Scan all of your theme files for potentially malicious or unwanted code. Be aware of advertisements or dangerous JavaScript inserted into legitimate themes by third party theme download sites.
Future versions will allow to check for other theme vulnerabilities.
Download TAC (Current, v 1.4)
TAC in Wordpress.org Plugin Directory
ABOUT
What TAC Does
TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
Then what do you do? Just because the code is there doesn’t mean it’s not supposed to be or even qualifies as a threat, but most theme authors don’t include code outside of the Wordpress scope and have no reason to obfuscate the code they make freely available to the web. We recommend contacting the theme author with the code that the script finds, as well as where you downloaded the theme.
The real value of this plugin is that you can quickly determine where code cleanup is needed in order to enjoy your theme.
History
TAC got its start when we repeatedly found obfuscated malicious code in free Wordpress themes available throughout the web. A quick way to scan a theme for undesirable code was needed, so we put together this plugin.
After Googling and exploring on our own we came upon the article by Derek from 5thiryOne regarding this very subject. The deal is that many 3rd party websites are providing free Wordpress themes with encoded script slipped in – some even going as far as to claim that decoding the gibberish constitutes breaking copyright law. The encoded script may contain a variety of undesirable payloads, such as promoting third party sites or even hijack attempts.
Frequently Asked Questions
What if I find something?
Contact the theme’s original author to double check if that section of code is supposed to be in the theme in the first place – chances are it shouldn’t as there isn’t a logical reason have obfuscated code in a theme.
If something is malicious or simply unwanted, TAC tells you what file to edit, you can even just click on the file path to be taken straight to the WordPress Theme Editor.
Why does TAC list static links?
First of all, static links aren’t necessarily bad, TAC just lists them so you can quickly see where your theme is linking to.
What about future vulnerabilities?
As we find them we will add them to TAC. If you find one, PLEASE let us know: Contact builtBackwards or post in the WordPress.org Forum
CHANGELOG
Version 1.4
- Compatible with WordPress 2.8!
- Tested in Firefox 3.0.11 and Internet Explorer 8
- JavaScript hiding/showing of theme details
Version 1.3 (Fixes + New Feature)
- Changed title to “Theme Authenticity Checker”, same acronym, makes more sense
- Compatible with WordPress 2.2 – 2.6.1
- NEW! Checks for embedded Static Links
- NEW! Direct links for editing suspicious files in the WordPress Theme Editor
- Improved the CSS
- Uses its own function to get theme file paths
Version 1.2 (Fixes)
- Band-aid fixes to theme file paths that were altered by the update to get_themes() in Wordpress 2.6
- This release is only compatible with Wordpress 2.6
Version 1.1 (Fixes)
- Style sheet doesn’t explode any more when certain threats are detected
- Modified code snippet output to prevent interfering with page structure
- Improved styling for slightly more appealing output
Version 1.0 (First Release)
- This is the initial release of TAC.
INSTALLATION
After downloading and extracting the latest version of TAC…
- Upload
tac.phpto the/wp-content/plugins/directory - Activate the plugin through the ‘Plugins’ menu in WordPress
- Go to Design -> TAC in the Wordpress Admin
- The results of the scan will be displayed for each theme with the filename and line number of any threats.
[...] TAC – Theme Authenticity Checker WordPress Plugin Plugin wordpress pour vérifier si vos thèmes sont infectés [...]
[...] TAC – Theme Authenticity Checker WordPress Plugin Plugin wordpress pour vérifier si vos thèmes sont infectés [...]
Thanks, I’ve been looking for this forever. I hate downloading themes and having them be ruined!! annoys me.
[...] Скачить плагин Theme Authenticity Checker можно на странице автора. [...]
[...] Theme Autenticity Checker [...]
[...] Wordpress Plugins To Power Up Your Comment Section TAC (Theme Authenticity Checker) How to Improve your Wordpress Theme with 9 Useful [...]
Good on you guys for making this plugin. This is the type of thing that will keep the theme developers honest.
[...] por ello que en builtbackwards.com han creado TAC (Theme Autenticity Checker), plugin que escanea los archivos de nuestro theme activo en busca de [...]
Спасибо большое уважаемый Блоггер.
Твой блог просто сумашедший, а статья просто изумительная
Заходи ко мне на сайт)
[...] check a theme for encrypted code, without manually checking each file, I highly recommend using the Theme Authenticity Checker. I’ve written about this before, but it really is an invaluable tool if you have a lot of [...]
