Webmaster Forum

Go Back   Webmaster Forum > Web Development > Blogging Forum

Blogging Forum Discuss general blogging issues here - design, integration, posting, trackbacks, ETC. Also discuss blogs you like.


Reply
 
Thread Tools Display Modes
Share |
  #1  
Old 01-13-2011, 10:55 PM
snakeair snakeair is offline
Super Moderator - Rest in Peace 2018
 
Join Date: 12-31-07
Location: Medford, NJ
Posts: 54,771
iTrader: 3 / 100%
The Hidden Dangers of Free WordPress Themes

All of us have searched for free wordpress themes and installed them but there is a downside to using themes that you found while searching google or other sites. The downside is the theme is not updated to work with the latest version of wordpress or they are poorly coded leaving your site open up to hackers. Take a look at this blog post before responding.

Quote:
I have this terrible (or awesome, I suppose) tendency to create new blogs. In fact, just today I bought a new domain (another terribly awesome tendency) and will soon begin the process of setting up "just another WordPress blog."

That means searching for a new WordPress theme. And those who've done this before know how difficult it can be to find a good theme in what is arguably the underbelly of the SEO beast: the search string "WordPress themes."

As if finding a good WordPress theme isn't challenging enough, Siobhan Ambrose points out the dangers and security issues when you're searching for - or rather, installing, "free WordPress themes."

Ambrose makes the argument in a blog post aptly titled "Why You Should Never Search for Free WordPress Themes in Google or Anywhere Else." And it isn't simply because the search is frustrating or spammy.

She takes themes from the top ten websites that are returned for such a search and finds that many of the themes there are out-of-date and won't work with the latest version of WordPress. Many generated errors upon installation.

But more troubling, many of these sites contain themes with security exploits. Most common in Ambrose's findings was Base64, which can be...
Continued at: http://www.readwriteweb.com/biz/2011...f-free-wor.php

Your thoughts on this blog post? Any tips to share with us about using free themes?
 
Reply With Quote

Advertisement

Advertisement

  #2  
Old 01-14-2011, 06:26 AM
ScriptMan's Avatar
ScriptMan ScriptMan is offline
Super Moderator
 
Join Date: 02-10-07
Location: Central Kentucky
Posts: 14,038
iTrader: 4 / 100%
Darn good post and right on target.

To what was already said in the article I would add, especially avoid any script, template or theme that has encoded parts. It is very easy to hide stuff there where it can not be found.
 
Reply With Quote
  #3  
Old 01-14-2011, 08:40 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,710
iTrader: 5 / 100%
Quote:
Originally Posted by ScriptMan View Post
especially avoid any script, template or theme that has encoded parts. It is very easy to hide stuff there where it can not be found.
To add the ScriptMan's note:

To find this look in functions.php, sidebar.php or footer.php first. They do hide stuff in other stops but that seems to be the most common That and hiding stuff with CSS (display: none or same colour as the background).
 
Reply With Quote
  #4  
Old 01-14-2011, 09:41 PM
BobB49's Avatar
BobB49 BobB49 is offline
Contributing Member
 
Join Date: 02-17-09
Location: Georgetown, Texas
Posts: 76
iTrader: 0 / 0%
Script Decoders...

Wow - I never would have thought. I received most of my free themes from WordPress.org - however there may be a couple I got from another site. I haven't used them because they require more 'customizing' than simply 'activating' it. I think I'll look for the script decoder information before using the other themes on my site.
 
Reply With Quote
  #5  
Old 01-14-2011, 09:56 PM
KeithCash's Avatar
KeithCash KeithCash is offline
v7n Mentor
 
Join Date: 03-14-06
Location: Montevallo Alabama
Posts: 1,334
iTrader: 0 / 0%
So far I have not found too many that do not work with the latest version of Wordpress. I try to find ones that are super modifiable and work on trying to make them look different
 
Reply With Quote
  #6  
Old 01-14-2011, 10:39 PM
Snooks's Avatar
Snooks Snooks is offline
v7n Mentor
 
Join Date: 03-06-10
Location: Australia
Posts: 3,125
iTrader: 2 / 100%
Well for the "average computer Joe" such as me, this is almost scary.

Nothing like putting in hours and hours of work on a free template, building the site and getting it nice, only to find it is easy to exploit.....

I need to rethink my plans very, very carefully.
 
Reply With Quote
  #7  
Old 01-14-2011, 11:22 PM
echo_unlimited echo_unlimited is offline
Junior Member
 
Join Date: 05-19-06
Posts: 12
iTrader: 0 / 0%
One reason to purchase professionally made designs from organisations who offer a series of WP themes for low year annual prices. At least you know they'll get updated.

But I've used free themes before and I've never in 5 years had an exploitative moment with my wordpress site.
 
