Just Say No and Stay Away From Free WordPress Themes

Say it isn’t so! Why, why, why would it be so wrong to use a free theme! Who doesn’t like a freebee? Everyone loves free stuff!

Free WordPress themes are awfully tempting to your wallet and bottom line. Premium WordPress themes can be expensive once you start factoring in all the “bells and whistles” making the lure of using a free WordPress theme irresistible.

ELC works with budgets all the time. Contact us to see how we can help your business reach local and national customers with affordable Internet Marketing web design. Your investment in our proven Internet Marketing services will be the investment that keeps on working for you 24/7.

Here comes the free WordPress theme “Gotcha”

We all know the old phrase “You Get What You Pay For”. In the world of WordPress free themes, people more often than not end up paying the ultimate price by being blocked from searches by the search engines. Getting your website blocked by a search engine is certainly more than you signed up for when you decided to upload that free theme.

What happens is unscrupulous WordPress developers create their WordPress themes with various nasty components. These can contain benign things like links to websites you do not want to be associated with like adult content, sexual enhancements, money making schemes and countless other topics.

These questionable links are usually contained in the footer and include ominous text like “footer links must be intact or the theme will become unlicensed”. These links are “safe” for your visitors because they do not actually do anything beyond “a wishing & a hoping” you click on them. However, be aware that the sites they link to may not be so safe for your visitors who click on them.

For your site… these links are not so safe because search engines judge you for the links you keep. Search engines are very suspicious of websites no matter how legit that have links to highly spammy and suspicious websites. Knowing this, you should never trust link services that offer 50 links for some crazy low price like $20. You are guaranteed to either wind up on a link farm or on the footer of a free template. Learn more about scam link services. Great links take research and time to build and search engines know this. Learn how we build great links for our clients. Learn more about the worst ways you can run a link building campaign.

Other developers are a bit more sly and try to hide their footer links in the form of base 64 code. The link will look like a giant block of numbers and letters, but when you run it through a decoder like this: http://ottodestruct.com/decoder.php you will see the true nature of the code. They do this to try and hide their paid or affiliate links. Your website will be penalized harder than just having questionable links because it looks like you are actively trying to hide them to gain page rank for a questionable website.

Most developers keep their sneaky ways to doing no harm to the website visitor. They are more interested in passive income streams from advertising links. Then there are the developers who do not care about harming websites much less the damage inflicted on website visitors. Whatever their motivation may be, these developers put harmful code into free themes. They know that unless a website visitor is actively denying malicious scripts and most people are not (more on this subject below)… website visitors are an easy mark. Even worse… they know that 99.9% of people using free WordPress themes and no matter how knowledgeable and advanced a user will NOT spend the time to scan a theme until a problem arises.

Think about a website like a house. If there are bad elements and there is no lock on the door and the door is wide open, nothing stops these bad elements from “walking into your computer” when you  visit. Not having website protection gives malicious scripts a chance to get on your computer.

Is it just me or is this video still making shop lifting hilarious?
Been Caught Stealing by Janes Addiction

Don’t knock the little guy developer

Don’t get me wrong, I love open source software and independent software developers. I am a strong supporter of the “little guy” in software development and encourage everyone to please donate whenever a free product has been helpful. Most people that work on building WordPress themes and plugin’s are hardworking and honest. WordPress.org has a huge repository of free themes.

WordPress scans all themes and plugin’s submitted to WordPress.org for security flaws and code integrity. Learn more about WordPress.org free theme’s guidelines: http://codex.wordpress.org/Theme_Review WordPress plugin development guidelines: http://codex.wordpress.org/Writing_a_Plugin.

There are other great resources for free themes but that is a topic for another day. Today I am just trying to educate and do a bit of damage control.

What does SEO and free WordPress themes have to do with each other?

As mentioned above search engines are watching your site and judging it. Nothing will ruin your SEO faster than Google, Bing and Yahoo indexing your website and finding harmful code. Search engines try to protect their users from the various suspicious websites on the Internet. Your website will remain on each search engines blacklist until you have successfully removed every trace of malware from your WordPress theme files.

“one in every six personal computers have zero protection: 17% of those scanned either had disabled or nonexistent anti-virus software.”

Source: McAfee

Search engines know that many Internet users do not have any virus protection running on their computers. McAfee who is best known for their virus protection software and spam filtering services analyzed over 27-28 million computers in 24 countries to see the average level of computers with basic security software. The results were not good. As a whole, the United States is not great about computer protection. Read more about McAfee’s results here: https://blogs.mcafee.com/consumer/family-safety/mcafee-releases-results-of-global-unprotected-rates 

“Perhaps the most surprising: the United States ranked in the bottom 5 least protected, with 19.32% of consumers living without basic security.”

