Do you use WordPress? I do. Have you ever searched Google for free WordPress themes? I have.
Is it a good way to find free themes?
No. It’s a big mistake.
Why? Because many sites that you find with a search provide free themes which include spammy links, hidden or encrypted code that does things you don’t want your blog to do, and perhaps even malicious code that opens your blog up to people you don’t even know about.
ThemeLab provided a video about of the problem in Stop Downloading WordPress Themes from Shady Sites. It will give you a quick idea of the problem.
Theme Lab says,
These are two main types of sites you should avoid while looking for any sort of WordPress theme to use on your blog.
- Torrent/warez sites
- Random sites you find in Google
There’s a helpful article on the same topic at WPMU titled Why You Should Never Search for Free WordPress Themes in Google or Anywhere Else. This article give you a closer view of some of the encrypted code, backlinks, and other warning signs. It names names and shows you exactly why to avoid certain sites.
You can get more information and test results of tests for spam links, encoding and malware in free WordPress themes in Only Download WordPress Themes from Trusted Sources by Chip Bennett.
Who you gonna trust?
The foremost trustworthy site is WordPress.org and its theme directory. If you need a free theme, you’d do well to start and end your search there. There are other trustworthy sites. They include,
What about your current theme?
Are you using a theme you found by searching? If you are wondering about the theme you are currently using, the articles I linked to above include tools and checkers that can help you decide if its safe to keep using what you have now. Here are some tools recommended by WPMU.
If you are investigating a theme that you think is suspicious you might find the following decoding tools helpful:
eval(str_rot13(' ... '));
- Other codes
- Manual base64 decode
If that seems too daunting, head over to WordPress.org for a theme you can trust.
Cross-posted in slightly different form at BlogHer.