[wp-hackers] Themes Being Unofficially Distributed with Security
Vulnerabilities - Time for an Official Theme Repository?
Andrew Rivett
veggiefrog at mac.com
Mon Nov 26 15:50:01 GMT 2007
Is there any way to write a plugin or stand alone code to verify a
theme does not contain these security vulnerabilities?
Andrew.
On 26-Nov-07, at 1:21 AM, Ronald Heft wrote:
> It has come to my attention that sites are beginning to unofficially
> distribute WordPress themes with security vulnerabilities injected
> into
> them. As Derek Punsalan points out, many of these themes are making
> sites
> spam zombies and the re-distributors are purchasing adwords to bait
> more
> people.
> http://5thirtyone.com/archives/870
>
> While issues like this will become more common as WordPress
> continues to
> gain popularity, we can do some things to stop sites like this from
> some succeeding. One idea comes to mind of an official theme
> repository. We
> already have one for plugins (and it appears successful), why not
> themes?
>
> Sure, there are already semi-official theme directories, but there
> is no
> current central location to download themes. Having an official theme
> directory/repository would help ensure users they're downloading the
> themes
> directly from the author and not a hacker. Obviously this won't
> completely
> stop the issue, but in my mind it should make downloading themes a
> more safe
> experience.
>
> --
> Ronald Heft, Jr.
> Information Sciences and Technology
> Pennsylvania State University
>
> cavemonkey50.com
> 9rules Network
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list