Harmful Hidden Codes in Free WordPress Themes

After having encountered some unexpected problems like pre-installed AdSense link unit codes, theme supplier’s RSS feeds URLs, and some other codes like multiple URLs of third parties that I could not remove from any visible PHP files, I made a search for the possible reasons, as I knew that some FREE theme suppliers do include such codes as a price or cost for supplying such free themes. One of the most popular WordPress theme developers is transparent enough to declare in his site that certain codes are pre-installed to set off the costs for developing themes and running the site. He frankly instructed to join as a member and get the instructions to remove the codes, of course for a small membership free, and it is worth it.

In the case of another themes supplier, the approach was different. The instructions in the supplier’s site simply said that for free themes no support or guidance is available, and for support (meaning to remove unwanted codes or remove ads or other things not related to you), you should select only premium themes. I even appreciate such an approach.

But what about themes that do not have any visible problems, but have hidden codes that are encrypted and embedded in the theme files, quite often in such a fashion that you cannot detect them? Such codes can even steal your passwords and login details and all that can cause losses and security problems for your business and site. A detailed explanation with examples can be found at www.tech-evangelist.com.

If you are using a free WordPress blog, you are the safest, because everything supplied therein are pre-tested and safe. For those who install WordPress in their own self-hosted WordPress sites too, there are 1,296 themes available for free download, which show 25,066,203 downloads at the time of writing this post. You can go to http://wordpress.org/extend/themes and download FREE themes from there. These are WP-tested themes and hence safe.

The next alternative is to go to the sites of the developers of the same themes offered by WP and download FREE themes, if available (most of them offer both FREE and premium themes).

Also, there are thousands of reliable theme developers who offer free WordPress themes and plugins as a community service for WP. Search around and you will get the preferred theme that is safe too. In the next posts, I will include the addresses/ URL sources of some such reliable theme suppliers. Anyway, my intention is not to say that all themes suppliers and developers are embedding malicious codes, but there are a few who do so.