Quote:
Originally Posted by teg0
I know of one exploit, but haven't reported it quite yet.
A less obvious security issue is free themes. I know it seems like I'm just saying that because I sell themes, but I'm not. The reason free themes are bad is because people find one that looks good, download it, install it, see it run and think it was a success. However, I'm seeing more and more examples of people sneaking code into free themes that get distributed. Code designed to force hardlinks to show up or to steal traffic. Some others more malicious. This is the main security risk that wordpress can't really fix, other than having a database of clean themes with a md4 hash.
|
http://wordpress.org/extend/plugins/tac/ solution to this problem, works great. scan your themes before activating them.