Choosing a free WordPress theme can be a tough job, especially if you’re a beginner. While an attractive free theme might have caught your eye, be aware that it can contain malicious codes which can ultimately make your blog, website and web server become part of a zombie army of machines participating in an attack on some other website.
- Always select themes through the WordPress Free Themes Directory
- Visit the developer’s site. You can also check on the WordPress.org forums to know that developer’s reputation.
- Once you have the theme installed, install/activate the WordPress Exploit Scanner plug-in . This plug-in will search through your website’s files and database tables and notifies you of any suspicious code. It also examines your active plugins for unusual filenames.
Other useful plugins:
- TAC (Theme Authenticity Checker) – this plug-in searches the source files of installed themes on your blog for signs of malicious code.
- WordPress AntiVirus – this plug-in scans your theme directory to look for a WordPress permalink back door, which is a very malicious malware.
- Login Lockdown WordPress Security – this plug-in helps brute force password discovery by recording the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, the login function will be disabled.
General precautionary measures:
- Always have your WordPress software and WordPress plugins updated to the latest version
- Delete any unused themes and/or plugins installed but not activated
- Always have a strong password.
- Back up your WordPress database on a regular basis. You can also use these plug-ins to help you backup your blog.