Use caution when selecting your WordPress theme

I read an eye-opening article today about the hazards of (some) free WordPress themes. The article, entitled “Why you should never search for free WordPress themes” analyzes the code in WordPress themes downloaded from the top 10 Google results for the search query “free WordPress themes”. MOST of the themes the author, Siobhan McKeown, examines are problematic: from the most benign (e.g., not being updated to the current version of WordPress) to the sneaky (links hidden way off screen using CSS) to dangerous…most of the free themes downloaded included base64, an encoding scheme often used to hide malicious code, which can mess up your site big time.

This is not to say that all free WordPress themes are bad. But be cautious about how you find them. The one link in her top 10 Google results that was worthwhile was the link to WordPress themes on Even here (or anywhere—even with commercial themes), you need to check to see how up-to-date the theme is with the current version of WordPress. But at least you won’t have to worry about infecting your website with malware.

I’m a loyal user of Thesis, which is not a free theme, but I well-designed, well-supported theme framework. Although you could use the Thesis design right out of the box, as a framework it is intended as a launching pad for developing your own, unique, branded designs. Unlike many themes, you are not limited to a set layout, and absolutely not limited in terms of color or typography. In addition, there are tools for enhancing your on-page search engine optimization.

As of today, DIY Themes has release Thesis 2.0. I’ll be updating the design of this website in the near future, and am looking forward to the opportunity to test drive Thesis 2.0.


The Hidden Costs of Open Source Web Design

In a previous post on open source web development platforms, I gave some background about exactly what Open Source means in terms of web design and development. In this post I’ll delve a little deeper into the pros and cons of using and open source web design and content management systems (CMS).

The main attraction to open source systems, for most people, is cost. As in zero. Zip. Nada.

OK, you still have to pay for your web hosting. But budget web hosting starts at under $100 per year.

Once you get your website up and running on your budget web host, you install your theme and plugins (I’m using WordPress terminology here, but the same applies to other open sources CMSs). There are thousands of free themes and plugins, but there are some with more advanced functionality that have licensing fees. These are not going to break the bank, but they can add to the “free” price tag.

Why would you pay for a plugin or theme, when there are usually dozens of free alternatives?

  1. Quality. Free plugins and themes are created by developers for a variety of reasons: as a labor of love, to give back to the community, to learn new skills, to boost a resumé. And although most developers of free plugins are competent, some are not so competent, and their work can be riddled with bugs. Someone who is selling their work as a business has a vested interest in happy customers.
  2. Dependability. For many developers, writing a free plugin is a side project—something they do in their spare time. A new job, a new baby, or simply getting bored and moving on may mean that a plugin is no longer supported. As newer versions of the core software are developed, the free plugin you love may no longer work as the developer does not make the necessary changes for it to keep up with core upgrades. Unless a business goes out of business or discontinues a product, they are likely to do their best to keep it current.
  3. Ease of use. Many plugins are easy to use as a tricycle, which is one of the aspects of open source web development that is so exciting to a web designer. But some plugins still require a greater knowledge of HTML or PHP than your average user is likely to have. Businesses—the successful ones, at least—know that their customers are not likely to be fellow engineers, and will go out of their way to make the software user-friendly.
  4. Documentation. Plugin developers are focused on the code and functionality of the plugin. There is usually some minimal amount of documentation, but for more complex plugins, it may not be all the information you need to get the most out of the plugin. Often, it is written in engineering-speak rather than user-friendly language. Businesses are more likely to hire an experienced technical writer to write documentation—or at least to give documentation more than a glance and a nod.
  5. Support. This can be iffy whether the plugin is free or purchased. It’s rare that there’s an 800# you can call and talk to someone about your issue—but that’s par for the course with most software these days. Hopefully, whether pay or free, there will be a forum where you can post a question, and be helped not only by fellow befuddled users, but by the developer or a knowledgeable person on the developer’s team. The more complex and critical the software—e.g., an ecommerce system—the more important it is that you know you can get answers when you need them.

Yes, these are generalizations. There are developers of free software that is easy and solid and well-documented and well-supported. You can pay good money for difficult to use, buggy software with poor documentation and no support, that is abandoned by the developer after version 1.1.

So how do you figure out what free software to take advantage of, and which is worth paying for? More on that question in a subsequent post.