How to Avoid Unsafe Themes on WordPress

By Lisa Sabin-Wilson

Unsafe themes are developed by people who are looking to take advantage of the WordPress blog owners who use them. These particular themes are not allowed in the official WordPress Themes Directory. They contain elements such as the following:

  • Spam links: These links usually appear in the footer of the theme and can link to some pretty unsavory places. The designers of these themes hope to benefit from traffic from your site. They count on the idea that most blog owners won’t notice the links or know how to remove them.

  • Malicious code: Unscrupulous theme designers can, and do, place code in theme files that inserts hidden malware and/or virus links and spam. Sometimes you see a line or two of encrypted code that looks as though it’s just part of the theme code, and unless you have a great deal of knowledge of PHP, you may not know that the theme is infected with dangerous code.

The results of these unsafe theme elements can range from simply annoying to downright dangerous, affecting the integrity and security of your computer, hosting account, or both. For this reason, the official WordPress Themes Directory is intended and set up to be a safe place from which to download free themes.

WordPress designers develop these themes and upload them to the theme directory, and each theme gets vetted by the folks behind the WordPress platform. In the official directory, themes that contain unsafe elements are simply not allowed to play.

If you suspect or worry that you have malicious code on your site, the absolute best place to get your site checked is the Sucuri website, which offers a free website malware scanner. Sucuri provides expertise in the field of web security, for WordPress users in particular, and even has a free plugin you can install to periodically check your WordPress site for malware and/or malicious code.

My strong recommendation for finding free themes is to stick with the official WordPress Themes Directory. That way, you know you’re getting a clean, quality theme for your blog. You can rest assured that themes from the official directory are safe and free of spam and malicious code.