One Crucial Thing You MUST Avoid When Choosing a Free WordPress Theme

Ali Luke

background image

Let’s say you’re looking for a fresh new look for your blog … but your budget is non-existent.

What do you do?

Perhaps you head to Google and type in:

“free wordpress themes”

There are a huge number of sites offering these – you might be a bit dazzled by the range. But you find a theme you like, download and install it, and you’re happy.

Except there’s a catch.

That theme includes malicious code, or an encrypted link back to the creator’s site. Using it for your blog could open you up to serious problems – like malware infecting your site, or Google penalising you.

(Even if the theme creator had good intentions, it may have been tampered with by a hacker before being released onto the web.)

Get a Safe, Free WordPress Theme

Thankfully, there’s a really simple solution. Always choose themes through the site. They have a free theme directory here.

You can also find these themes through your blog’s dashboard, under Appearance à Themes à Add New.

If you find a free theme somewhere else that you like, check whether it’s available on the site. If it isn’t, avoid it.

Further Reading

If you want to know more about this, check out:

The Best and Safest Places for WordPress Themes – Free and Premium, Will Ransz,

This post explains the difference between free, sponsored and premium themes, and explains how to use the database of themes.

Anatomy of a Theme Malware, Otto, Otto on WordPress

This is an illuminating and disturbing post breaking down the malware in a legitimate theme that was copied and modified by spammers. You don’t need to understand the techy stuff to get an idea of how cunning and malicious these spammers can be.

Free WordPress Themes: The Ultimate Guide, Raelene Wilson, wpmudev

This post explains the ins and outs of free themes. It’s a little biased towards premium themes (wpmudev sell themes, among other things) but it’s an in-depth guide with links to plenty of free themes, and it explains how to check a theme for malicious code.


Browse all articles on the WordPress category

13 Responses to “One Crucial Thing You MUST Avoid When Choosing a Free WordPress Theme”

  • Aeromick

    This happens especially if you’re not careful where to look for or from where to download themes. If you’re just searching on Google and downloading whatever it is that comes up, it’s highly likely that you’ll download a bad theme. If you want to download great themes that are free from malicious code, the WordPress theme’s directory is a good place to start.

    I think the articles on where to find themes that you linked to in your article are also worth reading.

  • andy

    good post..Many free themes are put together by amateurs who have poor coding skills, leaving your site open to security vulnerabilities if you decide to use the theme.

  • Dean Saliba

    Hmmmm, I’m afraid I’m going to disagree here, while it is true that WordPress’ official theme directory is a good safe place to pick up free themes, I have found that there are plenty of other places that offer safe free themes that for some reason or another just do not appear on WordPress’ official theme directory list.

    I don’t think I have EVER found a decent theme on that directory now that I think about it, I have always found them to be rather amateurish.

  • Ali Luke

    @Robert — thanks for the plugin link and additional tips!

    Like several people commenting here, I agree that it’s generally worth investing in a premium theme. They really aren’t a big expense, and you normally get a lot more support than you would with a free one. But I recognise that even a cheap theme can be beyond the budget when you’re just starting out!

  • Doug Wojtczak

    One of the things that I found in the code of a free theme, when I first started blogging many years ago, was a bunch of hidden links that pointed to an online gambling website.

  • Betmen

    WordPress themes are very complex at first they came in, but I liked it. Personal I tried to use my site I expected and very good output. If you have a good WordPress theme if you want a little money to treat oneself to a good theme, I recommend you to take. But long-term you want to use a different theme for the site I need to investigate. Because google, WordPress themes, no longer as before, does not care.

  • Jennifer Mattern

    Excellent reminder! There are plenty of sketchy themes out there, and new bloggers don’t always know to be careful.

  • Robert Reed

    Most of the premium theme developers offer their themes on real low price. For some bucks we can get great looking, well-coded themes with support and updates. I always suggest to use a premium theme, although there are several trusted developers offering great themes in the official WP directory.

  • Raspal Seni

    Using free themes from sites other than the WP repo is surely a bad thing. I mentioned about a plugin named theme check on my follow up post on WordPress security mistakes, last month.

    At one time I did myself download and use premium themes from warez sites, but used them only on test blogs to test them before deciding to buy one. At that time, I tested those themes with the above mentioned theme check plugin and all of them contained malicious code and broke the rules which lays about writing themes.

    Also remember that some of the free themes, even if they are on the WP repo, still may break some of the rules. I found only a few themes which obey all the rules. So, this is a nice plugin which can check and inform you if the theme you installed is a good one and obeying all the rules.

  • Arun Kallarackal

    Hi Ali,

    A good majority of newbie bloggers make use of free theme when they start blogging. But the security aspect is what they tend to ignore.

    A good way to stay safe is to get the themes from the WordPress repository. But many times, the themes available in the repository can also have many vulnerabilities.

    For example- Timthumb script. Many free themes still make use of the old script. The authors of the theme haven’t cared to update the script.

    And it is a well known fact that the old timthumb script can leave the blog vulnerable!

    Better to do some research and stuff before using any free theme! I’m kingging this post at, so that more folks get to know of this informative post, like I did!


  • Joshu Thomas

    Thanks for bringing up the topic here! This is very very critical issue occurring nowadays and this results in giving away control of your entire server / website to remote hackers with hijacked scripts within your website. hence never download and install free themes form an outside source, always use the wordpress installer or premium themes.

  • Robert

    This is definitely good advice for those who don’t know what to look for in the source code of the themes. Better safe than sorry. The official WordPress theme directory is by far the safest place to get free themes. Though you might want to reconsider that $0 budget if you want something that’s high quality. 🙂

    For those who want to take a peek, a good sign that something sketchy is going on is if the theme’s code contains any usage of the “base64_decode” method. You’ll usually find it in the footer. In some cases, you can just remove it, but that often triggers a “kill switch” that breaks the theme.

    Best case scenario, it only contains a link to the author’s site. Worst case scenario, it contains links to sketchy sites you definitely don’t want your site associated with (and definitely don’t want your visitors or Google catching you associating with).

    Here’s a nifty plugin to check your installed themes for malicious code if you have any doubts about them:

  • Matthew Eaton

    I have to admit that I fell into this trap a few times and got some rather bad results in my first few attempts.

    There are some amazing layouts in the newer version of WordPress, and they aren’t stitched together with bubblegum and hope. I support this idea and recommend it, at least for starters!

Comments are closed.