Need a free wordpress theme? Whatever you do, don’t Google ‘free wordpress themes’ and start browsing for something pretty – unless you are looking for an exploited theme that has a good chance of getting your domain penalised. Here’s the shocking truth:WordPress themes are created by others to allow you to change the look and feel of your website to suit your business. These can then be used as a photography site, a student magazine or an email capture sales page. The danger is that some people are creating malicious themes, and it is these providers that are dominating the top of the Google results pages for terms like ‘free WordPress themes’.
How bad is it?
Recent research by Siobhan McKeown shows that of the top 10 organic Google results, 1 was safe, 1 was suspect and 8 had obfuscated encoding to hide extra code the theme providers don’t want you to see – that’s 9 out of 10 results that you can’t trust!
Why can’t you trust them?
8 of the sites contaminated a bunch of gibberish looking characters which was base64 encoding. While it looks meaningless, this gibberish is reassembled in to code when ran, creating hidden links to bad neighbourhoods, installing scripts and bots on to your WordPress installation or hacking in to the server your WordPress blog is installed on.
With so many good looking themes available online for ‘free’, it is disheartening to learn that it may not be the cheapest option in the long run – hosting malware or even linking to bad websites can get your site penalised or even de-indexed by Google and other search engines. What would you do if you lost 90% of your organic traffic next week? The one result you can trust is the official WordPress themes repository. These themes are checked for suspect code and also to be compliant with the latest web standards to help ensure compatibility, security and end-user usability.
There are also many premium theme suppliers who have a vested interest in supplying quality themes to their user base and building up a strong reputation. It should be fair to say that many premium theme providers have solid reputations and excellent products, but also that paying for a theme is by itself, no guarantee of a clean, friendly product.
What if you’ve already installed free WordPress themes?
If you already have free themes installed that you feel you should check over, the Theme Authenticity Checker Plugin could be useful for you (N.B. – they have a plugin checker too). In the end, WordPress is a free platform, so paying a little more for a premium theme with ongoing support to prevent against future security weaknesses, or ‘limiting yourself to the pre-approved WordPress.org selection of over 1,400 themes shouldn’t be too tall an order, as tempting as those free WordPress themes might instinctively appear…
Doesn’t Google penalise sites that host malware?
Google does – it’s a bad user experience, however visiting the free theme providers on the first page of the Goolge SERPs does not infect your machine with malware. Downloading the themes will not show up as malware either usually. It is only when the themes are installed do the threats usually become prominent. It could be argued that Google penalise other indirect badware providers and should step in here, but where do they draw the line? It’s a grey area right now so the best advice to protect yourself and stay knowledgable. And if your site/server is trying to infect others with malware, you could well find your site penalised or de-indexed.
Free WordPress themes installed from reputable looking sites may be ruining your SEO efforts, exploiting your server or infecting machines with malware without you even knowing it. Only use WordPress.org approved themes, premium themes you trust or themes you have scanned for hidden links, obfuscated code and security threats and are happy to base your business on.