Scan all of your theme files for potentially malicious or unwanted code. Be aware of advertisements or dangerous JavaScript inserted into legitimate themes by third party theme download sites.
Future versions will allow to check for other theme vulnerabilities.
Download TAC (Current, v 1.4)
TAC in WordPress.org Plugin Directory
ABOUT
What TAC Does
TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
Then what do you do? Just because the code is there doesn’t mean it’s not supposed to be or even qualifies as a threat, but most theme authors don’t include code outside of the WordPress scope and have no reason to obfuscate the code they make freely available to the web. We recommend contacting the theme author with the code that the script finds, as well as where you downloaded the theme.
The real value of this plugin is that you can quickly determine where code cleanup is needed in order to enjoy your theme.
History
TAC got its start when we repeatedly found obfuscated malicious code in free WordPress themes available throughout the web. A quick way to scan a theme for undesirable code was needed, so we put together this plugin.
After Googling and exploring on our own we came upon the article by Derek from 5thiryOne regarding this very subject. The deal is that many 3rd party websites are providing free WordPress themes with encoded script slipped in – some even going as far as to claim that decoding the gibberish constitutes breaking copyright law. The encoded script may contain a variety of undesirable payloads, such as promoting third party sites or even hijack attempts.
Frequently Asked Questions
What if I find something?
Contact the theme’s original author to double check if that section of code is supposed to be in the theme in the first place – chances are it shouldn’t as there isn’t a logical reason have obfuscated code in a theme.
If something is malicious or simply unwanted, TAC tells you what file to edit, you can even just click on the file path to be taken straight to the WordPress Theme Editor.
Why does TAC list static links?
First of all, static links aren’t necessarily bad, TAC just lists them so you can quickly see where your theme is linking to.
What about future vulnerabilities?
As we find them we will add them to TAC. If you find one, PLEASE let us know: Contact builtBackwards or post in the WordPress.org Forum
CHANGELOG
Version 1.4
- Compatible with WordPress 2.8!
- Tested in Firefox 3.0.11 and Internet Explorer 8
- JavaScript hiding/showing of theme details
Version 1.3 (Fixes + New Feature)
- Changed title to “Theme Authenticity Checker”, same acronym, makes more sense
- Compatible with WordPress 2.2 – 2.6.1
- NEW! Checks for embedded Static Links
- NEW! Direct links for editing suspicious files in the WordPress Theme Editor
- Improved the CSS
- Uses its own function to get theme file paths
Version 1.2 (Fixes)
- Band-aid fixes to theme file paths that were altered by the update to get_themes() in WordPress 2.6
- This release is only compatible with WordPress 2.6
Version 1.1 (Fixes)
- Style sheet doesn’t explode any more when certain threats are detected
- Modified code snippet output to prevent interfering with page structure
- Improved styling for slightly more appealing output
Version 1.0 (First Release)
- This is the initial release of TAC.
INSTALLATION
After downloading and extracting the latest version of TAC…
- Upload
tac.php
to the/wp-content/plugins/
directory - Activate the plugin through the ‘Plugins’ menu in WordPress
- Go to Design -> TAC in the WordPress Admin
- The results of the scan will be displayed for each theme with the filename and line number of any threats.
[...] 21. Theme Authenticity Checker [...]
[...] TAC(Theme Authenticity Checker) – 检验所下载的主题中是否存在第三方的垃圾代码(广告代码),或者木马什么的。 [...]
[...] TAC(Theme Authenticity Checker) – 检验所下载的主题中是否存在第三方的垃圾代码(广告代码),或者木马什么的。 [...]
If the TAC Result shown my theme don’t have any code then its 100% sure or there is a change of any other kind of hacking code may be present?
[...] 4.TAC (Theme Authenticity Checker) [...]
[...] 4.TAC (Theme Authenticity Checker) [...]
[...] Home业界动态网络资源建站资源软件资源学习资源WEB资源WEB开发HTML&CSSjavascriptMysql数据库PHP技术SEO服务器网站设计高级搜索联系我网站地图登录 10个重要的WordPress安全插件 Posted by 纷飞De萝卜|罗红胜 on 六 16, 2011 in 建站资源 | 0 comments这篇文章重点介绍10个重要的WordPress安全插件和技巧,用来保护WordPress网站或者博客。1. WP Security人工帮助你修复被黑客入侵的网站,只要按照他们网站上的联系电话拨打即可,不收费。2. Admin SSLAdmin SSL通过使用私有的或者共享的SSL,可以确保你安全登陆页面,管理区域,帖子,页面等等,插件会强制通过SSL来输入所有页面上的密码,支持私有的SSL和共享的SSL。3. CHAP Secure Login这个插件可以用于博客的身份验证。4.TAC (Theme Authenticity Checker)TAC能够搜索出恶意代码对应主题的源文件。一旦找到了这样的代码,TAC会显示出主题文件对应的路径,行号,以及一小段可疑代码。5. Http-authentication 2.0HTTP Authentication插件允许你使用现有的手段来认证WordPress的用户。包括Apache最基本的认证模块和其它模块。6. WP Security Scan该插件扫描WordPress安装来查找是否存在安全漏洞,并提出正确的解决方案。7. AntiVirus for WordPress AntiVirus for WordPress 智能高效,可以用来保护你的博客免受攻击和垃圾邮件的干扰。8. Stealth Login这个插件可以用来创建自定义的URLs,用于登录,退出,管理和注册你的Wordpress博客网站。9. Antispam Bee这个插件可以通过替换评论字段来防止博客遭受垃圾邮件的攻击。简单实用,效率高。10. SI CAPTCHA Anti-Spam可以把CAPTCHA反垃圾的方法应用到WordPress平台上的评论表,注册表,登录表,或者其它的表单。为了发表评论或者登录,用户必须输入验证码。这个插件与Akismet,WPMU以及BuddyPress兼容。 Leave a Reply 点击这里取消回复。 [...]
