A Big Danger With Free Themes

I’m someone who has always said that there’s nothing wrong with using free themes for your blog because I don’t believe there’s any inherent SEO benefit to using paid themes. Some claim that they’ve seen their income go sky high once they switched, but the overwhelming majority of people don’t make a single dime more than they did using a free theme.

free 'sweet' hugs

Jesslee Cuizon via Compfight

Overall, there’s no major difference between using free or paid except for three things.

One, if you use a free theme at some point you should think about changing up some things here and there so that it truly becomes yours. You’re going to want to do as much as you can to help yourself stand out and become unique if it’s connected with your business model.

Two, because you don’t always know who created the free theme, you might end up having to deal with issues of copyright and images, such as when I wrote this post about images and Getty Images and one of my clients.

Three… totally different matter. Last week a couple of my blogs were hacked, and if you follow that link you’ll find out what I did about it in case you ever go through it yourself. I have lots of protections on my blogs that I thought would take care of such things, and for the most part they worked. But it seems there’s a potential back door, and that’s what I’m warning you about.

Most people don’t ever take a look into the coding that makes up themes; I have. Back in the day I’d learned pretty quickly that often in the footer of some themes there’s some hidden code that links back to a website of the creator, and it’s not always a good thing.

For the first year or so of this blog my top search keywords had to do with credit cards, and I had no idea why because I’d never covered the topic on this blog. Then I learned about the code & footers and I took a look through the Appearance/Editor feature of the blog dashboard, only to discover that I couldn’t see anything in there. What I had to do was download it to my computer, open it up in my HTML program, and run some cool program at the time that revealed the link. Of course I removed it, even though the “license” said you could use the theme if you didn’t make any changes to the footer (oops), and I’ve never had that issue again.

However, what I’d also done back in the day for this blog and my main business blog is download a bunch of themes to test out, selected one, and then moved on with life. On the business blog I changed its theme 3 times before settling on the one it’s got now, but I never changed the theme on this blog once I selected it, though I have modified what it looks like.

The main thing I didn’t do, that ended up causing me major problems and something I’m going to warn you about? I never deleted any of those other themes that I wasn’t ever going to use. I never even thought about it because I never had a reason to look at the Appearance/Themes area ever again. On two of my other blogs I used the same theme I now use on my business blog, as it’s easy to modify and change up, and I modified the theme on my local blog before I ever uploaded it, so no worries there.

The hackers were able to exploit something in one theme on both my business blog and this one; that’s all it took to bring down all my blogs and all my websites, since they’re all on the same server. They didn’t get into anything; I’m not even sure if they were going to try. Lucky for me my hosting company, 1&1, caught the intrusion on their own and locked down all my sites, giving me time to fix things later the next day.

I’m betting that anyone with a blog more than 3 years old has something on it that they’ve forgotten about for years and not even tried to update. This is why there’s always someone warning you about making sure you update your blog software and your plugins, and of course recommending that you backup your blogs whenever possible.

In conclusion, as with anything that’s free you take your chances with free themes, though the same can be said for some paid themes. Your best bet is to go with newer free themes as they’ll have fewer files that can be exploited, and once you select a theme kill all the others you tested and try to make sure there’s nothing hidden in the footer except maybe a link directly to the person who created it. In that regard I don’t mind giving credit where credit is due, as long as there wasn’t anything sneaky in there.

29 thoughts on “A Big Danger With Free Themes”

  1. Yup, there’s a reason those theme updates pop up in the dashboard.

    Which is another huge reason to be extremely careful regarding free themes. It’s ok if it’s free, but you need to make sure the developer is willing to provide patches for the theme when security issues are found.

    I’m not saying a developer should provide full support for a free theme or keep adding new features, but I’m pretty wary of installing a theme if it looks like the developer doesn’t bother to keep it updated at all.

    In your case they were likely themes that never showed an update because the developer had since moved on and never got around to it.

    When it comes to WordPress I recommend the http://themehybrid.com/ stuff. There’s plenty of free themes and the “club” option is pretty cheap. Plus Justin Tadlock is one of the better WordPress developers and obviously cares about putting good work out there.

