For WordPress users, searching Google for “Free wordpress themes” might seem like a great idea. However increasingly this is becoming one of the most dangerous things you can do.
There is a lot of trust placed in a theme developer when you download and install their theme. The reason for this is that, especially if you are not an experienced programmer, they could place any code they wanted to in there – even malicious code, and you might be non the wiser.
What harm can that do? Well potentially lots! If you’re running a reputable blog for your company then hidden likes to “Busty Babes 3” and “Winky Mania III” might not go down great with your bosses and could seriously damage the reputation of your business as it is linked to such, lets say, questionable websites.
But, surely I’d see those links? Well you may do, but you most likely won’t. Most people who want to place secret code in a theme are pretty good at it by now. So links will be changed to the same colour as your background or even placed entirely off screen. So what’s the problem then? If people can’t see them how could that possibly affect your website? Well, the reason is that you may not see it, you may even (luckily) get away without your visitors, customers or potential investors seeing it. But there’s one thing on the Internet that will most definitely see it, without a shadow of a doubt. That is Google (and every other search engine!). Google will start to link you to the other websites due to the links you have back to them. And it may be difficult to explain to your boss why the manufacturing business website you are running for him suddenly ranks 3rd place in Google for “Busty Babes” and “Girls Go Wild”.
The example above is a serious one, albeit slightly humorous. But that is not the only thing that could potentially be included in your “fantastic” new theme.
Oh no, there’s more! You could have real malicious code pasted in there. For example, there could be code in there which makes it easier (i.e. leaves the proverbial front door unlocked and open) to bypass your servers security and attack it, change your content, hijack your account and the list goes on. Of course, none of these things are good – but they are possible if malicious code is in there.
And not only that, anyone with the requisite knowhow can use the open door to mess with your website – not just the person who put the code in the theme in the first place. Most themes like this tend to be counterfeit copies of real premium themes that genuine developers have put a lot of time and effort into creating.
But, I’m an experienced programmer, I know what I’m doing, I’ll recognise any malicious code. Well, possibly, but quite likely not. I mean, even the most experienced programmers won’t necessarily understand what every piece of code is and if you do, you are unlikely to have the time to vet it all before it goes live. And in any case, most malicious developers realise that they could in theory be caught out and encrypt the offending malicious code and then decrypt it on the fly using base64() and other similar functions. I would hazard a guess that there isn’t anyone out there, however clever or experienced, that can decode encrypted strings on the fly in their head!
In conclusion, in general, free themes for blogs (and free themes for other server software) are generally a bad idea. There are some good ones out there that are fine to use but more often or not these are from reputable companies.
Make sure you know where you themes have come from and who has written them. You don’t want to invest a huge amount of time in your website to have someone destroy it in a few clicks and keyboard presses.
The safest and best quality templates are of course premium templates from reputable companies! Happy, and safe, template hunting!