One of the common trends in the Internet is that anytime something becomes big and popular, it won’t be long before spammers and other malicious users would come in and use the popularity of that website/product/service to take advantage and victimize users. The same trend has happened to WordPress and its users as the blogging platform has become more and more popular the last few years.
I’ve blogged about WordPress theme malware in the past. The first time I learned about malware being inserted into free WordPress themes was back in August of 2007 when Templates Browser dot com was found out to be distributing WordPress and Joomla themes ridden with spam and malware links. A few months after that incident, another website was reported to be distributing free WordPress themes containing spam and malware links.
The reason why I’m blogging again about this topic is to create awareness and to remind WordPress users to be very careful in choosing where they download free WordPress themes from. One of the common practice amongst WordPress users is using Google or any search engine to look for free WordPress themes. Using Google or any search engine engine by itself is not the problem and not all websites offer “dirty” themes. The problem is that these spammers and malicious users are very smart and use a lot of resources like SEO (search engine optimization) to make sure that their websites and “dirty” products get to the the top of the list or the front page of search engine results for keywords like – free wordpress themes, free wp themes, wordpress themes free download, free wordpress themes download, etc.
If these advice or warnings are not enough to convince you or you want to learn more about why you should avoid using Google or any search engine to look for free WordPress themes, I recommend that you read this article that I came across the other day. It’s an article written by Siobhan Ambrose on WPMU.org entitled Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else. The article shows how the author used the keywords “free wordpress themes” on Google and her trying and testing out the themes offered by the top 10 results. The result of her test? Out of the 10 websites offering free WordPress themes, 8 offered themes encrypted with base64 codes and only 1 was safe – WordPress.org.
There are a lot of nice and clean free WordPress themes out there, you just have to be careful and know where to find them. Some good examples are ThemeShaper, Theme Lab and Smashing Magazine. Some premium WordPress theme providers also offer free themes once in a while so you should check them out.
If you can’t find a theme that you like from the WordPress.org Theme Repository or the sites I mentioned above, make sure you use a tool like the Theme Authenticity Checker which checks theme files for any encrypted codes if you decide to download a theme from an unknown source.
Better safe than sorry folks! Never or as much as possible avoid looking for free WordPress themes from search engines.
one problem with free themes , scrapers can easily duplicate your blog [both looks and content] , get a similar domain name and upload the free theme . That is why i edit my free theme so it looks a bit authentic .
I should be very careful this time..my blog site was hacked yesterday by this “shi5” from Saudi Arabia. I have recovered the password but the username has been changed and I’m so darn stupid that I did not have these precautions. I should’ve read a lot of articles back then. Anyhow, do you have other suggestions on how to clear everything? I mean I’m not sure if they still access the site or not because the username has been changed and I’m not able to update it. :( Looking forward for your help… Thank you in advance
@zammax – I don’t think I ever said anything about free WordPress themes being bad, right?
Not all free themes are bad thing. The important thing is how we choose the best free themes on the net..
@Icechen – Really? Haven’t heard of that one before. Thanks for sharing. :)
Yep, some people put some “paygate” script code in their themes and activate it after a few weeks. Your blog will have one of those “complete surveys to gain access”.
@Madav – I’m sorry but I think you either didn’t read the whole article or you didn’t understand it. I didn’t say free WordPress themes were bad or to not use them. What I’m talking about in the article is about the source – “where” you download/get those free WordPress themes from.
Here’s an excerpt from the 3rd to the last paragraph of what I mentioned in the article:
I disagree with you.Doesn’t matter if you are using Premium or free.I agree there are advantages of premium one but it doesn’t mean free themes are useless.free themes like hybrid for WordPress is an example it is far better than any premium themes
@neo – Yes they are malware-free because that built-in search only pulls themes from the official WordPress.org Theme Repository.
a question sir:
how about the built-in wordpress search in the wordpress dashboard? are they malware-free?