12 responses

  1. The Knowledge of London
    February 23, 2011

    Wow thanks. Pretty scary stuff base64 and websites (non-wordpress.org) free WP themes, avoid them it seems. Cheers

  2. Steffe
    March 3, 2011

    Thanks, i’m using this online decryptor http://www.base64online.com

  3. Greg
    June 15, 2011

    Have any idea what this is all about?:

  4. EditPad Pro fanpage
    July 5, 2011

    Thanks for sharing ! Some of these base64 footers also use ROT13 code, which can be decoded with EditPad text-editor (free an pro versions)

  5. nico
    October 3, 2011

    Wow, i was going well untill the last step, i’ve got the text separated into lines but after changing the last “eval” to an “echo” i just got this rendered in my browser:
    ?>

    the code i’m using is this: http://pastebin.com/q921vjSa

    ΒΏcan you please take a look? would be very helpful.

    Thanks anyway for sharing this info

  6. elurps
    October 14, 2011

    finaly i found out what my eval code is in my footer! it was just a backlink by theme greator thank you πŸ™‚

  7. base64
    October 29, 2011

    When you find more than one eval statement in the code, consider doing this logic (by Otto):
    1. Replace the first eval with an echo. Add a “return” immediately after that eval statement.
    2. Run the code, capture the output using output buffering.
    3. Replace that echo (and the return) with the new output, since it will be from that one echo only.
    4. Start over with your new code.

  8. fab
    December 3, 2011

    Can anyone help me to understand why i am getting this in my worpdress theme and what i should do?
    I don’t understand wich part of the code i have to paste to the tool. πŸ™

    Thanks!

    // base64 encoded red image that says ‘no hotlinkers’
    // nothing to worry about! πŸ™‚
    $imgData = base64_decode(“R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=”);

  9. admin
    December 3, 2011

    It appears that your theme-author doesn’t want you to remove their base64 code that, according to him, just makes the red image that says “no hotlinkers” …

    I would suggest abandoning this theme. If that isn’t an issue to you, feel free to use it and continue to pursue it but, most would simply rather stay away from such things. You never know when or where vulnerabilities may be added in custom signatures like that.

  10. adeel
    January 6, 2012

    it good man

  11. Deon Fialkov
    September 10, 2012

    Luckily I managed to find a free wordpress theme that wasn’t infected with base64 code.

    I do have the plugin Theme Authenticity Checker (TAC) installed should it get infected later on.

    I did happen to research this topic before I found my theme so I knew which free themes to avoid.

    Are these base64 codes legal ? I understand that themes can be free , but does that allow the developer to install `naughty code’ like base64 ?

  12. admin
    September 10, 2012

    Deon. ‘base64’ code isn’t necessarily ‘naughty’ code. It has legitimate uses. But it is very often used by hackers and is also used to hide details the theme-developers don’t want you to see.

    It is often used to force you to have their credentials kept on the theme, to keep you from being able to easily edit the theme, etc. Since WordPress is free, any theme that is also free, ought to come free, with no strings attached, and should not have shady content on it.

Back to top
mobile desktop