    1. Good share John; thanks. Actually, I think most free themes are created, put out there & forgotten after dropping links into the footers. And I also think most people would have no idea how to take care of that specific issue. That’s why I’m hoping my warning will help some folks avoid the problems I had.

    2. here’s a tip I can offer. I had a few blog compromised before on wordpress. Most people use admin and password so all the blogs I have admin as the username were hacked and the ones I didn;t weren’t. No website is every 100% invincible. Backup your site regularly also!

  2. Yes,there are both upsides and downsides to a free theme. Actually, you’re right. I’ve also not witnessed any major benefits since I’ve switched to paid themes. But one advantage of paid themes is that these themes are timely updated so any security related issues can be tackled.

  3. Hey Mitch, as you know I use a professional theme for all my blogs and I’m pretty sure I’ve never actually said that because of them I’ve actually made more money. Even so I’m sure there are a lot of people out there who do say that.

    The main selling point that I use when promoting said theme is how easy it is get it to look the way I want to. Even though every blog uses the same theme they all look completely different and it’s all done with the click of a mouse.

    Having said that I do believe that having a professional theme can make you stand out from the rest of the crowd using free themes, especially if they do now how to manipulate the code to change it’s appearance.

    1. Sire, I agree that having the ability to alter a theme so it represents you better is a smart thing as opposed to having a theme that looks like everyone else’s. Of course you can look at this blog and not really know that it was a free theme I started with 5 years ago but have altered multiple times over the years. I’m not going to specifically say it looks professional but it’s definitely different and personal. It doesn’t take all that much to do either. However, I’m going to say that you might find your theme easy to manipulate because you have knowledge that someone just coming into the game wouldn’t; I don’t know that for sure though.

      1. OK, firstly not everyone knows how to make the changes to make their theme their own. You manage it quite well and I have done so myself. However it was never simple and took a long time. That was why I had to have one that had built in facility to take all that stress of changing your theme away.

        Secondly, my theme does make it easy as it is all built in. I’ve done several posts and a couple of videos showing how easy it is to do. I can have a different for every page if I so wished. I can change the font, the colour of links. Have them underlined or not. Change background images, theme colour and the list goes on and on. No knowledge required by me at all.

      2. Still, you like to tinker, and you still can’t compare your skill with someone brand new to blogging. You also have this thing for constantly changing the look so simplifying it for you makes a lot of sense. The truth is that most people, when they first start blogging, aren’t going to spend money on it; they’re going to go looking for free themes. So, that topic must be addressed, and that’s what I’ve done.

      3. Nope, I never liked to tinker, I did it through necessity. If anything I found it very frustrating which is why I spent my hard earned money on a professional theme 😉

  4. Oh no Mitch, I’m so sorry you had to deal with that because I know you’re traveling a lot this month for business. What a royal pain.

    I shared a really cool infographic on my blog last week that shared some of the security measures we all need to be aware of and free themes was on that list.

    I’ve learned over time just all of the different ways people can hack into your blog. They are so sneaky and malicious, shame on them. To just reek havoc on you just because they can. That’s just cruel in my book.

    I did a spring cleaning earlier this year on my blog but because I have Thesis I don’t have any other themes on any of my blogs.

    Now I never bought Thesis because I heard you can make money having a paid theme. I bought it because of the benefits of being able to mess with it and have it look how I want. You know that not all free themes are that way and of course for people like me who don’t know a lot of code and behind the scenes stuff having one you can work with that’s easy is so important. That’s why I bought Thesis and for no other reason.

    I’m sorry you had to deal with that but glad you didn’t panic. Your hosting service was on top of it too so that’s great. Glad everything is fine and a hard lesson to have to learn.


    1. Adrienne, I hadn’t seen the infographic post yet but I’m glad free themes is on there. I’m not sure I’d have thought about the other existing themes I had on the two blogs in any case because it never occurred to me that something I wasn’t using could come back to hurt me; ugh. The lessons we still learn even after we convince ourselves we know it all right? lol

    2. Hey Adrienne, Thesis was the first professional theme I bought. I dind’t like it because it wasn’t as easy as they said it was. You had to learn HOOKS, of all things, to get it to do what you wanted it to do. That’s why I bought the them I’m using now, because it works straight out of the box.

