Why You Should Never Search For Free WordPress Themes

5 replies
Now, armed only with the words “free WordPress themes,” builtBackwards’ Theme Authenticity Checker Plugin and Donncha O Caoimh’s Exploit Scanner, I’m going to take a look through the first page of Google to see just how safe pages ranking for “Free WordPress Themes” are.
An interesting look at how safe Free Wordpress themes may, or may not be.

Free Wordpress Themes: Why You Should Never Search For Them on Google

Joe Mobley
#free #search #themes #wordpress
  • Profile picture of the author Adie
    A lot of sites been hacked because of backdoor through free themes...
    Signature



    Moderator's Note: You're only allowed to put your own products or sites in your signature.

    Signature edited.
    {{ DiscussionBoard.errors[6706244].message }}
  • Profile picture of the author sbucciarel
    Banned
    An exception to this rule would be that it's ok to get free Wordpress themes from sites like Woo Themes (they do have some free ones).
    {{ DiscussionBoard.errors[6706261].message }}
  • Profile picture of the author StevenK
    I have enjoyed a couple of "free" themes for over two years and never had a problem. A premium theme can be hacked also.

    Just be careful where you get the theme.


    Steve
    {{ DiscussionBoard.errors[6706642].message }}
  • Profile picture of the author CyberSEO
    Originally Posted by Joe Mobley View Post

    An interesting look at how safe Free Wordpress themes may, or may not be.

    Free Wordpress Themes: Why You Should Never Search For Them on Google

    Joe Mobley
    First of all, I want to say that "free" doesn't mean "insecure". Furthermore, those GPL themes that available in the official WP repository are better secured than the ones you download from 3rd-party sites. At least the themes in WP repository are being checked for explicitly harmful code (e.g. backdoors).

    On the other hand, even some premium WP themes I've seen have serious vulnerabilities (e.g. some still use old versions of TimThumb script etc).

    The conclusion:
    1. do not trust to premium themes;
    2. do not trust to authenticity checkers and exploit scanner - these can be easily outsmarted;
    3. there are no 100% secure plugins and themes because WP itself has a lot of vulnerabilities;
    4. if you want to check the theme/plugin for malicious code - do it manually (if you are skilled enough) or hire some good PHP coder to do such a job for you.
    Everything above is just an IMHO of a PHP coder who makes WP plugins and themes since 2004.
    Signature
    CyberSEO Pro - the ultimate all-in-one autoblogging WordPress plugin, powered by OpenAI GPT-4, Anthropic Claude, Google Gemini Pro, Midjourney, DALL-E 3 and Stable Diffusion XL
    {{ DiscussionBoard.errors[6708717].message }}

Trending Topics