Using a WordPress theme? You might want to read this …

Last updated on

As of January 2015, more than 23.3% of the top 10 million websites are using WordPress (source) To say it’s a popular choice for a content management system is an understatement. Part of its appeal are the thousands of free and commercial, pre-made themes available for the system. They are an enticing way to publish a website with little or no knowledge of programming required.

Why Free And Commercial Themes Are Made

It helps to understand the motivation different parties may have in creating a WordPress theme for sale or free download.

Individual programmers are often motivated to create a theme to upload it to a site that sells them at low cost. Much like a stock photo, think of these themes as stock themes. You pay a fee that is a fraction of the cost of hiring a professional to create a custom design and theme, you download it for your website, and the individual programmer gets a small cut of that fee. With free themes, the original programmer usually requires that a link back to them appear on the site, gaining them more internet exposure.

However, there’s also a third, more nefarious reason for creating free themes – to spread malware or other malicious code. That’s right, some unscrupulous individuals will code nasty stuff right into a theme hoping to cash in on the popularity of themes and the ease of installing them, as well as uneducated or uninformed user. So how do you avoid this one? Of course I’d recommend going custom (more on that shortly), but if you’re determined to use a pre-made theme, be careful where you get them. There are several popular and reputable sites that sell themes, and WordPress.org has a directory of themes. Those are your best bets, however, keep in mind that you often have little recourse if you purchase or download a free theme, install it yourself, and any of these occur:

Sure, there are internet forums and you might be able to find someone to offer you some assistance, but don’t count on being able to fix any issues if you don’t have the experience or can’t pay for a professional (and trust me, fixing hacked sites is not always easy and it certainly can cost you). 

The Inner Workings Of A Theme

In order for a WordPress theme to be approved in their directory, they require the following:

The theme resides in a subdirectory of the WordPress installation. That subdirectory contains the theme’s stylesheet files, template files, functions file (optional, for special functionality), JavaScript files, and the images that make up the design. At the core though, themes are a lot of code and it varies widely from very simple to very complex (example: child themes in addition to a main theme). Also, many popular themes are built off of what are called, “theme frameworks”. Many theme developers favor these as they’re geared towards rapid development. One of the main drawbacks, however, is that frameworks are why many WordPress themes basically have the same layout. These pre-made code bases do not leave a lot of room for creativity… unless of course you really know what you’re doing with code.

In addition to all the regular code required for a basic theme, many theme developers (especially commercial theme developers) also add in extra bells and whistles in an attempt to enhance the basic features of the WordPress system. Some also utilize additional plugins that are needed for theme functionality such as slideshows.  

Is Your Theme Custom Or Just Customized?

Another thing worth mentioning is that if you’re planning to hire a developer to create your website and they will be using WordPress, be sure to ask up front if they will be using a free or commercial theme or if they’ll be custom coding one. Customizing existing themes may cost less, but you may also have to contend with some of the aforementioned issues. It may also prevent you from being able to make updates to the base theme when the theme developer releases those. 

NOTE: Most programmers who do custom WordPress themes do use what’s called a framework. This is non-WordPress coding that acts as a base. For example, Twitter Bootstrap and Foundation are more extensive frameworks created for rapid development. These can be very beneficial, but some can really bloat the code if a programmer is not refining it for their exact needs and using what I call the “kitchen sink” approach and including every possible bit of code. Other programmers have basically worked out their own code base that serves the same purpose. Even many theme developers are using these code bases. The difference is having access to a programmer that knows the code inside and out and can program your custom design exactly how you need it to be versus trying to do it yourself or hire someone to fiddle with someone else’s code.

How Themes Are Hacked And What Can Be Done About It

Aside from themes that contain malware or other malicious files from the get-go, theme files on an existing website can also be hacked. It’s very easy to see what the theme name is by checking the source code through a web browser. Within a minute, someone can have that info, do an internet search for the theme and download it to check out the files. There are also ways a human or bot can search the web for sites using particular themes. Lastly, if a hacker gains access to a shared web host, they can search for sites using WordPress on the server and access the themes. Once a hacker is familiar with the theme files, they can create malicious code with the same file names, inject code into existing files, and basically wreck your website. And, remember, some themes use additional plugins for increased functionality. Popular plugins are also hacker targets simply because of their popularity. Hackers can download known plugins just as easily as known themes. 

Check out, “The truth about WordPress security …” for additional information on what can affect the overall security of your WordPress site.

Reasons To Go Custom

1. By working with a professional designer and programmer you can ensure that your website fits your branding, meets your goals, connects with your target market, and is not just a “template” that many other businesses could be using.

2. With free or commercial themes, you typically will have little to no guarantee of the quality of code. Errors and malfunctions can happen and not all programmers of the themes are responsive or obligated to fix them. Popular themes are your best bet, but with that popularity can come more attention from hackers and more chance that your website is going to look like thousands of others out there. By working with a professional to custom code your theme, you’ll be able to contact them if you have any issues (and they usually offer a guarantee that the theme will be coded properly). 

3. The files and code of a custom theme can not be searched for or downloaded from the open web, making the theme more secure than a readily available theme. Remember, with free or commercial themes, hackers can download them and then use the knowledge of how it’s built, how it’s arranged, and where all the files are, to hack a specific part of the theme, such as a default image, or js a file.

4. Custom themes will typically not require regular updates. Because of the code and scripts often included in free and commercial themes, they will need to be updated with every new release. If you skip out on that or think it’s not important, you could be leaving your website vulnerable for attack. Old themes with outdated code or JavaScript become targets for hackers. If you (or someone you’ve hired) have customized an existing theme, that often nullifies your ability to update it.

Are you ready to invest in a custom WordPress theme for your site? JVM can help your business get online with a custom design and WordPress theme as well as stay on top of maintenance. 

 

Go forth and share ....

Learn More About:

SEARCH ARTICLES: