Not All Themes Are Created Equal


The other day, I came across a post written by Patrick Algrim of entitled, What Not To Put Into WordPress Themes. Patrick dove into some well known, freely available WordPress themes to see if he could uncover anything out of the orindary. Unfortunately, he discovered some things inside of themes that I find appalling. Things such as blog ranking code to theme author RSS feeds that when clicked on, the end user would end up subscribing to a feed other than your own.

For a few weeks now, there have been a number of people that have preached about how the safest way to download themes is directly from the author’s website. If what Patrick discovered is true, (it sure as hell looks that way) then this leaves the door wide open as to how to go about downloading and using WordPress themes that are not filled with this stuff.

The WordPress Theme respository is not off line but it does contain a number of outdated themes that most likely do not work with WordPress 2.5. So the question is, why are theme authors including this crap into their themes and secondly, do we really need to go through each and every theme and look for this stuff before sites such as WPCandy give themes any sort of press?

Lastly, how do you feel about this situation?

11 thoughts on “Not All Themes Are Created Equal

  1. I designed number of themes for public and never thought of adding my own rss address or google analytics codes to see who are using it. I wouldn’t even think about it. Some people has (not as positive) amazing ideas.

    I wouldn’t call to any of these themes as public or free. Obviously authors wants to get something back from his work . And the way they follow is totally unethical.

    Unfortunately, there seems to be nothing to do. We can only expose those themes and authors but nothing else.

  2. I’m very much in favour of giving people the benefit of the doubt; this could just be an oversight.

    I have often uploaded things and forgotton to remove, or add back in, codes and links.

    Having said that, the sooner themes can be offered in a way equivalent to plugins the better.

  3. There has always been, and always will be, dodgy themes and templates and scripts (plugins). Of course the average free theme user won’t really notice this until it’s too late. It’s our job as blogging/wordpress/cms enthusiasts and reputable web developers to weed out the bad and publicly point out the risks, in order to make sure people are aware of them.

    Theme directories could do with not only listing high quality themes, but providing a wall of shame for those themes that have malicious code as part of their original source. They obviously have to quality checks on any submissions, so it’s not difficult to take it a step further by letting people know what’s wrong.

  4. I think that this just means the market may be changing. Maybe themes are going to have to be bought to ensure that they are not filled with malicious code. The whole situation kind of makes me glad though maybe it will have some impact, and they trustworthy designers out there like myself will start getting some more blog design work at a fair price.

  5. At best, it looks like an oversight, which still isn’t good because it says the designer couldn’t be bothered (forgot, whatever) to clean up the code. At worst, it looks really really bad.

    I have used and looked at literally hundreds of themes, and in most cases stuff like that is not in there. If it is, it’s usually obvious forgetful stuff. That particular example is the worst I’ve seen.

    And from the standpoint of designing themes – who really wants that much hard-coded content in there? *Especially* for release?

  6. Posted over there, he makes some good points like. lol, Adii gets mentioned everywhere, aint he popualr?

    Nope! 😛

    Well yes for the prices, but thats neither here nore there 🙂

  7. Looks like Adii stopped by that post and gave his explanation as to what happened with his theme. I have yet to see the other theme authors explain what happened. All in all, looks like a lesson was learned by many people both by theme authors and theme users. Theme authors must make sure that the stuff they leave in the theme is taken out before it goes public and end users now have to double check the themes code/template files to ensure no hanky panky is going on.

    Geeze, it was much easier just downloading the darn theme from the repository since those themes were scanned through already.

  8. Since it was obvious that Patrick highlighted some code in my WP-Polaroid theme, I thought I’d just pop in here as well to state my case. No need for a long comment as I left on Patrick’s original post – as that post explains the situation in detail (so read that, before going on a witch hunt).

    @ Jeff – Yep. Lesson learned! 🙂 The theme has been cleaned up and updated by the way as well.

    It’s always funny how a honest mistake (in the WP community especially) is always construed as a malicious act by a serial offender… But nothing ventured, nothing gained… 🙂

  9. I think anyone that’s creating a blog and does not know php and css well needs to get someone to take a careful look at their theme setup. This, of course, is if they are serious about there blog. There are so many sneaky tricks, it’s not worth taking a chance.

Comments are closed.