Be Wary Of F*r*e*e WordPress Themes
Ever seen the acronym “TINSTAAFL”? It stands for “There Is No Such Thing As A Free Lunch”. Why do you think there are so many f*ree WordPress themes available for download? I used to wonder why myself – I mean, are there just heaps of very generous theme designers out there?
Well, the answer is no. Many of these fr*ee WordPress themes are used for various nefarious purposes ranging from distributing hidden backlinks to allowing full blown hacking of the server that the site is hosted on. This ESPECIALLY applies to sites distributing fre*e versions of premium (paid) themes.
An example I recently came across was a f*ree version of the “Classy” theme, available at Theme Forest. The theme inserted a hidden div full of links to porn sites into the pages of the website that was using it. This was accomplished via this code added to the functions.php file of the theme:
$url = "http://www.jquerys.org/jquery-1.6.3.min.js
The URL looks legitimate, but it is not – it is malicious. For a full description of some other ways fr*ee themes can be used maliciously, see this article.
So are you a bit worried now? Wondering how you can check you own sites? Here some things you can do:
- To check the theme(s) on your site install the “Theme Authenticity Checker (TAC)” plugin. If you go to “Plugins-Add New” in your WordPress admin and search for “TAC” you will find it.
- You can do a scan on your Wordpress site at the Sucuri website – look for the “SiteCheck” link in the top menu.
- Only get fre*e themes from a source you trust, such as WordPress.org.
- Keep your WordPress installations up to date by upgrading whenever a new version of WordPress is released – a message will appear on your WordPress Dashboard when an upgrade is available.