[...] TAC (Theme Authenticity Checker) by builtBackwardsWe have all installed a theme with has hidden code that calls the random (and unintended) pop-up for your users. Or, perhaps it is just me. Either way, TAC solves the problem. It scans your themes and identifies rogue code and hidden links. A simple-to-understand user interface makes identifying the problem themes simple and easy. Just install, activate, and TAC shows in your ‘Appearance’ menu. Click it and discover the themes that are giving your readers problems. Particularly useful in WPMU where you have to install themes to appease your users. [...]
[...] Link: TAC – Theme Authenticity Checker WordPress Plugin | builtBackwards [...]
[...] at the code of the theme and then also make it pass through a free to use Wordpress Plugin called Theme Authenticity Checker. Theme Authenticity Checker searches the source files of every installed theme for signs of [...]
[...] post ao procurar um tema novo, dado o FD me ter avisado de problemas e com a instalação deste plugin, encontro [...]
Just installed WP 2.9 RC1
TAC still works, but the little theme pictures are now all blank.
Thanks for the info, we’ll be sure to take care of the that before the full release.
[...] one update what broke the plugin in some cases, but overall very good work. Easy administration too.TAC (Theme Authenticity Checker)Checks for statistic links in themes, shows them: easy way to check for malicious links. It would be [...]
[...] check a theme for encrypted code, without manually checking each file, I highly recommend using the Theme Authenticity Checker. I’ve written about this before, but it really is an invaluable tool if you have a lot of [...]
[...] 主题相关 List Category Posts – 自定义显示CMS类主题中文章分类的顺序。 TAC(Theme Authenticity Checker) – [...]
[...] Download Plugin HomePage [...]
[...] Bien que la popularité de WordPress obtient que des milliers de développeurs travaillent dans tout le monde pour l'améliorer, un problème signifie aussi, parce que c'est une bonne niche pour que les hackers profitent des jugements de sécurité et distribuent massivement un code nuisible. Aujourd'hui nous connaîtrons deux plugins qui vérifient de divers aspects de l'installation du CMS pour s'assurer qu'elle est propre : Theme Autenticity Checker [...]
[...] При этом, часто темы скачиваются зачастую с чужих сайтов, например с моего CMS-theme.ru. Люди как говориться разные, поэтому могут запрятать ссылки в тему, так что ее и не увидишь например в двоеточие или в точку. Для того чтобы проверить тему на наличие ссылок на чужие сайты существует плагин для WOrdPress TAC, скачть ТАС можно отсюда – страница автора. [...]
[...] TAC(Theme Authenticity Checker) – 检验所下载的主题中是否存在第三方的垃圾代码(广告代码),或者木马什么的。 [...]
Great plugin, thanks for sharing.
[...] TAC (Theme Authenticity Checker) : Scan all of your theme files for potentially malicious or unwanted code. [...]
[...] Этот замечательный плагин позволяет выявить, есть ли в вашей теме Wordpress скрытый код или ссылки. Часто в темы вставляются ссылки в виде точек, восклицательных знаков и т.д. Одно дело, когда это ссылка автора или переводчика темы, а другое – когда в тему помещено несколько ссылок на разные сайты. TAC – Theme Authenticity Checker покажет, в каком именно файле и в какой строке находится ссылка. Скачать плагин TAC – Theme Authenticity Checker. [...]
[...] Этот плагин показывает лишние скрипты в кодах php и определит где находится зловредная ссылка – скачать [...]
[...] 1,Theme Authenticity Checker [...]
[...] sites. There is an excellent plugin that will let you check the authenticity of a particular theme over here. Let’s take a quick look at the main advantages and disadvantages of open source wordpress [...]
[...] TAC(Theme Authenticity Checker) – 检验所下载的主题中是否存在第三方的垃圾代码(广告代码),或者木马什么的。 [...]
You have some great plugins on your post. Your insight and expertise would be a welcome addition to our new community, i hope you will consider joining, and thanks for sharing!
[...] can get a copy HERE Tags: security, tac, themes, wordpress Category: Web & PC stuff You can follow any [...]
[...] Theme Authenticity Checker This plugin checks to see if a theme you’ve uploaded contains malicious code. Since so many free [...]