[kwlug-disc] free software - pwned
paul_nijjar at yahoo.ca
Fri Jan 14 22:51:35 EST 2011
On Fri, Jan 14, 2011 at 09:13:01AM -0500, Insurance Squared Inc. wrote:
> Here's a very interesting article on free wordpress themes:
> Here's the summary. Top 10 results of a search for 'free wordpress
> themes' results in 1 safe site (wordpress), one that's iffy, and 8 that
> contain malicious code.
I think "malicious" might be a strong word. Most of the flags were
for obfuscated content that contained backlinks, as opposed to code
intended to root your Wordpress install. I guess this content might be
harmful for those who are trying to keep their Google rank high,
though. So yeah, malicious.
I have mixed feelings about this:
- On the one hand, many eyeballs are making for shallower bugs, if
you consider backlinks bugs.
- On the second hand, there's something about theme culture here that
rubs my inner open-source advocate the wrong way. The ambiguity of
the word "free" strikes again.
- On the third hand, the existence of plugins that check themes for
such skeezy tactics is a good thing, and maybe those plugins will
get better. Whether people will run these plugins is another matter.
- On the fourth hand, this is one reason I rely on gatekeepers for my
code, which brings up another two hands: trusted APT repositories
and the Apple Store. Although the sites mentioned in this blog post
are repositories, clearly they are not reputable ones.
- On the fifth hand, maybe the reason these repositories have such
high rankings is because of the backlinks embedded in their themes!
I'm running out of hands, so I should stop.
> Might be worth a response from the folks at Drupal :). As for me, I
> guess rather than having a slow day at the office I need to go replace
> all the free wordpress themes I'm running on my server.
Well, at least Wordpress has a vibrant theme ecosystem. (Dagnabit.
Where did I leave my asbestos pants?)
- Paul (who remembers reading about when asbestos were cool)
More information about the kwlug-disc_kwlug.org