I like free, but I also like my privacy and protection against dubious tricks and hidden nooks. There are many sites that offer Free Premium WordPress Templates, but what you may not know is that some of these sites have hidden code within these templates that are malicious. In some templates, you will find links in the footer that are not so friendly and you can’t remove them because it’s part of the agreement set by the author in order to use the template.
Dangers of Free WordPress Themes
- You must keep the footer intact in order to use the free template. The problem is that the links in the footer may go to web sites that have a low or poor reputation. If theses links don’t have the nofollow attribute, you may find your site in a bad neighborhood. This is very bad in Google’s eyes and could put your site in the sandbox.
- Base64 code found in the theme template is dangerous, because this code is encrypted and in many cases Base64 is often used to hide malicious code. In addition to malicious code, it can also have links that go to dangerous web sites. If you remove the Base64 code, your theme will stop working.
- When searching for free WordPress themes or templates, avoid sites that have WordPress in the URL (Web Address). The name WordPress is copyrighted and therefore shouldn’t be used without written permission from WordPress.
Example of dangerous WordPress Templates
I downloaded a template from http://www.wptheme4free.com/ and I would be careful when downloading any WordPress templates from this site or any other site.
In the template, I found Base64 code in the footer.php file. In order to view what’s hidden in the code, you will need to decode it. You can use this site (http://webnet77.com/cgi-bin/helpers/base-64.pl) to do so. Here’s what I found;
Base64 before decode: QmVzdCBGUkVFIEFudGl2aXJ1cyB8IGh0dHA6Ly9hbnRpdmlydXNzb2Z0Lm5ldC8=
Base64 after decode: Best FREE Antivirus | http://antivirussoft.net/
The decoded Base64 code reveals that the hidden text goes to a rogue (fake) Antivirus web site.
If you recently installed a new WordPress template and you are not sure if it’s clean from any exploits, you can download one of the plug-ins listed below.
- Theme Authenticity Checker scans for any malicious code found in any of your theme files.
- Exploit Scanner checks all files within your template and core installation files along with checking your posts and comments tables of your database for anything suspicious. It also examines your list of active plug-ins for unusual filenames.
Thank you Frank,
A lot of newbies would not know about the added extras.
It is fantastic that there is software that extracts the malicious codes.
RB,
I am always glad to share and most of all, I appreciate these kind of responses.
almost always have free themes, but always check for the absence of encrypted information
Thanks Frank its important to know hope a lot people will see this post.
Alex,
I hope so and thank you for commenting.
Free far too often isn’t free. Exploiting free wordpress themes and the people who download them is horrible, but at least, there’s people who can uncover and explain the dangers.
Thanks Frank,
I think it is important for people if they are using templates but also with free extensions ( joomla ) that there are risks involved when using free stuff…
remco
remco.
It should also apply to free templates for Joomla as well. Thanks.
Hello Frank,
Just came across your website as I was looking for info on free wordpress themes and the dangers. I uploaded a few onto my admimnin wordpress, but ran a scan with TAC (thanks) and sure info it found threats. Now I was able to remove them it said Theme OK.
My question, is it safe to use the theme now and how much of the code needs to be removed. Example- on one of them it stated the 1st line had the Base64code but after that line there were about another 40 lines or so. Do I have to remove all those lines?
Thanks and I am very new at this, trying to build to some sites so any help will greatly be appreciated. Thanks.
A.D.
If it has Base64 code, don’t use it. If you remove the code, the theme will stop working. Try the free and safe themes at WooThemes.com