Comments on: Tip: Use Caution When Shopping for a WordPress Theme

By: John Hoff - eVentureBiz

John Hoff - eVentureBiz — Mon, 22 Sep 2008 01:05:56 +0000

Hello Kyle. I just finished a 7 post series on protecting your WordPress blog and one of the things I mention is about trusting these plugins.

Plugins are great and add great functionalities to your blog, but these programs have access to your blog’s files and database. So you’re giving someone’s program free access to all this. (same with themes, like you said)

This is a great reminder to everyone that you can’t really trust everything on the web.

By: Rony John

Rony John — Thu, 18 Sep 2008 16:10:05 +0000

I got a theme from woothemes.com i hope they haven’t done anything like that !!

By: Melissa

Melissa — Thu, 18 Sep 2008 04:49:51 +0000

You couldn’t be more correct. Implementing a bad theme happens to people more often than any of us will ever know. That’s why I’m very picky about where I get my themes as well as recommend that others find them.

Great reminder for everyone to not just automatically download something without doing a little research first.

By: Blog Design Studio

Blog Design Studio — Wed, 17 Sep 2008 15:13:21 +0000

Hey Kyle.. Thanks for the mention. You are absolutely right, one has to ensure that themes should be downloaded from trusted source.

There have been a couple of cases, like you mentioned. Generally it’s not the theme designer, sometimes it’s just that hackers tend to sneak in and they alter the themes. So, one should only download the theme from the actual developers website or from wordpress themes directory.

By: Leland

Leland — Tue, 16 Sep 2008 18:29:57 +0000

Some sites will take other people's themes and re-release them on their own site with malicious code added. Some of these sites rank very highly for lots of WordPress-related search queries, so unfortunately these malicious themes are used quite a bit. I would have to say the "safest" place to get themes would be the official WordPress Themes Directory. There they have a few automated checks for malicious code, plus a manual approval by a human moderator. You can also get clean themes from other trusted sites. Just to name a few off the top of my head: Justin Tadlock, Brian Gardner, ThemeShaper, WPDesigner.

By: bowillis

bowillis — Tue, 16 Sep 2008 16:41:10 +0000

Just a couple of things to pass on.

If the theme isn’t from a trusted source get it from the orig author. I have found that most themes with malicious intentions were downloaded from another source.

Of course if you code you are most likely going to catch some funny looking snippets but if you don’t code and easy(but not necessarily absolute)way to inspect your site is to use an analytics tool (as simple as igoogle) and check your external links. If it’s a new site and it’s high or even if it’s just higher than you suspect, dig deeper. I’ve found sites with hidden links by right clicking a live site and viewing the page source. Scan the file and double check the header and footer.

Sorry to have rambled but I have seen this a FEW times. The safest things is to go to WP, the orig Author, a trusted source and, well, learn to code. Even if just to be familiar with what your looking at.

Thanks.

By: jbj

jbj — Tue, 16 Sep 2008 11:57:13 +0000

It isn’t the first time I hear about embeded malicious code in themes or plugins. Basically, I would say that users who knows PHP should always review the code before installing.

By: Themes Wordpress et code malicieux

Themes Wordpress et code malicieux — Tue, 16 Sep 2008 09:51:20 +0000

[...] vous suggèrent de lire le billet qui m’a inspiré sur Hack Wordpress, en cadeau bonux 1 site ou ne pas télécharger les thèmes Partager et découvrir [...]

By: Ryan - MarketFrog

Ryan - MarketFrog — Tue, 16 Sep 2008 08:46:41 +0000

Thanks for this informative post. Author reputation is the key point you mentioned. For new authors, it would mean they have to show their work at places that are trusted like wordpress.org