Today I spotted a nice blog post from Otto about a malware exploit contained in a WordPress theme.
Even if you are not a developer the post is worth a read to understand just how malicious and dangerous it can be to download WordPress themes from any old website.
WordPress themes are a bit like marijuana these days; a hell of a lot of people use and enjoy them, there’s lots of potentially dodgy stuff out there, some will even give them away for free and there’s very few places to get the really good stuff legally!
Ok I’m stretching the whole pot analogy a little bit there but there is merit to the point – be careful – very careful – where you download themes from.
Don’t just find the first theme you like and assume that no one would ever dare try to compromise your website via a free or premium theme.
Unfortunately, there no such thing as a theme malware/virus scanner built into WordPress to give themes a clean bill of health (I’m not sure it would even be feasible to make such a thing!)
My advice? Stick to the known and trusted sources:
Free Themes
Official WordPress Themes Directory
Premium Themes
Now don’t get me wrong – there’s tons and tons more of trustworthy premium theme makers out there too. But this is just a quick theme tip. We’re building a big database of trusted premium WordPress theme makers which we’ll be launching in early January 2011.
Leave a Reply