Scan all of your theme files for potentially malicious or unwanted code. Be aware of advertisements or dangerous JavaScript inserted into legitimate themes by third party theme download sites.
Future versions will allow to check for other theme vulnerabilities.
Download TAC (Current, v 1.4)
TAC in WordPress.org Plugin Directory
ABOUT
What TAC Does
TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
Then what do you do? Just because the code is there doesn’t mean it’s not supposed to be or even qualifies as a threat, but most theme authors don’t include code outside of the WordPress scope and have no reason to obfuscate the code they make freely available to the web. We recommend contacting the theme author with the code that the script finds, as well as where you downloaded the theme.
The real value of this plugin is that you can quickly determine where code cleanup is needed in order to enjoy your theme.
History
TAC got its start when we repeatedly found obfuscated malicious code in free WordPress themes available throughout the web. A quick way to scan a theme for undesirable code was needed, so we put together this plugin.
After Googling and exploring on our own we came upon the article by Derek from 5thiryOne regarding this very subject. The deal is that many 3rd party websites are providing free WordPress themes with encoded script slipped in – some even going as far as to claim that decoding the gibberish constitutes breaking copyright law. The encoded script may contain a variety of undesirable payloads, such as promoting third party sites or even hijack attempts.
Frequently Asked Questions
What if I find something?
Contact the theme’s original author to double check if that section of code is supposed to be in the theme in the first place – chances are it shouldn’t as there isn’t a logical reason have obfuscated code in a theme.
If something is malicious or simply unwanted, TAC tells you what file to edit, you can even just click on the file path to be taken straight to the WordPress Theme Editor.
Why does TAC list static links?
First of all, static links aren’t necessarily bad, TAC just lists them so you can quickly see where your theme is linking to.
What about future vulnerabilities?
As we find them we will add them to TAC. If you find one, PLEASE let us know: Contact builtBackwards or post in the WordPress.org Forum
CHANGELOG
Version 1.4
- Compatible with WordPress 2.8!
- Tested in Firefox 3.0.11 and Internet Explorer 8
- JavaScript hiding/showing of theme details
Version 1.3 (Fixes + New Feature)
- Changed title to “Theme Authenticity Checker”, same acronym, makes more sense
- Compatible with WordPress 2.2 – 2.6.1
- NEW! Checks for embedded Static Links
- NEW! Direct links for editing suspicious files in the WordPress Theme Editor
- Improved the CSS
- Uses its own function to get theme file paths
Version 1.2 (Fixes)
- Band-aid fixes to theme file paths that were altered by the update to get_themes() in WordPress 2.6
- This release is only compatible with WordPress 2.6
Version 1.1 (Fixes)
- Style sheet doesn’t explode any more when certain threats are detected
- Modified code snippet output to prevent interfering with page structure
- Improved styling for slightly more appealing output
Version 1.0 (First Release)
- This is the initial release of TAC.
INSTALLATION
After downloading and extracting the latest version of TAC…
- Upload
tac.phpto the/wp-content/plugins/directory - Activate the plugin through the ‘Plugins’ menu in WordPress
- Go to Design -> TAC in the WordPress Admin
- The results of the scan will be displayed for each theme with the filename and line number of any threats.
Понравился плагин по удалению закодированных ссылок. Попробую воспользоваться им.
Спасибо большое автору
[...] 1,Theme Authenticity Checker [...]
[...] Theme Authenticity Checker (Checks for spam links in your themes) [...]
[...] code crypté, sans vérifier manuellement chaque fichier, je recommande fortement d’utiliser TAC (Theme Authenticity Checker). TAC cherche les fichiers source de tous les thèmes installés avec un code malveillant. Si le [...]
[...] TAC – Theme Authenticity Checker [...]
[...] a well handy plugin: TAC from http://builtbackwards.com/projects/tac/ : [...]
[...] Theme Authenticity Checker (Checks for spam links in your themes) [...]
[...] check to see if your wordpress theme contains these encrypted codes or back-links then install the Theme Authenticity Checker TAC plug-in. Here's a screenshot of the Theme Authenticity Checker Plug-in at work. Here it found encrypted [...]
[...] did i discovered the trick? I looked at the footer. I used TAC wordpress plugin to identify hidden codes in my themes, and in this case, I found one. I googled for an online demo [...]
[...] me through my contact page. The email looks like this. Hi, I came accross a plugin called TAC (Theme Authenticity Checker) that’s supposed to reveal encrypted codes in wp themes. They also say that we should stop [...]
[...] test my claims on the garbage that can be found in some of these themes download the Theme Authenticity Plugin (TAC) and then download and install a few free wordpress themes from various sites you would find in a [...]
[...] Download | Plug-in Detail [...]
[...] 21. Theme Authenticity Checker [...]
[...] TAC (Theme Authenticity Checker) [...]
[...] TAC (Theme Authenticity Checker) Проверка темы оформления на наличие ссылок на другие сайты (которые могли оставить авторы темы, явно или скрыто). Поскольку каждая ссылка стоит денег, стоит ли использование чужой темы размещение ссылок? Вам решать. Внешний вид » TAC [...]
I just want to thank you personally since i have found a bunch of stuff on free themea i have used for years!
