Before installing, make sure your wordpress theme is safe
There are so many wordpress themes available for free that it is so easy to lose counting. On the wordpress official theme directory are available only about 1400 themes. It is a small number compared to all available free wordpress themes. There is a good reason why the themes are not available in the official directory: strict rules.
If you want to put your theme into the wordpress theme directory you must follow some very strict rules: you are allowed only to place one link in the footer that will point to the author website, not other commercial website that is intended to sell something or to drive visitors to affiliate websites to generate commissions.
These strict rules are the reason why theme developers are not trying to send their themes to the official directory where they are tested and you can be sure that nothing bad code is inside.
If you search for themes in other free theme directories you can end up with a bad coded template with malicious software. It is true, no one checks them and you must be aware of this. Some directory owners add some malicious code into every template they post with the purpose to promote their website trough theme users. For example, Themes2WP add a link to every template they add to the directory that will point to their website. The link is not visible to people, it is seen only by search engine to improve their rank.
Adding a link is not so bad, unless you end up using a template that adds several links to your website that you are not even aware.
Some wordpress theme developers add some encrypted code with the purpose to make you think that if you delete that your theme will stop working. Inside the encrypted code the links to some malicious website is shown to your website footer. The truth is that nothing bad will happen if you delete that code. In most cases, links are not the only thing hidden trough encrypted code. Anything can be there, including the option to get some data about your blog and send it to an arbitrary e-mail set by the theme developer.
You should be very careful when dealing with themes with encrypted code. To make your life easier, there is a plugin that will check the themes for encrypted code and outbound links and will let you know before you install the theme.
The plugin is Theme Authenticity Checker and you can find it in the official wordpress plugin directory.
Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the item, I will receive an affiliate commission
January 17th, 2011 at 3:59 pm
As the saying nothing is free in this word 🙂 I downloaded about 25 themes for my own blog and many of them were really good the main issue i found with free themes is that you donot get PSD file which is required to edit the logo for your blog and you’ve mentioned a good point encrypted can do some stupid things, like send periodically email or having affiliate links at footer
January 18th, 2011 at 9:49 pm
If you try hard enough you can make a similar logo from the image of actual logo, but having the PSD is a great deal.
February 6th, 2011 at 8:56 am
Hello just stumbled your site and have been reading some of your posts and just wondering why you selected a IIS blog dont you find it difficult to do anything with?
February 6th, 2011 at 9:29 am
My website is not IIS hosted or related to IIS or any Microsoft technology. I’m not a big fan of microsoft.