Watch Where You Download That


Craig Tuller of has put together a post that contains information that needs to be repeated on a weekly basis. The basis of the post explains how downloading a theme or plugin from the wrong place can ruin your site. In the article, Craig publishes a small exchange that occurred between StudioPress and a customer who installed a non-purchased copy of a StudioPress theme. As it turns out, the non-purchased copy of the commercial theme contained code which generated links to porn sites on the customers website. This happens more often than it should but going down this road means you inherit the risks that come right along with it.

Not only should the advice Craig gives near the end of the article be heeded, but you should also read this article written by Leland of which goes into more detail with regards to nasty stuff that can be found in free themes.




  1. Otto (215 comments.) says:

    Download and use TAC:

    Works great for this sort of thing.

  2. Banago (84 comments.) says:

    Woooooooow! Unbelievable! Don’t these guys have something better to do than encrypt footers?!?!?!

  3. Len (24 comments.) says:

    I’m glad to see this topic get more exposure. As the popularity of WordPress increases so to does its user base. This means a significant number of people are new to the software, many of which are probably not very “tech savvy”. They plunk ‘free wordpress themes’ into Google and end up on some shady gallery-type site. Now, I’m not saying all of the gallery-type sites out there are suspect as I’ve seen some very good ones. Unfortunately, I’ve seen many more less than reputable ones.

    It’s always a good practice to inspect each file of a theme before uploading it to your server. If in doubt post your question to the WordPress support forum. Hell, for that matter post it in the forum here at WeblogToolsCollection – that is where you’ll find me hanging out.

  4. Jessi says:

    Something else needs to be pointed out though: there are FREE themes that have encrypted footers also. It’s not just the pirated ones. One example would be the Jinsona themes. I believed it was talked about in the WordPress forums.

    • Len (24 comments.) says:

      You’re referring to the themes provided by Web2Feel. I’m familiar with that site and would advise people to stay away from it.

      • Jessi says:

        Yeah, I’ve been doing the same. It’s too bad because some of his magazine-style themes are decent.

        • Len (24 comments.) says:

          Oh I agree, some of the themes are very nice looking. It’s unfortunate he has chosen the business model he has.

    • Leland (16 comments.) says:

      I went over this in my post (linked in this post). I believe the problem is much more widespread with free themes, rather than “pirated” paid themes on warez sites, torrent sites, etc.

  5. Leland (16 comments.) says:

    Thanks so much Jeff for linking to my post, and also embedding the screencast here so more people can see it.

    It really is scary imagining how many people use these themes with encrypted code, considering how many people find their themes through Google searches for “free wordpress themes” and similar queries.

  6. Dana @ Blogging Update (27 comments.) says:

    That’s why I always download from original source.

  7. manga (24 comments.) says:

    Then I think I´ve been lucky. And always gotten to the source homepages and downloaded from there :)

    Cause I´ve done a lot of looking for free themes and such. But I´ve always gone from pages like smashing magazine or other blogs that look respectable.

    But this is a great tip and just wow. I´ve been lucky as hell.

    • Len (24 comments.) says:

      You’ll also find some great themes right here at WLTC manga. We inspect and test each theme submitted prior to it being published.

      • manga (24 comments.) says:

        Yep. I´ve gone trough a lot of them :)

        And I like to take a look at what new themes you link to so I tend to come back to look for the theme releases :)

        I have found a lot of great themes thanks to WLTC.

  8. Darran (9 comments.) says:

    Bottomline: Download from the author’s site or the WordPress themes respository. Nice video.

  9. Andrew@BloggingGuide (63 comments.) says:

    This is really bad. Like what has been said, a lot of people or bloggers are now using wordpress. And sadly, there are people who take advantage of it and use it to promote unacceptable things. It is really great that it is being brought out in the open. This is the first step towards stopping it altogether.

  10. Miroslav Glavic (27 comments.) says:

    Am I the only one who uses the wp admin panel to search on themes?
    Appearance > Add New Themes

    That saves me time on downloading, unzipping, uploading.

    I use the wp admin panel to add plugins too.

    downloading zip files is so ancient, do you people have cassettes as well?

    Do it the modern way, add new is a good way to add themes and plugins.

    Googling for a theme, downloading a zip file, unzipping then ftp uploading those files to themes folder is as ancient as cassettes.

    Are you not “cool” and “hip”?

    • gestroud (2 comments.) says:

      Why limit yourself to the theme directory? I can think of dozens of excellent theme designers who make unencrypted, free themes that aren’t listed on WordPress’ theme library for a variety of reasons. I have nearly 600 themes downloaded on my computer from these designers. I probably have the same amount of plugins from various sources, and ALL of them are clean of bad coding.

  11. bubazoo (213 comments.) says:

    well, the way I see it, I don’t trust any plugin thats not listed on the wordpress plugins website. I never download plugins except in the extend wordpress section, for that very reason, and even then, ya gotta do your research.

    • Chicago Web Guy (2 comments.) says:

      I agree with bubazoo. Only download plugins from the wordpress website. But you can still get burned, but you have more of the community keeping an eye out.

    • gestroud (2 comments.) says:

      That’s probably the safest course to follow. There is quite a bit of nasty stuff out there, as far as questionable plugins.

      There are, however some reputable plugin developers who have plugins that they didn’t want to add to the repository for different reasons.

      Some plugins were made for their personal usage and the devs didn’t want to be bogged down with support questions on WP forums, but you can download from their site.

      Some would rather host their work on Google Code. I’ve encountered a couple that would only use for some reason.

      But, the bottom line is that you’re 100% correct. No matter where you download anything from, “ya gotta do your research.”

  12. kapadokya (1 comments.) says:

    You’re referring to the themes provided by Web2Feel. I’m familiar with that site and would advise people to stay away from it.

  13. rick@rickety (10 comments.) says:

    I used free themes for awhile but four months ago I bought a StudioPress theme. It never occurred to me that the free themes might be tainted. Like some of the commenters I get my plugins through the WordPress panel as well as any themes I am using for new blogs.


  1. […] Stop downloading WordPress themes from shady sites How Downloading a Premium Theme/Plugin From the Wrong Place Can Ruin Your Site Watch Where You Download That […]

  2. […] Stop downloading WordPress themes from shady sites How Downloading a Premium Theme/Plugin From the Wrong Place Can Ruin Your Site Watch Where You Download That […]

Obviously Powered by WordPress. © 2003-2013

page counter