[...] ваш сайт плагин TAC (Themes Authenticity Cheker), скачать его можно здесь . После установке TAC, он появится во вкладке «Внешний [...]
[...] 21. Theme Authenticity Checker [...]
[...] TAC(Theme Authenticity Checker) – 检验所下载的主题中是否存在第三方的垃圾代码(广告代码),或者木马什么的。 [...]
[...] builtbackwards.com/projects/tac [...]
[...] Скачать последнюю версию плагина ТАС (Theme Authenticity Checker) можно с сайта автора builtbackwards.com/projects/tac/ [...]
[...] can try out with installing the TAC (Theme Authenticity Checker) plugin or doing a simple re/search on the theme before you install [...]
[...] HomePage TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every [...]
This one very useful plugin. Thanks for sharing. Now I’m gonna install it on few of my blogs.
[...] TAC (Theme Authenticity Checker) 1.4 TAC scans all of your theme files for potentially malicious and unwanted code. builtbackwards.com/projects/tac/ [...]
[...] TAC (Theme Authenticity Checker) 1.3 NEW! 這個外掛可以檢查你所使用的版型是不是被加了什麼奇怪的連結,如果你自己不會改版型的話,透過這個外掛就可以知道了。(詳細介紹請看高登工作室) [...]
[...] TAC (Theme Authenticity Checker) – 테마의 상업성 링크, 비정상적인 코드를 점검 [...]
I have just ported my sites over from an old host due to a hacking incident. My new host cleaned the files perfectly and I have confirmed it. For some reason, on one of my sites, TAC is still scanning my old host. I check the instances that TAC reports back to me and they are clean. Is this a cache issue?
can u suggest a plugin where i can block an IP basis the no of clicks or time spent on the site. so if an ip comes to the site and does x number of clicks in a given time frame then it will be blocked automatically.
[...] TAC(Theme Authenticity Checker) – 检验所下载的主题中是否存在第三方的垃圾代码(广告代码),或者木马什么的。 [...]
[...] HomePage TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every [...]
[...] DownloadHomePageTAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links. [...]
[...] En plus des deux méthodes citées plus haut, je vous dévoile une extension pour WordPress vous permettant de vérifier la validité de votre thème de blog WordPress, il s'agit de "TAC" (Theme Authenticity Checker), que vous pouvez retrouver à cette adresse : builtbackwards.com/projects/tac/. [...]
[...] installé pour cela l’extention TAC, ou Theme Authenticity Checker qui permet en un seul clic de valider le code de votre thème et de [...]
[...] gesagt: Unser Retter heisst Theme Authenticity Checker. – Ein Plugin mit dem wir unser Theme auf bösartigen Code durchchecken [...]
[...] «Theme Authenticity Checker», который вы можете скачать здесь. Скачав, плагин разархивируете его в папку [...]
[...] Скачать сей плагин я думаю особого труда не составит но вообще он есть тут builtbackwards.com/projects/tac/ [...]
[...] the link to the developer’s website – builtbackwards.com/projects/tac/ Share → [...]
Спасибо огромное создателям этого замечательного плагина! Он мне очень помог выяснить проблемы с темой wordpress!
[...] TAC (Theme Authenticity Checker) Download Plugin HomePage TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every [...]
[...] 1. TAC (Theme Authenticity Checker) Plugin [...]
[...] O WordPress AntiVirus protege o seu blog a partir de vírus, worms e malwares que podem prejudicar seu site. Este plugin monitora seus arquivos e lhe dá um alerta sobre possíveis ataques quase em tempo real. – 5º TAC (Theme Authenticity Checker) [...]
Great plugin – simple and easy to use!
[...] для поисковиков)Cyr-To-Lat (генерирует ссылки в кириллицу)TAC (Theme Authenticity Checker) (очень полезный плагин, проверяет шаблоны на наличие [...]
[...] Themes Checker:- This plugin will scan all of your themes files for malicious or unwanted code. [...]
[...] scan your themes for any encoded or hidden scripts that could open up your site. It is built by builtBackwards and this is what they have to say about the plugin; TAC got its start when we repeatedly found [...]
wow..amazing, great one. will check my theme now
I didn’t aware of this problem. I found this info suddenly and installed the plugin immediately. It’s already found static links but the themes are ok. Thanks for this fantastic info.
[...] au incriptat un cod rau intentionat Daca ai dubii sau vrei sa te asiguri poti proba cu plugin-ul Theme Authenticity Checker(TAC) Acesta cauta intre arhivele temei si incercand sa gaseaca codul rau intentionat. Daca acesta [...]
Y U NO UPDATE?