I like free, but I also like my privacy and protection against dubious tricks and hidden nooks. There are many sites that offer Free Premium WordPress Templates, but what you may not know is that some of these sites have hidden code within these templates that are malicious. In some templates, you will find links in the footer that are not so friendly and you can’t remove them because it’s part of the agreement set by the author in order to use the template.WordPress Template Exploits

Dangers of Free WordPress Themes

  1. You must keep the footer intact in order to use the free template. The problem is that the links in the footer may go to web sites that have a low or poor reputation. If theses links don’t have the nofollow attribute, you may find your site in a bad neighborhood. This is very bad in Google’s eyes and could put your site in the sandbox.
  2. Base64 code found in the theme template is dangerous, because this code is encrypted and in many cases Base64 is often used to hide malicious code. In addition to malicious code, it can also have links that go to dangerous web sites. If you remove the Base64 code, your theme will stop working.
  3. When searching for free WordPress themes or templates, avoid sites that have WordPress in the URL (Web Address). The name WordPress is copyrighted and therefore shouldn’t be used without written permission from WordPress.

Example of dangerous WordPress Templates

I downloaded a template from http://www.wptheme4free.com/ and I would be careful when downloading any WordPress templates from this site or any other site.

In the template, I found Base64 code in the footer.php file. In order to view what’s hidden in the code, you will need to decode it. You can use this site (http://webnet77.com/cgi-bin/helpers/base-64.pl) to do so. Here’s what I found;

Base64 before decode: QmVzdCBGUkVFIEFudGl2aXJ1cyB8IGh0dHA6Ly9hbnRpdmlydXNzb2Z0Lm5ldC8=
Base64 after decode: Best FREE Antivirus | http://antivirussoft.net/

The decoded Base64 code reveals that the hidden text goes to a rogue (fake) Antivirus web site.

If you recently installed a new WordPress template and you are not sure if it’s clean from any exploits, you can download one of the plug-ins listed below.

  • Theme Authenticity Checker scans for any malicious code found in any of your theme files.
  • Exploit Scanner checks all files within your template and core installation files along with checking your posts and comments tables of your database for anything suspicious. It also examines your list of active plug-ins for unusual filenames.