13:41:14 UTC 2012


I notice that the theme standards do not say anything about code obfuscation and readability:


I suggest the following guidelines:

 * No obfuscation: all code must written in human readable format: measures that reduce readability are not allowed. (e.g. variable name mangling, stripping indentation)

 * No hiding: All code must appear in regular .php files. No measures to obscure the code being run are permitted.

The reason this would be helpful is that there are a lot of commercial themes of dubious quality employing various kinds of obfuscation - 85 levels of base64_decode and gzip hiding the closing div tags, wp_footer and the 'if $posts>20 (advertise())'.  It is also pretty hard to distinguish "legitimate" obfuscation from a hacked site.  

It would make the world a happier place if wordpress.org said that code obfuscation is not-so-cool.  

Something should also be said about code obfuscation in javascript files too ... (e.g. the compressed version of jquery).  I reckon it should be discouraged (if not prohibited).

More information about the theme-reviewers mailing list