I adore WordPress themes! And I like to download and test the themes (free ones) frequently. Few days back I bumped across a plugin – TAC (Theme Authenticity Checker) which checks for any malicious code in the Wordpress themes present in /wp-content/themes folder.
When I ran TAC today, I found that couple of the themes I downloaded yesterday (name withheld) were having some encoded string in the Footer section. TAC projected them as potential threats since some malicious code could have been injected and encoded. The code looked something like this
echo(base64_decode(“PGRpdiBjbGFzcz0iZm9vdGVy
Ij4NCiAgPGRpdiBjbGFzcz0iZm9vdGVyX3R4dCI+IA0KICAgIDxw
PiBEZXNpZ25lZCBieTogPGEgaHJlZj0iaHR0cDovL3d3dy
50YWxrcmV2aWV3cy5jb20vdG9wLXNp
dGVzIj5Ub3AgV2Vic2l0ZSBSZXZpZXdzPC9hPiA8L3A+
DQoNCiAgICA8cD4NCiAgICAgIDxhIGhy
g0KDQo=”))
I started looking out for a tool which can decode this encoded string for me. And I found out this page which can encode as well decode! There is a radio button at the bottom where you need to select the decode option. The output decoded data will be displayed in the same screen within few seconds!
Just replace the encoded code with the decoded one and the theme will continue to work like a charm!
Link: Base-64-encoder-decoder
Mirror: Base-64 decoder
Also try this : OpionatedGeek decoder tool