Test Themes
Photo by dcJohn.
There are a number of aspects of a theme that can get you banned from Google, and other search engines. Deciphering between safe and unsafe themes is not as easy as just looking for a “Sponsored by…” link.

Through using the methods listed below, you will be able to judge whether or not a theme is safe to use.

1 – Download From The Source

WordPress themes are often free to download, and sometimes free to distribute. It is not difficult for a site to amass a collection of themes, and add their own spam codes to them. For this reason, if you know the site that the theme originally came from, download it from there.

2 – Use Your Intuition

If you have a bad feeling about a site, then trust that feeling. Is the site showing excessive adverts? Pop-ups? Spam email? If so, then you know that they are trying to squeeze every penny they can out of their website, so what’s to stop them doing the same with their themes?

There are many sites offering free themes, and it isn’t hard to find the respectable ones. Look at your favorite blogs. Are any of them design related, and do they offer themes for download as well? Or are they using a free theme, with a link to the source in the footer? If you’re looking for a WordPress theme, and want to be completely secure, then the WordPress Theme Directory is a great resource.

3 – Search the Theme Files for http://

Open each file in your theme in a text editor, and use the editor’s search function to look for phrases like, “http” and “www.” This will enable you to find every link in the theme. For each link you find, investigate the area around the link, and if it feels fishy, either remove the link, or ask someone about it.

You must make sure to test all files in the theme. In particular, any javascript files, and functions.php. Spammers will most likely place their links in these files, as they expect most users will not look at them.

4 – Are You In Complete Control?

You must be dependant on nothing other than the files you downloaded. Does the theme’s header link to a Javascript file on the author’s server? Or a certain stylesheet of theirs? I have seen authors doing this for all sorts of themes, supposedly to ensure that their copyrights are not removed, and that they can easily make updates.

Do not be bought over by these excuses. If the theme relies on files on another server, someone else is in control of your site. What will you do in 6 months time if the author uses his files to insert hidden links and code into your pages?

5 – Examine the Output

When you have the theme set up on your site, look at the page source (View > Page Source in your browser). There is no need to read through every line, but do scan for suspicious sections. If you missed something in your previous tests, this will be your last chance to catch malicious code out.

Make sure that the code you are testing is the code on your own site. Do not test the demo site the theme author put online. Even if he is putting malicious code into his themes, he will have removed it from his showcase examples.

Following these steps should ensure that you steer clear of dangerous themes. At least, dangerous in regards to the search engines. Server security is a different, and much more complicated, matter altogether. For now, the best I can do is point you to BlogSecurity’s tool.

So, do you know of any safe theme sites that you can recommend to other readers?

Enjoy this post? You should follow me on Twitter!