Reply With Quote
  #8  
Old 01-15-2011, 07:15 AM
Snerdey's Avatar
Snerdey Snerdey is offline
v7n Mentor
 
Join Date: 10-14-10
Location: Austin & S.P.I. ~ TX + N.Y. and now Europe
Posts: 1,713
iTrader: 1 / 100%
When it comes to your business, blog or even a personal online journal. When is free the right option? You get what you pay for right? How much is your time worth? Spending even 2 - 3 hours or in some cases days to configure, research and of course check for bad coding etc.. is it really worth it?

Not too me, especially if the site is to become another revenue stream for my portfolio. Sure, many spend a few bucks on a domain, slap on wp and a free theme and they are done. Mostly for ad clicks anyway, the web is overfilled with those.. good grief!

A $30 theme can save you a bucket load of time. It can also take a few hours to follow the installation instructions depending on where you purchased the theme. At least you know it's going to be updated.

Down side to free ones is thousands download them. With purchased it's normally below 500 downloads.

My time is worth so much more to me
 
Reply With Quote
  #9  
Old 01-15-2011, 12:53 PM
Amy W's Avatar
Amy W Amy W is offline
Junior Member
 
Join Date: 12-29-10
Location: Olathe, KS
Posts: 4
iTrader: 0 / 0%
Ok, so for those of us who should probably upgrade anyway, where do you propose buying a good WP theme?
 
Reply With Quote
  #10  
Old 01-15-2011, 01:00 PM
Alex Dumitru's Avatar
Alex Dumitru Alex Dumitru is offline
Contributing Member
 
Join Date: 07-25-06
Location: Bucharest, Romania
Posts: 99
iTrader: 0 / 0%
You are right. Everyone should make sure the theme is a quality one and is compatible with the latest version of Wordpress.
 
Reply With Quote
  #11  
Old 01-15-2011, 01:47 PM
snakeair snakeair is offline
Super Moderator - Rest in Peace 2018
 
Join Date: 12-31-07
Location: Medford, NJ
Posts: 54,771
iTrader: 3 / 100%
Quote:
Originally Posted by Amy W View Post
Ok, so for those of us who should probably upgrade anyway, where do you propose buying a good WP theme?
Just search google for wordpress themes. There are ton's of them out there. You just have to find the one that fits your niche or fit's your needs. I did a search for you in google but you can fine tune the search to your liken. http://www.google.com/search?hl=en&b...1g-c6&aql=&oq=
 
Reply With Quote
  #12  
Old 01-15-2011, 03:00 PM
asmodeus's Avatar
asmodeus asmodeus is offline
Contributing Member
 
Join Date: 01-09-11
Location: Canada
Posts: 53
iTrader: 1 / 100%
I've used free themes for years with no problems, but I also do my own customizations, so I dont mind that part of it (I actually find it kinda fun...masochist, I know!).

But yes, you DO have to be careful. I used a free script once that got hacked and it wasnt pretty. "Free" doesn't have to mean "bad" or "danger", but it is important to know what could potentially be a problem.
 
Reply With Quote
  #13  
Old 01-15-2011, 05:44 PM
Kaiberie's Avatar
Kaiberie Kaiberie is offline
Contributing Member
 
Join Date: 01-03-11
Location: Cotswolds, UK
Posts: 56
iTrader: 0 / 0%
I have to chime in and disagree with this.
There's several safe places to get your themes - if you know the developer (like me - obviously you don't know me - others do though) - I occasionally offer free themes. I do it because the software is great and I've got a thing about paying it forward
One of the other safe places is WordPress.org - you know, your theme search in the back end of every blog you install? Matt made it very clear when they cleared it out that anything 'dodgy' would be removed - I'm not saying they're entirely licensed, but they are at least verified before uploading as far as I'm aware.
I think the general advice is good - check the footer and sidebar for encoding - and if you're stuck, ask people - it's likely that people will know whether the theme is 'good' or not. And if you're unsure of something, or you're having problems, first place to look is the theme and plugins anyway, so disabling them while you investigate is always a good idea.

Kai
 
Reply With Quote
  #14  
Old 01-16-2011, 04:22 AM
Kaiberie's Avatar
Kaiberie Kaiberie is offline
Contributing Member
 
Join Date: 01-03-11
Location: Cotswolds, UK
Posts: 56
iTrader: 0 / 0%
Sigh - that's what I get for clicking then reading the wrong article - seems I don't disagree with her, I agree... Lol.

Kai
 
Reply With Quote
  #15  
Old 01-21-2011, 06:08 PM
Robert1215's Avatar
Robert1215 Robert1215 is offline
Contributing Member
 
Join Date: 01-16-11
Location: Canada
Posts: 57
iTrader: 0 / 0%
Hmm...this never occured to me before. For the most part these days I use themes I have purchased with no problems. The only free theme I use to date would be the semiologic theme which I enjoy as well.
 
