Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else: Siobhan on WPMU.org has a nicely illustrated, researched and explained article on why users should never search for “Free WordPress Themes” in Google or any other search engine. Not enough can be said to avoid the malicious theme hawkers on the Internet and I appreciate the work and the explanation.
The problem is that most users, who are new to the ways of WordPress, will still use Google to search for themes and will download the first link that provides them with a free theme that catches their fancy. I would go so far as to say that somewhat knowledgeable users might still be tempted to ignore any possible bad effects from these themes; e.g. users continue to flock to sites that provide collections of serial numbers online in spite of being riddled with porn and adware. My opinion is that there are two ways to solve the problem or at least throttle down the preponderance of malicious themes installed on hapless WordPress blogs. Both options come with their pros and cons but one is a resolution closer to home.
- The WordPress application automatically checks installed themes for malicious content and notifies the blogger of the problem, still leaving it up to them to continue installing it or not. This solution is a double edged sword because malicious theme vendors could use the feature to test and hide their malice better. It also smack of “big brother” and is judgmental of a business model that is not explicitly illegal. This test could be run from local code and could have an auto update feature that updates rules from Trac. There are lots of ways to accomplish this.
- Google stops being legally blind and does something (better) about malicious sites. I know that there is a lot of talk about Google search providing worthless results for searches that attract a lot of attention and that they are looking to re-invent themselves. No matter how soon the search engines change their order of doing business, it will be outside of our control and malicious theme vendors will voodoo SEO kung fu are a dime a dozen.
Have you installed a theme without caring whether it contained malicious code or not? Would you pay attention to theme warnings if there was one? Are we going to offer an official Theme Checker?