      I’ve heard the Thesis newer updates is supposed to be better, unfortunately it won’t let me do it. Doesn’t really matter because I’m more than happy with the one I’m using now.

      1. I know what you mean about the hooks but since then they’ve really improved it and the only hook I use is for my header because it’s an opt-in box as well. If you can believe this, I love it and it’s easy for me. Easier now then when I first got it that’s for sure.

        The 2.0 is a drag an drop but they only recommend it if you either have a new blog or transferring it from a totally different theme. I still have 1.8 and I’m not changing.

        As long as you’re happy with what you’re using now, that’s all that matters.

        Thanks Sire!

      2. Too bad I’d bought the old lousy version of Thesis. But then again, if I didn’t get that version I never would have found FlexSqueeze and I still reckon I’d be worse off 😉

  5. Hi Mitch,

    You’re so right about free themes. There are both pros and cons of using a free WordPress theme. If the author provides regular updates and the theme comes from an authority source, than I see no reason why one shouldn’t go with it.

  6. Good tips, I’ve experimented with free themes and a lot of them had spammy links in the footer or sidebar that I couldn’t get rid of. Can’t have been good for SEO.

  7. Personally, I prefer using paid themes compared to free ones, and I appreciate them more. The quality isn’t necessarily a TON better, but it’s that little extra sauce that makes a webpage really pop out. Just my thoughts.

    1. It’s a good thought Jon. Did you start out with paid themes or did you use free themes first? As long as people don’t keep pimping that phrase that paid themes help them make more money, which isn’t true, then I’m fine either way.

  8. Very interesting article. I am concerned about what you wrote about copyright issues with free templates. Sometimes, I also worry about the same things with a paid template. But, enjoyed this article a lot.

    1. It’s definitely something to worry about because even those of us with some knowledge of things like themes don’t really think about checking every single thing out, and when it comes to images and graphics it’s hard to do without special software.

  9. Never thought about that particular problems. But what I found out, is that many free themes have encrypted code in it. Mostly to insert random backlinks in those themes. If you try to remove it, your site will end up in a mess. So watch out for this, because in the encrypted code can also be any backdoors to your site.

    1. It can be removed Harry because I did it. But one has to be at least somewhat techie to be able to figure it out; otherwise, find someone who has the knowledge.

  10. Hi Mitch,

    I’m really pleased I found this post because it’s ringing bells mate…

    I’m currently using a free theme on one of my blogs and have been using it one for a couple of years now.

    When I first installed it I noticed a cleverly paced link right at the very bottom of the home page. I immediately got in touch with some blogging friends and asked their opinions.

    Most couldn’t find it as the text colour matched my background, even when I changed it.

    I got in touch with the theme creator and asked about the link, via the support forum and emailing directly. I couldn’t get an answer at first…

    So, a friend and I sat on Skype trying to remove the link but found it was somewhere within the footer.php file and removing that caused some of my sharing buttons to fail.

    In the end I emailed them directly again and asked if the upgrade would remove the link…

    I got a reply PDQ saying yes it would. So now I had the persons attention I asked whether the link at the very bottom, hidden, was meant to be there.

    Oh yes, that’s a company of mine and I ad the link to all of the free themes.

    I then felt, fair enough. At east I now knew I hadn’t been hacked and thought it was ok as I’m giving something back to the theme creator.

    It’s a well know theme and very popular so i don’t “think” I’ve anything to fear but you saying about the back door access has started ringing those bells again.

    I think it’s time for a change, just to put my mind to rest if nothing else.

    I’m also off to delete the standard WP theme as I won’t be using that at all.

    I’m sorry that you had this experience Mitch, but I’m grateful you’ve shared it.


    1. Glad to give you something to think about Barry. I would tell you that you’re wasting your time deleting the WordPress themes because when the next update comes they’ll just come back with it. At least you know those particular themes are safe. I have to admit that it never occurred to me to contact the original creator of the theme; I tend to want to do things on my own, so I do research and get it done. That is if I’m interested; if not, then I might ask for help.

    1. Thanks. I think it has to come down to price & technical expertise. Maybe one of these days I’ll find a theme to buy that I like better than what I have now.

Comments are closed.