[wp-hackers] Themes Being Unofficially Distributed with Security Vulnerabilities - Time for an Official Theme Repository?

Computer Guru computerguru at neosmart.net
Thu Nov 29 04:44:48 GMT 2007


On 11/29/07, Robin Adrianse <robin.adr at gmail.com> wrote:
>
> But that's easily gamed by spammers. They're not *that* stupid, you know
> ;).
>
> I don't think machine-verification would be that productive, to be honest.
> And it wouldn't really be that hard for a human to just give the theme
> files
> a quick look-over.
>

I agree 100%
No matter what you do, there'll always be a "easy" workaround to avoiding
machine detection. It can include() code from another URI, rot* text,
etc.... and worst of all, you'll give people a false sense of security, too.

Best is to just have a central repository. "Verified" members of the
community can officially mark a theme clean. Users can rate themes on
quality, and report a theme as dangerous if they feel it warrants further
investigation.


That's far more productive, a lot more bullet-proof, and feels more like the
WordPress way :)

-- 
Computer Guru
Director,
NeoSmart Technologies
http://neosmart.net/blog/


More information about the wp-hackers mailing list