[How to] Decode an Encoded PHP Script in Wordpress Themes

by: - Last updated on: December 17th, 2016

php logo

I adore Wordpress themes! And I like to download and test the themes (free ones) frequently. Few days back I bumped across a plugin – TAC (Theme Authenticity Checker) which checks for any malicious code in the Wordpress themes present in /wp-content/themes folder.

When I ran TAC today, I found that couple of the themes I downloaded yesterday (name withheld) were having some encoded string in the Footer section. TAC projected them as potential threats since some malicious code could have been injected and encoded. The code looked something like this

echo(base64_decode(“PGRpdiBjbGFzcz0iZm9vdGVy
Ij4NCiAgPGRpdiBjbGFzcz0iZm9vdGVyX3R4dCI+IA0KICAgIDxw
PiBEZXNpZ25lZCBieTogPGEgaHJlZj0iaHR0cDovL3d3dy
50YWxrcmV2aWV3cy5jb20vdG9wLXNp
dGVzIj5Ub3AgV2Vic2l0ZSBSZXZpZXdzPC9hPiA8L3A+
DQoNCiAgICA8cD4NCiAgICAgIDxhIGhy
g0KDQo=”))

I started looking out for a tool which can decode this encoded string for me. And I found out this page which can encode as well decode! There is a radio button at the bottom where you need to select the decode option. The output decoded data will be displayed in the same screen within few seconds!

Just replace the encoded code with the decoded one and the theme will continue to work like a charm!

Link: Base-64-encoder-decoder

Mirror: Base-64 decoder

Also try this : OpionatedGeek decoder tool

Weekly Newsletter

Sign up for a specially curated Tech Newsletter.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. kaka,
    i am new to wordpress,
    i want to remove my footer links in my theme.
    I tried using the decode link u mention in your post.

  2. Wonderful This really is one of the most beneficial blogs I’ve ever browsed on this subject.
    I was very encouraged to find this site. I wanted to thank you for this special read. I definitely savored every little bit of it and I have you bookmarked to check out new stuff you post.

  3. I am trying to decode a footer code from wordpress and I am having a problem. I have tried the links above but the issue that I dont know if I am inputting the right characters from the encoded footer code. what should i do?

    1. I can’t comment without knowing what exactly you were trying to decode, but I must tell you that NOT all encoded codes can be decoded, specially if the developer has encoded multiple times.