As I waited the two or three minutes WordPress2 needs to post a small edit to this blog, I wondered why I was so casual about ripping backlinks out of the WordPress templates I downloaded yesterday. That issue is blog-worthy, I think. So this time, I smartly opened a second tab before hitting “save”. So while WordPress takes another 2-3 minutes to update the post slug, I can blog about stealth links in open source software.
I’ll go back and flesh out the issue later, but let’s just say there are plenty of direct backlinks hidden inside these “free” downloads. Some time ago I helped expose a case of user agent cloaking hidden within a front end re-write ruleset for the Invision Power Board forum. In that case, the author had inserted a cloaking script into the front end of a mod designed to make Invision’s forum “search engine friendly”. It quietly inserted 5 or 6 backlinks to his own pop culture websites, so only the search engines would see them. Nasty. We got him to fix it, though.
Now WordPress2 comes with a ton of themes. Each one is a set of code files, and each enjoys ample opportunity to insert backlinks. I always go and remove sitewide footer links because they are clearly not justified (except perhaps with a nofollow…haha) but this time I found myself stripping out several aditional links buried in the code. Some were in sections marked “do not edit anything here”. Some threatened “if you touch anything here, don’t even think of asking for support”. That’s fair enough, but disclosure would be much more…. ethical?
Yawn. Maybe I will start digging and see just how many free hidden backlinks are working for these people. And how many disclose, how many seem to hide the links, or gasp… maybe some or encoded? A task for a rainy day?
Alex King has promoted WordPress themes on his site for years, and gets many submissions. From this post I see some have computer virus/worms embedded, and others have hidden links. I’m not sure what the review process is today.