內容簡介
掃描所有主題文件,尋找潛在的惡意或不需要的程式碼。
TAC 是什麼
TAC 代表主題真實性檢查器。TAC 搜尋每個安裝主題的原始檔案,尋找惡意程式碼的跡象。如果發現此類程式碼,TAC 會顯示主題文件的路徑、行號,以及可疑程式碼的一小部分。從版本 v1.3 開始,TAC 還搜尋並顯示靜態連結。
那麼你該怎麼做?只因為程式碼在那裡,並不意味著它不應該存在,甚至符合威脅的條件,但大多數的主題作者並不會在 WordPress 範圍之外添加程式碼,也沒有理由使他們自由提供給網絡的程式碼難以理解。我們建議您聯繫主題作者,將腳本找到的程式碼以及您從何處下載主題一起發送給他們。
這個外掛的真正價值在於,您可以快速確定需要進行程式碼清理的位置,從而安全地享受主題。
歷史
TAC 最初是因為我們在網絡上多次找到混淆的惡意程式碼而開始的。需要一種快速掃描主題的方法,以查找不需要的程式碼,因此我們開發了這個外掛。
在進行自己的 Google 搜尋和探索之後,我們找到了 5thirtyOne 的 Derek 撰寫的關於這一主題的文章。事情是這樣的,許多第三方網站提供帶有編碼腳本的免費 WordPress 主題,有些甚至聲稱解碼這些胡言亂語構成侵犯版權法。這些編碼腳本可能包含各種不需要的有效負載,例如推廣第三方網站甚至劫持嘗試。
外掛標籤
開發者團隊
② 後台搜尋「Theme Authenticity Checker (TAC)」→ 直接安裝(推薦)
原文外掛簡介
Scan all of your theme files for potentially malicious or unwanted code.
What TAC Does
TAC stands for Theme Authenticity Checker. TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
Then what do you do? Just because the code is there doesn’t mean it’s not supposed to be or even qualifies as a threat, but most theme authors don’t include code outside of the WordPress scope and have no reason to obfuscate the code they make freely available to the web. We recommend contacting the theme author with the code that the script finds, as well as where you downloaded the theme.
The real value of this plugin is that you can quickly determine where code cleanup is needed in order to safely enjoy your theme.
History
TAC got its start when we repeatedly found obfuscated malicious code in free WordPress themes available throughout the web. A quick way to scan a theme for undesirable code was needed, so we put together this plugin.
After Googling and exploring on our own we came upon the article by Derek from 5thiryOne regarding this very subject. The deal is that many 3rd party websites are providing free WordPress themes with encoded script slipped in – some even going as far as to claim that decoding the gibberish constitutes breaking copyright law. The encoded script may contain a variety of undesirable payloads, such as promoting third party sites or even hijack attempts.