Source: McAfee

What does that mean for you? If you, your family member, friend, etc is not running security software your computer is at risk of getting Malware from a website.

Couple that with the mis-guided notion that MAC computers cannot be infiltrated… The fact is that any computer can get a virus. MAC computers got the stereotype of being impervious to viruses due to the fact not many people had a MAC computer. Apple put on a brilliant marketing campaign and took advantage of the stereotype.

Now that MAC’s are so popular, they make a great target for malware creators. If anything, a MAC maybe more vulnerable than a PC due to the false sense of security. Clicking on the tag “Anti-Virus” on Mac World brought up page after page of known Macintosh viruses: http://www.macworld.com/browse.html?tag=antivirus

Your Website can be Blocked by Anti-Virus Programs

In addition to the search engines blocking your website from Internet visitors, most anti-virus programs and firewalls have ways of blocking their users from visiting bad websites. Anti-virus programs, firewall programs and browsers all will put your website on a Malware blacklist. These blacklist’s of websites with known Malware and malicious code are used by Internet service providers, e-mail providers, etc.

What you can do to protect yourself and your website visitors is to make sure your “free” WordPress theme and premium themes are safe to use. The following programs find various exploits and either alert you to the potential problems or help you remove the issue.

WordPress Theme Cleaner Plugin’s

Security Plugin’s for WordPress

WordPress TAC (WordPress Theme Authenticity Checker)

Another way to make sure that your free theme is free of bugs is to install it and run the plugin TAC (Theme Authenticity Checker) http://wordpress.org/extend/plugins/tac/. TAC scans the themes code for encoded scripts that may have been inserted into the theme for malicious purposes such as browser hijacking, 3rd party advertisements, spyware and viruses.

Securi – WordPress Malware Scanner, Monitor and Cleaning

Another great scanner plugin tool is from Sucuri. Sucuri provides WordPress scanning, web monitoring and website malware cleaning services: http://wordpress.org/extend/plugins/sucuri-scanner/ – if your website is up and running you can visit http://sucuri.net/ Sucuri had a free scanner that scans any type of website for malware.

If malware is found by their online scanner, Securi offers a clean up plan starting at $89.99 at the time of this writing. Personally, I think it is a small price to pay to not have the stress and worry of removal.

Securi backs up their work at the time of this post by offering a moneyback guarantee if they cannot remove the malware. They also offer zero cost clean up for reinfection’s for current Securi plan customers.

WordPress Exploit Scanner

Donncha who co-authored WP Super Cache has teamed up with a group of other plugin builders to create http://wordpress.org/extend/plugins/exploit-scanner/. Exploit scanner does exactly as advertised… it scans for suspicious files and unusual file names. It does not remove any files. Learn more http://ocaoimh.ie/exploit-scanner/

WordPress Virus Scanner

So maybe your website checks out fine today, but what if the person who built the free WordPress site built in an innocent user account to be accessed at a later date? Anti Virus by Sergei Mueller who also built the popular plugin Antispam Bee. WordPress Anti Virus can be set to do a daily check and email you the results as well as perform an on demand template scan.

WordPress Theme Check

Because WordPress has specific guidelines for themes posted on WordPress.org it is a good idea to run this plugin to make sure that the theme you choose is keeping to these standards. http://wordpress.org/extend/plugins/theme-check

Get The Word Out that Your Website is Clean

First off, once you have cleaned your website you need to inform Bing, Google, Yahoo and any other search engines you find relevant to your visitors.

Informing websites of your fresh and squeaky clean of Malware website is key to getting re-indexed and back into the search results. Informing the search engines is as simple as resubmitting your website address for consideration.

Please note that because your website has been flagged, it can take up to 3 months and longer for your Mea Culpa to be recognized. I can tell you from experience that you can implore to be re-indexed all you want… as far as the search engines are concerned – you have been bad and they will get back to you when they have free time from the websites that played by the rules.

Get Your Email Flowing Again

Even if your website is totally clean and free of any smarmy links or code you could still find yourself on a blacklist. It is a good idea to periodically check the following:

Who is on my server? This is a great service and I definitely recommend anyone who uses it to donate to it’s upkeep.

Is your email not getting though? Check your email for blacklisting. This a powerhouse of a website. It can tell you almost anything about your website.

http://spamcop.net/bl.shtml Check your email domain for spam blacklisting.