[wp-hackers] Themes Being Unofficially Distributed with Security
Vulnerabilities - Time for an Official Theme Repository?
Computer Guru
computerguru at neosmart.net
Thu Nov 29 04:44:48 GMT 2007
On 11/29/07, Robin Adrianse <robin.adr at gmail.com> wrote:
>
> But that's easily gamed by spammers. They're not *that* stupid, you know
> ;).
>
> I don't think machine-verification would be that productive, to be honest.
> And it wouldn't really be that hard for a human to just give the theme
> files
> a quick look-over.
>
I agree 100%
No matter what you do, there'll always be a "easy" workaround to avoiding
machine detection. It can include() code from another URI, rot* text,
etc.... and worst of all, you'll give people a false sense of security, too.
Best is to just have a central repository. "Verified" members of the
community can officially mark a theme clean. Users can rate themes on
quality, and report a theme as dangerous if they feel it warrants further
investigation.
That's far more productive, a lot more bullet-proof, and feels more like the
WordPress way :)
--
Computer Guru
Director,
NeoSmart Technologies
http://neosmart.net/blog/
More information about the wp-hackers
mailing list