Category: 
Tuesday, 11 March 2008 @ 1:44 pm (Chris Frost)
Over the past few weeks, I’ve seen an increase in Base64 encoding in ‘free wordpress themes’… now bear with me if you have a wordpress… its not really that technical!
Base64 is just a way to encrypt code, usually in Wordpress themes, its used to encrypt the footer template and 9 time out of 10, its an attempt to ensure that the designer is given credit by means of a link back to his website. Fair enough as they have put in the hard work.
However as the footer is encoded, it means that don’t actually see what else may well be hidden in the footer, something that has always concerned me. Maybe there are links to unfavourable sites, bits of java, images? It’s even possible to encode an iframes command that loads a merchant websites (basically cookie stuffing)! It’s definately something to be aware of, and in my opinion, something that as an affiliate, you should check and decode any Base64 footers to be sure everything is above board.
How will you know?
Well, an encoded footer will look out of the ordinary to any website owner. Instead of seeing the usual A HREF, IMG SRC or DIV codes, you will see something like this;
(base64_decode(’FZnHDoRVElF/cmI7Iw5rpzUjvPc0pi8rvPeer9+eEyeoykdTxFjx13///dc/ijPp/6jecyz7cS/
+VZOtILD/5VI25cUf/xTzXF6nL5NKRLWW3oYgKuOvbaBUujXEvUvPQGkBK/0yywQt8Hue
sEyCoF2CuBvl47UC6TqPq9IeZgmQMlq+ZHbYy3ab28qcdLk167CdeHFGIeRZRN5wrsOKO
/o5kfSkR7T0mfxlz5jAl2h6k/vi7S4muQZQj8Qkn6j/mRpJ9YBahj4////V/’)
Obviously, unless you are a freak of nature, you won’t stand a chance of being able to read what has been encoded, and therefore you could be opening yourself up to problems in the future. In my opinion, the best thing to do is to decode the file and reload it to your webserver, leaving in place the link to the designers website, but at the same time, ensuring there is nothing dodgy lurking in the code.
How do you decode base64?
Download and extract this Zip file. Follow the instructions and you should then be able to easily and quickly decode any base64 encryption.
Is it ethical?
Many people think its unethical to do this, as some will remove the links to the designers homepage. However, I think I have a right to know what my website is linking to rather than trusting an encoded script. I have also read in places that its illegal to decrypt Base64 although I suspect this is a white lie. Sometimes, like in this theme (this was encoded), I want to add links to RSS feeds, Sitemaps etc. By decoding it, it then allows me to add anything I wish to in my footer - and you will notice that I still leave the link in place to the original designer.
Horaayy..there are 6 comment(s) for me so far ;)
Nice spot Frostie.
Great post, I use a theme that if I take the designers link down, it puts a huge message on my page saying words to effect this person is using a theme without giving credit in big words.
I dont mind linking back more worried that I can’t see the other code which might be on my site
Good work Frostie. There are also lots of online Base64 decoders such as this one : http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/
If you have Firefox with the web developer add-in you can use “View generated source” to see what the source code looks like after any Javascript has run and added bits in.
I would have thought that this practice would be breaking the GPL big time! Open source is, well, open source. You should not go about encrypting bits of it, that is bang out of order and against the spirit of open source.
Having said that, if someone makes a theme and puts a link in it, then it is only respectful to leave the link there. They did the work in making the theme after all.
Yeah I agree about the GPL/Open Source issue. My main gripe about encoding is not knowing what has actually been encoded.
I must admit, I don’t feel bad by decoding, adding my own links yet leaving in place the designers link to his homepage. As you say, its only fair.
excellent, thank you!