[...] 1,Theme Authenticity Checker 这个插件就是典型的必须出现的,现在WordPress流行了,需要主题的朋友多了,有一些垃圾就开始想在主题中动手脚了,比如加入一些第三方的垃圾代码,或者木马什么的,而这些东西WordPress初学者不会有任何的防备,所以就出现了许多的恶意事件,Wopus中文平台和Wopus中文社区都有过例子。 还有有人利用推荐广告主题的机会,把主题中的广告代码换成自己的,所以这个插件是很必须的,建议安装。既然说到了WordPress的安全性,酋长这里多推荐两篇文章: a,WP Security Scan—检查你的blog是否安全 b,WordPress安全白皮书 [...]
[...] TAC (Theme Authenticity Checker) by builtBackwards We have all installed a theme with has hidden code that calls the random (and unintended) pop-up for your users. Or, perhaps it is just me. Either way, TAC solves the problem. It scans your themes and identifies rogue code and hidden links. A simple-to-understand user interface makes identifying the problem themes simple and easy. Just install, activate, and TAC shows in your ‘Appearance’ menu. Click it and discover the themes that are giving your readers problems. Particularly useful in WPMU where you have to install themes to appease your users. [...]
[...] 21. Theme Authenticity Checker [...]
[...] Download Plugin HomePage [...]
[...] Scans your themes for potentially malicious or unwanted code. See Project page. [...]
[...] Authenticity Checker(TAC)插件下载地址:点击下载 VN:F [1.9.3_1094]【文章评分】请稍等…Rating: 0.0/5 (0 votes [...]
[...] check to see if your wordpress theme contains these encrypted codes or back-links then install the Theme Authenticity Checker TAC plug-in. Here's a screenshot of the Theme Authenticity Checker Plug-in at work. Here it found encrypted [...]
[...] test my claims on the garbage that can be found in some of these themes download the Theme Authenticity Plugin (TAC) and then download and install a few free wordpress themes from various sites you would find in a [...]
[...] 운영자 스스로가 보안 설정을 해야한다. 반드시 필요한 플러그인이다. TAC – Theme Authenticity Checker WordPress Plugin | builtBackwards http://builtbackwards.com/projects/tac 워드프레스는 무료 테마가 무척 많지만 [...]
[...] WordPress做为一款优秀程序,为其制作的主题theme已经是成千上万,然而一些人开始打坏主意,在模板中插入恶意代码,严重影响每一个wper的感情,终于有了主题代码安全性检查插件Theme Authenticity Checker,这个作品,帮助检查每一个主题theme中代码是否安全。 [...]
[...] te han insertado código malicioso en tu tema de wordpress lo puede comprobar a través del plugin Theme Authenticity Checker (o TAC) , este plugin rastrea los ficheros de tu tema y que busca los ficheros que poseen código [...]
[...] a well handy plugin: TAC from http://builtbackwards.com/projects/tac/ This entry was posted in Security. Bookmark the permalink. ← By: Site Security and file [...]
[...] WordPress做为一款优秀程序,为其制作的主题theme已经是成千上万,然而一些人开始打坏主意,在模板中插入恶意代码,严重影响每一个wper的感情,终于有了主题代码安全性检查插件Theme Authenticity Checker,这个作品,帮助检查每一个主题theme中代码是否安全。 [...]
[...] the TAC – Theme Authenticity Checker. This helpful little plugin identifies encrypted code and outbound links embedded in themes. [...]
[...] My Page Order17. Adsense-Deluxe18. Search Regex Plugin19. Tweetmeme20. WP-SpamFree Anti-Spam21. Theme Authenticity Checker22. List Category Posts23. Expanding Text Plugin24. Actionable25. Advanced Tagline26. Sodahead [...]
[...] Download Plugin HomePage [...]
[...] gesagt: Unser Retter heisst Theme Authenticity Checker. – Ein Plugin mit dem wir unser Theme auf bösartigen Code durchchecken [...]
[...] от таких тем отказаться. Кстати, есть замечательный плагин ТАС, который проверяет темы на предмет кодировки и [...]
[...] Download Plugin HomePage [...]
[...] or something like those stuff. Actually there where two plugins that where suggested. You can try TAC wp plugin or the Theme Check wp [...]
[...] these theme issues, you can check out items such as the TAC plugin (Theme Authenticity Checker) at Built Backwards. Per their site, “Currently, TAC searches the source files of every installed theme for signs [...]
[...] Plugin HomePage TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every [...]
[...] Download Plugin HomePage [...]
[...] I can’t believe I didn’t know about Theme Authenticity Checker (TAC) from builtBackwards! [...]
[...] in monitoring your site and alerting you if anything is suspect: AntiVirus for WordPress and TAC (Theme Authenticity Checker) are two I [...]
Free wordpress themes are great but they can has nasties that cause problems so this plugin is great for users of free wordpress themes to make sure there is no nasty links.
[...] 21. Theme Authenticity Checker [...]
This plugins could not detect this code, and i think that this is bad code on my theme
///////////////////
[...] 5. TAC (Theme Authenticity Checker) [...]
[...] 5. TAC (Theme Authenticity Checker) [...]
[...] plugin monitora seus arquivos e lhe dá um alerta sobre possíveis ataques quase em tempo real. – 5º TAC (Theme Authenticity Checker) 5º TAC (Theme Authenticity Checker)Theme Authenticity Checker é uma ferramenta muito útil que [...]
[...] themes found surfing Google or Bing – many of them contain malware. I highly recommend the Theme Authentication Checker, a great tool you install on your site which allows you to verify themes once you upload them on [...]
Excellent WP plugin especially for anybody who chooses a free theme, but just as good for a web master who wants to check that novody has hacked into their hosting account. Highly recommended.
[...] Download Plugin HomePage [...]