1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What The Best Way To Check A Wordpress Theme For Exploits!

Discussion in 'Blogging' started by meakerseeker, Jun 3, 2011.

  1. meakerseeker

    meakerseeker Regular Member

    Joined:
    Jan 3, 2010
    Messages:
    385
    Likes Received:
    23
    I'm using some free wordpress themes & would like to find a
    wordpress plugin that will check for exploits in my them.

    I tried the wordpress plugin "Exploit Scanner" and it just hangs
    is there another plugin to check for exploits & viruses etc.
     
  2. clin407

    clin407 Regular Member

    Joined:
    Apr 6, 2011
    Messages:
    418
    Likes Received:
    129
    You can check all files for any mentions of "base64" as a quick way. What exploits are you looking for?
     
  3. meakerseeker

    meakerseeker Regular Member

    Joined:
    Jan 3, 2010
    Messages:
    385
    Likes Received:
    23
    I checked it with the TAC plugin & it says it'd clean whats
    "base64 and how would I search for it on my pc or cpanel.

     
  4. rickstar

    rickstar Elite Member

    Joined:
    Dec 9, 2009
    Messages:
    1,979
    Likes Received:
    871
    Home Page:
    Check your footer.php and header.php files, to see if there are any fishy redirects or rogue URLs pointing anywhere.
     
  5. sirgold

    sirgold Supreme Member

    Joined:
    Jun 25, 2010
    Messages:
    1,260
    Likes Received:
    645
    Occupation:
    Busy proving the Pareto principle right
    Location:
    A hot one
    Looking for base64 is surely the best way to go.

    At a glance just examine if you see long strings of text with weird characters that don't make much sense... This latter is not a foolproof method or anything but it generally takes just a few secs per php file (scrolling is fast) and gives you a decent overlook in order to spot something fishy. HTH!
     
  6. meakerseeker

    meakerseeker Regular Member

    Joined:
    Jan 3, 2010
    Messages:
    385
    Likes Received:
    23
    Here's both the header & footer do any of you guys see any bad code.
    Also the theme supposed to be nulled but from what it looks like it not
    like this

    http://anonym.to/?http://www.couponpress.com

    Is this them nulled & bad code free I did scan it with the
    theme authority checker plugin & it gave it a ok.

    Here's the footer.php
    ----------------------------------------------------------------------
    <?php
    global $PPT;
    if(file_exists(FilterPath()."/wp-content/themes/couponpress/themes/".$GLOBALS['couponpress']['theme']."/footer.php")){

    include(FilterPath()."/wp-content/themes/couponpress/themes/".$GLOBALS['couponpress']['theme'].'/footer.php');

    }else{
    ?>
    <div class="clear"></div>

    <?php if ( !function_exists('dynamic_sidebar')
    || !dynamic_sidebar('Footer') ) : ?>
    <?php endif; ?>
    </div>

    <div id="page-copy" class="clearfix">
    © <?php echo date('Y')." "; echo $GLOBALS['couponpress']['copyright']; ?> -
    <a href="http://anonym.to/?http://www.couponpress.com" title="Wordpress Coupon Theme">Wordpress Coupon Theme</a>
    <?php echo PREMIUMPRESS_VERSION ?> - Developed by <a href="http://anonym.to/?http://www.couponpress.com" title="Wordpress Coupon Script">Wordpress Coupon Script</a>
    </div>


    </div>
    </div>
    <?php } ?>
    <?php wp_footer(); ?>

    <?php echo stripslashes(get_option("analytics_code")); ?>
    <?php echo stripslashes(get_option("google_adsensetracking_code")); ?>
    <center><?php echo $PPT->Banner("footer"); ?></center>
    <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=premiumpress"></script>

    </div>
    </body>
    </html>

    And here's the header.php
    ----------------------------------------------------------------------------

    <?php
    global $PPT;

    /* ================ PREMIUM PRESS CUSTOM OPTIONS =========================== */
    $GLOBALS['premiumpress']['language'] = get_option("language");
    $GLOBALS['premiumpress']['logo_url'] = get_option('logo_url');
    $GLOBALS['premiumpress']['theme'] = get_option('theme');
    $GLOBALS['premiumpress']['theme_folder'] = "couponpress";
    $GLOBALS['premiumpress']['imagestorage_link'] = get_option('imagestorage_link');
    $GLOBALS['premiumpress']['currency_symbol'] = get_option("currency_code");
    $GLOBALS['couponpress']['submit_url'] = get_option("submit_url");
    $GLOBALS['premiumpress']['submit_url'] = $GLOBALS['couponpress']['submit_url'];
    $GLOBALS['premiumpress']['analytics_tracking'] = get_option("analytics_tracking");

    /********************** GENERAL CONFIGURATION ***********************/
    /*********************************************************************/

    $GLOBALS['couponpress']['license_key'] = get_option("license_key");
    $GLOBALS['couponpress']['theme'] = get_option('theme');
    $GLOBALS['couponpress']['language'] = get_option("language");
    $GLOBALS['couponpress']['system'] = get_option("system");
    $GLOBALS['couponpress']['excluded_pages'] = get_option("excluded_pages");
    $GLOBALS['couponpress']['article_cats'] = get_option("article_cats");
    $GLOBALS['couponpress']['copyright'] = get_option("copyright");
    $GLOBALS['couponpress']['logo_url'] = get_option("logo_url");
    $GLOBALS['couponpress']['faviconLink'] = get_option("faviconLink");
    $GLOBALS['couponpress']['imagestorage_link'] = get_option("imagestorage_link");
    $GLOBALS['couponpress']['display_search_link'] = get_option("display_search_link");
    $GLOBALS['couponpress']['currency_code'] = get_option("currency_code");

