Free themes pose a hazard for bloggers

The most common keyword for searching themes for WordPress is “Free WordPress Themes”. This will land you thousands of results. The Internet is great, isn't it?

As it turns out, those free themes may come at considerable cost. Siobhan McKeown of the WPMU blog did a comprehensive analysis of some sites that showed up in Google search results when searching for free themes. The result is rather disturbing: 9 out of the 10 top websites had Trojans or hidden code in the themes you downloaded from them. Source: Why you should never search for free wordpress themes. He writes:

I don't advise uploading themes from random websites directly onto your server – you never know what you could catch! There are some nasty diseases out there …

Most of this malware is binary encoded data that you will not find just by searching. To locate it, you need to review all the files that make up the theme line by line. Note that standard anti-virus software and other standard scanners will probably not find it either.

The only site that appeared to be safe was the Official WordPress Themes Repository. To be safe, use one of the officially provided themes, or create your own.