Investigating Theme Spam «

Code: , , , , ,
1 comment

If you’re interested in what spammers are up to these days, check out Snarky’s blog post Evil Eval() investigating the obfuscated spam code hidden in the new WordPress theme he downloaded.

I’d be really interested to see how many of the themes on various WordPress sites include function calls like eval, call_user_func, base64_decode, unpack, ord, chr, etc. as an indicator of hidden spam.


  1. As a former WordPress user and occasional hacker thereof, I’m impressed by Snarky’s deconstruction and appalled at the obfuscation. It might take longer, but this is why I’m a fan of “roll your own” theming. Of course, I also use Drupal, so YMMV.

Leave a Reply

Your email address will not be published.