Without a doubt, the best place to find free WordPress themes is the official WordPress Theme Directory. Themes can be submitted to the directory by almost any author, but the themes are thoroughly checked for quality and safety by a team of dedicated volunteers. With over 1,200 free themes and a handy tag filter interface, you’d have a hard time not finding the perfect theme for your blog.
There are certainly other places to find free themes, like Theme Lab, but how can you be sure that the theme you downloaded is safe? If you plan to download themes from anywhere but the official WordPress Theme Directory, you should install both the Exploit Scanner and Theme-Check plugins.
Run the Exploit Scanner plugin immediately after installing the theme. If it finds any results for the theme files in the “Level Severe” category, just delete the theme and find another. If the Exploit Scanner gives it a pass, activate the theme and run the Theme-Check plugin. If the Theme-Check plugin gives the theme a pass, you should be good to go.
If you are ever uncomfortable with any of the results from the Exploit Scanner or Theme-Checker plugins, delete the theme and find another.
It’s generally safe to download and install a free theme from the actual developer’s site, but you should still run both plugins just to be sure.
Theme malware is a serious issue. By installing a free theme from any source except the official WordPress Theme Directory, you could be unknowingly running spam ads, subjecting your visitors to invasive scripts, or leaving your blog open to malicious attack.
This is the second entry in our hopefully long-running WordPress FAQ series. What did you think, and what questions would you like us to answer next?