Choosing a Free WordPress theme can a tough job. Especially if you’re a beginner. When searching the Web for free themes outside the WordPress directory, be aware that the popularity, open code, and ease of use in making WordPress themes are attractive to others who can make your web server could become part of a zombie army of machines participating in a Distributed Denial of Service (DDoS) attack on some other website, but some may contain malicious code in there. Specially if you download from random web sites and not from WordPress.org, or It can be used in a phishing scheme to mine passwords and other personal information from your visitors—unbeknown to them.
So always select themes which are available through the WordPress Free Themes Directory. at least they follow the community’s rules. Although themes are collections of programming code and, thus, can have bugs.
Don’t be afraid to ask the developer questions before installing a theme that comes from outside the traditional channels.
Visit the developer’s site, and check on the WordPress.org forums to know the developer’s reputation.
Once you’ve got your theme installed, use the WordPress Exploit Scanner plug-in that
searches through your website’s files and database tables and notifies you of any suspicious code.
1. Exploit Scanner
This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.
2. TAC (Theme Authenticity Checker)
TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
3. WordPress Antivirus
This plug-in is another very useful plug-in and it scans your theme directory .It specially detect WordPress permalink back door which is a very malicious malware for wordpress and used in to access the database.This plug-in show green color if your file is out of danger and red if your file may be in danger.
More Useful Resources and References:
- WordPress Security – A Comprehensive Guide
- WordPress Theme Security Issues
- Test Your WordPress Security Settings with ServerBuddy
- WordPress User: Be careful where you get your theme from
- Scan Your WordPress Theme For Malicious Scripts
- How To Evaluate A WordPress Theme For Your Blog
- [Update: April 21, 2010] Mitch Mitchell guest posting at DiTesco’s iBlogZone gives us a different perspective with Five Elements In Deciding On A Blog Theme Mitch’s criteria focus more on aesthetics and marketing than what I covered here.
- Daniel Scocco at Daily Blog Tips gives us “10+1 Tips for Choosing a WordPress Theme.” Very useful, especially if you are interested in web business.
- John Lamansky at the WordPress Expert blog gives “7 Tips for Choosing a WordPress Theme.” John makes some excellent points about the structure of a theme, which I haven’t seen elsewhere.
- After you have a theme installed and you’ve written a few posts, go here and read Lorelle van Fossen’s “Choosing a WordPress Theme.” The article dates from 2005, but it’s every bit as relevant in August 2009 as when it was written.
- Some of the criteria for choosing a theme overlap those for choosing a plugin. Check out “WordPress Plugins — How to choose plugins you need, and plugins to avoid” for more information.
Pingback: 200 Seriously Useful Articles for Web Designers and Developers — tripwire magazine