Check your WordPress themes for malicious codes!
If you’re using free WordPress and Joomla themes, then you should check your theme files for some malicious codes. This issue was first raised by Derek of 5ThiryOne (via JaypeeOnline) which hit Digg’s frontpage the other day. One of Derek’s free WordPress themes have actually been modified and inserted with malicious codes.
On the same note, I got a call from Michael Rogers (commonly known in the local SEO circles as seoluv) pointing me to a similar case he wrote on his blog accusing SEO World Champion Benj Arriola of willfully distributing WordPress themes with PHP codes that pulls out hidden links when search engines visit blogs that uses his free themes.
The infected WP themes include the Transformers Fans, among others. I have not checked all the other themes if there were other PHP codes inserted in them. These themes will spew out several hidden links to the goglobalwarmingawareness2007.com. On top of this, Michael Rogers is also accusing Aileen Apolo of conniving with Benjie Arriola to rank for the keyword “Google Country Consultant”. Here’s the screenshot of the codes with links to the respective keywords.
Janet Torral called me a while ago so I could explain to her what this fuss is all about. Apparently, she was also contacted by Michael Rogers to expose this story in her column in the newspaper (SunStar). He quoted Janet getting feedback about this story to Aileen, which the latter vehemently denied. It is still uncertain whether Aileen knows about this Black Hat SEO technique which Benj implemented for her blog using his freely distributed WordPress themes.
I believe this issue is more geared towards the WordPress community as WP Founder Matt Mulleweg announced on his blog earlier. As to the issue of black hat SEO, my take on it is that if you wanted backlinks in exchange for the free themes you are distributing, just put them right there for every theme user to see and let them decide to retain it or not. Putting them via hidden links so only the search engines can see (term used is cloaking) is just plain no-no. Benj might want to explain why he implemented this experiment.