Reply With Quote
  #16  
Old 02-11-2011, 07:15 AM
nepateemu nepateemu is offline
Junior Member
 
Join Date: 02-10-11
Posts: 11
iTrader: 0 / 0%
Is there any tools that can test theme security?
 
Reply With Quote
  #17  
Old 02-11-2011, 07:46 AM
TechWizard's Avatar
TechWizard TechWizard is offline
v7n Mentor
 
Join Date: 07-26-07
Location: Georgia
Posts: 6,156
iTrader: 2 / 100%
Back in the early 90's there was an explosion of free software and tools that were being released from free windows themes and screen savers, to computer clocks and even Internet browsing enhancements.

What was the large result of all the freebie stuff that was originating from virtually everywhere? To be honest there was some pretty great things that came to fruition like ICQ and the like, but for the larger part these free utilities and softwares were laden with nasty viruses, trojan horses and tracking software.

The problem became so much of an issue that actual organizations were beginning to form that held as a primary purpose to give a safe outlet for credible software such as CNet and the like. The motto that was mentioned, "you get what you pay for" it is generally the God's honest truth.

Public domain software that is delivered through reliable sources are always the safest way to go. Though Google's search engine is a gateway to a seemingly limitless outlet of information and solutions, it is also rife with dishonest and incorrect information and solutions.

I would suggest when looking for a free anything including a free Wordpress theme that before downloading that theme doing a few searches on the developers and see if there is any bad information available from past users. This should be a common practice in my opinion before doing almost anything from getting a free Wordpress theme, to buying a new computer just to see what others think. Never know what you might find
 
Reply With Quote
  #18  
Old 02-11-2011, 11:01 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,710
iTrader: 5 / 100%
Quote:
Originally Posted by nepateemu View Post
Is there any tools that can test theme security?
Not really. But if you follow these 2 replies you can do it manually with just a text editor like Notepad.

Quote:
Originally Posted by ScriptMan View Post
Darn good post and right on target.

To what was already said in the article I would add, especially avoid any script, template or theme that has encoded parts. It is very easy to hide stuff there where it can not be found.
Quote:
Originally Posted by HTMLBasicTutor View Post
To add the ScriptMan's note:

To find this look in functions.php, sidebar.php or footer.php first. They do hide stuff in other stops but that seems to be the most common That and hiding stuff with CSS (display: none or same colour as the background).
 
Reply With Quote
  #19  
Old 02-11-2011, 01:29 PM
moneyonlinesorg's Avatar
moneyonlinesorg moneyonlinesorg is offline
v7n Mentor
 
Join Date: 02-03-11
Location: USA
Posts: 1,208
iTrader: 0 / 0%
Guys, I hate to point out, but this doesn't just happen with the FREE stuff. Don't be mislead to thinking that just because you BUY something, it's going to be better or free of such things. I can give dozens of examples where buying something didn't ensure proper coding to prevent exploits, where they failed to properly code hooks for even some base functions, and where their code virtually destroyed the inherent SEO benefit different platforms tried to create.

Don't get me wrong, it usually doesn't happen, but sometimes, those in a rush to make money online develop some really cool looking stuff, but don't put the time into covering the issues mentioned in the linked post. So don't think it's just FREE and by avoiding free you can avoid the issues. Just some food for thought and my
 
Reply With Quote
  #20  
Old 02-13-2011, 11:06 AM
ameerulislam ameerulislam is offline
No Longer Active
 
Join Date: 12-30-10
Location: Dhaka
Posts: 1,350
iTrader: 0 / 0%
Smile

Quote:
Originally Posted by moneyonlinesorg View Post
Guys, I hate to point out, but this doesn't just happen with the FREE stuff. Don't be mislead to thinking that just because you BUY something, it's going to be better or free of such things. I can give dozens of examples where buying something didn't ensure proper coding to prevent exploits, where they failed to properly code hooks for even some base functions, and where their code virtually destroyed the inherent SEO benefit different platforms tried to create.

Don't get me wrong, it usually doesn't happen, but sometimes, those in a rush to make money online develop some really cool looking stuff, but don't put the time into covering the issues mentioned in the linked post. So don't think it's just FREE and by avoiding free you can avoid the issues. Just some food for thought and my
You just spoke something that popped in my mind and I wanted to point out this concern in question form. But I guess I got my answer before asking. Thanks! So where should we look or how can we be 100% assured.. I guess I have to be coder for my self (which I'm in the process actually).
 
Reply With Quote
Go Back   Webmaster Forum > Web Development > Blogging Forum

Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


V7N Network
Get exposure! V7N I Love Photography V7N SEO Blog V7N Directory


All times are GMT -7. The time now is 05:12 AM.
Powered by vBulletin
Copyright 2000-2014 Jelsoft Enterprises Limited.
Copyright © 2003 - 2018 VIX-WomensForum LLC