Mike Gerwitz

I’ve always had one major issue with some of the “free” Wordpress themes out there – the encryption of footer data. I’ve seen countless themes licensed under the GNU GPL that violate the very principles for which it exists.

Someone took the time to make their theme available under the GPL – that’s an excellent, noble thing. However, the encryption of footer data shows a complete lack of understanding of the philosophy behind Free Software and the GPL.

Freedom #1 states:

The freedom to study how the program works, and change it to make it do what you wish (freedom 1). Access to the source code is a precondition for this.

Here is an example footer from one of the themes I found (most of the content has been removed and what remains has been altered to (a) not throw anyone under a bus and (b) reduce the size of this post):

eval(gzinflate(base64_decode('gfE8f[...]T8=')));
 
/* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */
$o="ZnvJF[...]Mn=";eval(base64_decode("Xvxsbe0wO2V2YWwoYmFzZT[...]GxsfW9cnw=="));return;

Clearly, this is in violation of Freedom #1 for the following reasons:

1. The only way to gain access to the source code is to decrypt (reverse engineer) the above content. The fact that it is a very simple matter to do so is irrelevant – the source code should be clearly visible.
2. There is a comment in the code that clearly states that any attempt to reverse engineer the code is illegal. This is in direct conflict with the GPL – in fact, it’s completely incompatible. So that statement is actually negated by the license. You’re more than welcome to do so under terms of the GPL.
3. Since you do not have access to the original source code without decrypting the data, you are not free to modify it. Many try to decrypt the data and are unable to do so because they do are familiar with the PHP language or are otherwise unable to figure out how to decrypt it. If you do decrypt the above, you will find that the majority of it is HTML, with one call to wp_footer(). This means that, were it not encrypted, users would need only know HTML to safely modify it.

But those aren’t the only issues. There’s also some other considerations:

1. The encrypted footer is 7743 bytes. Decrypted, it is roughly 996 bytes. That is a huge size difference – a lot of wasted bytes to secure the footer.
2. There are a great number of function calls in order to decrypt the footer. You can see some of them above, but the eval()’d code contains additional methods to decrypt further encrypted and obfuscated code. That’s unnecessary overhead. Not to mention that eval() in itself is very slow. So, not only did the author prevent you from modifying the footer, you’re taking a performance hit because of it!

I can understand why the author would want to encrypt the footer. They probably felt that, if they’re releasing their source code free of charge to the public, they should at least be allowed to keep their copyright notice in tact. And yes, they should be able to. In fact, the copyright notice should never be removed on GPL’d code – it’s a legal requirement to keep it there. It is still the author’s work, and it is a copyrighted work, so the notice must remain in tact. But yes, people do remove it anyway, even though they shouldn’t.

But when an author takes the time to not only prevent me from modifying the source, but in doing so causes me to incur a performance hit, and on top of it licenses the theme under the GPL – I see some very large ethical issues. Especially considering that all I wanted to do was add my own link, and its placement required being able to modify the encrypted HTML.

I propose that all those who support free software boycott such themes and send a notice to the authors when they come by such themes (or send them a link to this post). Furthermore, do not let developers who try to restrict your freedom push you around. I do not propose you remove the copyright notice – in fact, I would never, ever suggest that someone do that; but I do propose that, if the theme is licensed under the GPL, you decrypt the footer regardless of any notices that state you otherwise cannot. The license clearly states you have access to the source code, and if you are not given such access, the code either needs to be relicensed, or the developer needs to comply with its terms.

As there are also many themes out there that encrypt their data and are not licensed under the GPL or other free software licenses, I’m not going to provide any methods of decrypting the data. I do not support proprietary software, but I also do not encourage license violations.

Tagged: Free Software, PHP, wordpress