    /********************** PAGE CONFIGURATION ***********************/
    /*********************************************************************/
    $GLOBALS['couponpress']['display_searchbox'] = get_option("display_searchbox");
    $GLOBALS['couponpress']['dashboard_url'] = get_option("dashboard_url");

    $GLOBALS['couponpress']['display_categories_box'] = get_option("display_categories_box");
    $GLOBALS['couponpress']['display_submit'] = get_option("display_submit");
    $GLOBALS['couponpress']['manage_url'] = get_option("manage_url");
    $GLOBALS['couponpress']['display_scroller'] = get_option("display_scroller");

    /********************** ADVERTISING CONFIGURATION ***********************/
    /*********************************************************************/

    $GLOBALS['couponpress']['display_previewimage'] = get_option("display_previewimage");
    $GLOBALS['couponpress']['advert_top'] = get_option("advertising_top_checkbox");
    $GLOBALS['adminads'] = 0;

    /****************** LINK CLOAKING CONFIGURATION ***********************/
    /***********************************************************************/

    $GLOBALS['couponpress']['linkcloak_enabled'] = get_option("display_linkcloak");
    $GLOBALS['couponpress']['linkcloak_url'] = get_option("tc_linkcloak");

    /********************** ITEM PRUNE CONFIGURATION ***********************/
    /************************************************************************/
    $GLOBALS['couponpress']['post_prun'] = get_option("post_prun");
    $GLOBALS['couponpress']['prun_period'] = get_option("prun_period");
    $GLOBALS['couponpress']['prun_status'] = get_option("prun_status");


    /* ================ PREMIUM PRESS CATEGORY ID =========================== */
    if(isset($wp_query)){
    $category = $wp_query->get_queried_object();
    if(is_object($category) && isset($category->cat_ID) ){
    $GLOBALS['premiumpress']['catID'] = $category->cat_ID;
    $GLOBALS['premiumpress']['catName'] = $category->name;
    $GLOBALS['premiumpress']['catDesc'] = $category->description;
    }
    }
    /* ================ PREMIUM PRESS LANGUAGE FILE =========================== */
    $PPT->Language();

    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
    <head>
    <meta http-equiv="Content-type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
    <title><?php wp_title('«', true, 'right'); ?> <?php bloginfo('name'); ?></title>
    <link rel="shortcut icon" href="<?php echo get_option("faviconLink"); ?>" type="image/x-icon" />
    <link rel="stylesheet" href="<?php bloginfo('stylesheet_url'); ?>" type="text/css" media="screen" />
    <link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />
    <?php echo stripslashes(get_option("google_webmaster_code")); ?>
    <?php if ( is_singular() ) wp_enqueue_script( 'comment-reply' ); ?>
    <?php wp_head(); couponpress_header(); ?>
    </head>
    <body>
    <div id="body-wrapper">
    <?php
    if(file_exists($PPT->FilterPath()."/wp-content/themes/couponpress/themes/".$GLOBALS['premiumpress']['theme']."/header.php")){

    include($PPT->FilterPath()."/wp-content/themes/couponpress/themes/".$GLOBALS['premiumpress']['theme'].'/header.php');

    }else{
    ?>

    <div id="page-container">
    <div id="coupon_wapper">
    <!-- ********************** COUPONPRESS TOP HEADER ***********************/
    /************************************************************************ -->
    <div class="page-container-inner">

    <div class="page_logo_wrapper">

    <div id="Logo">

    <a href="<?php bloginfo('url'); ?>/">

    <img src="<?php echo $PPT->Logo(); ?>" alt="<?php bloginfo('name'); ?>">
    </a>

    </div>

    <div id="page-header">

    <ul>

    <li class="last"><a class="rsslink" rel="nofollow" href="<?php bloginfo('rss_url'); ?>"><?php echo $GLOBALS['_LANG']['3x1']; ?></a></li>

    <?php echo $PPT->Pages(); ?>

    <li><a href="<?php bloginfo('url'); ?>"><span><?php echo $GLOBALS['_LANG']['_home']; ?></span></a></li>
    </ul>

    <div class="clear"></div>

    </div>

    <?php if($GLOBALS['couponpress']['display_searchbox'] == "top"){ ?>
    <form method="get" id="TopCouponSearch" action="<?php bloginfo('url'); ?>" role="search">
    <div class="searchcouponpress">
    <input type="text" class="box" name="s" id="s" value="<?php echo $GLOBALS['_LANG']['_enterkey']; ?>" onfocus='javascript:clearMe();'/>
    <button class="btn" title="<?php echo $GLOBALS['_LANG']['_search']; ?>"><?php echo $GLOBALS['_LANG']['_search']; ?></button>
    </div>
    </form>


    <?php }else{ ?>

    <div class="banner"><?php if($GLOBALS['couponpress']['advert_top'] ==1){ echo $PPT->Banner("top"); } ?></div>

    <?php } ?>

    </div>

    <div class="clear"></div>


    <div id="page-nav-top" class="page-navigation">
    <ul id="nav" class="clearfix">
    <?php echo $PPT->Categories("","",true,true); ?>
    </ul>
    </div>

    <?php } ?>

    <div id="page-content" class="clearfix">

    <?php

    if(file_exists(FilterPath()."/wp-content/themes/couponpress/_slider.php") && $GLOBALS['couponpress']['display_scroller'] == "yes" && !is_page() && !is_single()){

    include(FilterPath()."/wp-content/themes/couponpress/_slider.php");

    }
    ?>
    <div class="clear"></div>
    <?php if(!isset($GLOBALS['submit_page'])){ ?><div id="main-content"><?php } ?>