Avoiding Unsafe WordPress Themes
Finding the WordPress theme that fits you best may take some time, but with thousands available, you’ll eventually find one that suits you. Trying out several free themes is like trying on different “outfits” for your website. You can change outfits as needed until you find just the right theme. In July 2008, WordPress launched the official WordPress Themes Directory.
The WordPress Themes Directory isn’t the only place on the web to find free WordPress themes, but it’s the place to find the most functional and safe themes available. Safe themes contain clean code and fundamental WordPress functions to ensure that your WordPress blog functions with the minimum requirements. The WordPress.org website lists the basic requirements that theme designers have to meet before their theme is accepted into the themes directory.
Unsafe themes are developed by people who are looking to take advantage of the site owners who use them. These particular themes are not allowed in the official WordPress Themes Directory. They contain elements such as the following:
Spam links: These links usually appear in the footer of the theme and can link to some pretty unsavory places. The designers of these themes hope to benefit from traffic from your site. They count on the idea that most site owners won’t notice the links or know how to remove them.
Malicious code: Unscrupulous theme designers can, and do, place code in theme files that inserts hidden malware and/or virus links and spam. Sometimes you see a line or two of encrypted code that looks as though it’s just part of the theme code, and unless you have a great deal of knowledge of PHP, you may not know that the theme is infected with dangerous code.
The results of these unsafe theme elements can range from simply annoying to downright dangerous, affecting the integrity and security of your computer, hosting account, or both. For this reason, the official WordPress Themes Directory is intended and set up to be a safe place from which to download free themes. Theme designers develop these themes and upload them to the theme directory, and each theme gets vetted by the folks behind the WordPress platform. In the official directory, themes that contain unsafe elements are simply not allowed to play.
If you suspect or worry that you have malicious code on your site — either through a theme you’re using or a plugin you’ve activated — the absolute best place to get your site checked is the Sucuri website, which offers a free website malware scanner. Sucuri provides expertise in the field of web security, for WordPress users in particular, and even has a free plugin you can install to periodically check your WordPress site for malware and/or malicious code.
A strong recommendation for finding free themes is to stick with the official WordPress Themes Directory. That way, you know you’re getting a clean, quality theme for your blog. You can rest assured that themes from the official directory are safe and free of spam and malicious code.