Everyone loves the Free word, and it’s no different when it comes to Free WordPress Themes. When people are just getting started with WordPress they often search for a Free theme. It does make sense to some extent. Who wants to drop a bunch of money into a premium WordPress theme when you don’t know if your website or blog will take off or amount to anything.
I admit I like to save money as much as anyone else and have searched for free themes and plugins on more than one occasion myself. One of the pluses of such a popular blogging platform is you can find just about anything, many of which are totally free.
I was reading a post the other night about a very nice looking free WordPress theme. The design and layout was very attractive and it came with several different color schemes to choose from. I downloaded it and bookmarked the page so I could take a better look at it later.
This got me thinking about free WordPress themes. After doing a quick Google search it’s not hard to find an almost unlimited amount of sites or links to them.
Since I am kind of into the technical details a bit more than the average person I decided to have a look at some of them in my spare time. It didn’t take long to come to the conclusion that you need to be extremely careful with free WordPress themes. Especially from third party sites, meaning ones that are not listed in the WordPress theme repository. Of course there are some very good legit themes out there, but there are plenty (and I do mean plenty) of free themes that are not so legit. The not so legit themes vary considerably from slightly annoying to dangerous.
Things that I have noticed with Free WordPress Themes
Footer link/links to a 3rd party site
These are more along the lines of annoying. Some of them are coded in away that make it difficult and sometimes nearly impossible to remove the footer links if you are not a coder.
Footer links to numerous and/or hidden 3rd party sites
Some themes have several links in the footer that can fall into the bad neighborhood area. Additionally some were visually hidden so you wouldn’t notice just by looking at it with a web browser. Many of these were also difficult or nearly impossible to remove if you are not into coding as well.
Themes with pre-coded advertisements
These themes come with advertising already coded into the template. Many of them are removable, and could be just for reference so you can add your own in their place. But, they could also be considered a sneaky practice.
Themes with pre-coded advertisements that are difficult to remove
I did notice a small number of themes that had advertisements with difficult and/or encrypted code that would be difficult for most people to remove. These are very sneaky practices because if you can’t remove the encrypted ad code someone else is going to earn from your website.
Themes with old or exploitable code
A lot of WordPress themes use the Tim Thumb script to resize images. There was an exploit going around recently involving a vulnerability in the Tim Thumb script itself. The author has since provided an update/fix for this, but a huge number of free and older themes still include the older vulnerable Tim Thumb script. You should check every WordPress theme for this vulnerability before using it.
There are a small number of WordPress themes that have hidden backdoor code / exploit. They can be used to get your login and password details so someone can later do whatever they want to your site. I have also noticed free plugins that do things like this too so be careful with them as well.
A combination of the above mentioned
Some themes had more than one of these that ranged from annoying to dangerous.
Be careful with anything when it comes to free. Especially with free WordPress themes and plugins.
Tips for Free WordPress Themes
1. Get them from the WordPress repository if possible.
2. If you do use 3rd party themes or plugins be sure to get them from a reputable site and developer. A little research and Google searching is definitely worth the time.
3. Unzip a WordPress theme or plugin for that matter to your local computer first. It probably wouldn’t hurt to scan the contents with your anti-virus program. Then, open each file and look for any strange or unusual coding. If you find any strange characters, or things like base64 decode/encode most likely it is to hide something. It could just be that they are protecting the link to their web site in the footer, but it could also mean something not so nice is hiding.
4. Check to see if the theme includes the Tim Thumb script and if it is vulnerable. It may be called thumb.php, thumbs.php, timthumb.php, or phpthumb.php. It could be in the main directory/folder or in a sub directory/folder within the template file. The one that is vulnerable will generally have a file size of around 20kb’s or less. The newer fixed version is closer to 40kb’s. So if you find one of these files in the theme and it is in the 20kb file size area then it most likely is the older vulnerable file. Some themes just involve replacing it with the newer version, while others require replacing it with the newer file and adjusting part of the code in the theme in order to work.
Don’t be quick to upload and install a WordPress Theme just because it looks good and because it’s free. There are many good legitimate themes out there. Just be aware that not all of them are as nice as they appear.