I've been working with Wordpress today. My wife is setting up a blog for her crafts and it seemed like a good fit. Add to that I've had a meeting recently where I was asked about Wordpress templates. (I'm not posting the blog address here, as my wife hasn't made any posts yet and isn't ready to share).
Most CMS system default templates are pretty bare, and the first thing people want to do is change the theme. Wordpress is pretty good in that respect. Unlike Drupal, searching for and installing themes is integrated directly into the system, so you don't need to download and unpackage themes directly into the Wordpress themes directory (though that works too). Overall Wordpress' administration configuration was slick and easy to use, and would set me at ease if I were unfamiliar with website coding and simply wanted to set up a good looking blog.
We picked a theme and set it up on the site. This particular theme, Fleur (Located at WordpressThemesBase but not linked to directly for reasons that will be obvious below) looked nice. Unlike Drupal, which sometimes allows for theme customisation within the system, I had to go directly into the css to modify the banner graphic to the correct colour. Not a big deal if you know about web page style sheets, but not something that would be obvious for a blog newbie to do.
The one thing that shocked me after I set up the theme and was ready to hand it off to my wife to add content was that there was an ad for an online pharmacy in the footer. I tried searching the HTML files for the ad and they weren't there. I eventually tracked down the code that had the pharmacy add, in the footer.php file:
<?php eval(base64_decode('Pz4gCQk8L2Rpdj4NCgkJPC9kaXY+DQoJPC9kaXY+DQoNCjwvZGl2PgkNCjxkaXYgaWQ9ImZvb3RlciI+DQo8cD48P3BocCB0aGVfdGltZSgnWScpOyA/PiA8P3BocCBibG9naW5mbygnbmFtZScpOyA/PiAuICBXb3JkUHJlc3MgLiA8P3BocCBpZihpc19ob21lKCkpIDogPz48YSBocmVmPSJodHRwOi8vb25saW5lcGhhcm1hY3kzLmNvbS8iIHRpdGxlPSJPbmxpbmUgcGhhcm1hY3kiPk9ubGluZSBwaGFybWFjeTwvYT48P3BocCBlbmRpZjsgPz48L3A+DQoNCgk8P3BocCBkb19hY3Rpb24oJ3dwX2Zvb3RlcicpOyA/Pg0KPC9kaXY+DQoNCjwvYm9keT4NCjwvaHRtbD4gPD8='));?>
This is a cheap trick I'm used to seeing in web system site attacks, not in blog themes. The base64_decode (and base64_encode) functions take some text and changes it back and forth from the garbled code above to another piece of code. I found an online base64 decoder and it decoded to the pharmacy link, as well as other crucial footer information. If you simply deleted the base64 code, the website would be broken.
Anyone actually using the theme would be linking to the online pharmacy, something that would improve that site's Google page rank. This means real cash in someone's pocket.
I decoded the code above, removed the references to the pharmacy, and then replaced the code with regular HTML. I won't grace the theme designer with a link, and I'll be suggesting to my wife to replace the theme with something that doesn't use underhanded tactics, or with something I've designed myself.
I understand the need or desire for people to support their work with advertising, but at the very least be up front about it if you're offering it up for "free".
