One of the most important choices youβll make during your WordPress career is which theme to use for your website. Not all themes are equal though, and some are safer than others. Choosing the wrong theme can leave your site vulnerable security-wise, so itβs essential you donβt base your decision on looks alone.
WordPress theme security can be hard to gauge at first unless you know what to look for. In this article, weβll teach you five ways to spot a safe theme without you having to peek under the hood and see through its code. Letβs get to it!
Why WordPress Theme Security Matters
WordPressβ popularity makes it one of the best platforms you can use to create a website. Itβs easy to use, and it offers a lot of customization options through plugins and themes. The problem is, that same popularity also makes it a target for attackers who prey on vulnerabilities on both the platform and its extensions. Themes can also be vulnerable to attack in several ways:
- Outdated WordPress themes often come with vulnerabilities.Β If your theme hasnβt been updated for over six months, it may be abandoned, and attackers are more likely to find security holes they can exploit.
- Old themes can cause compatibility issues.Β Even if an outdated theme is safe to use, it might cause issues with other plugins or WordPress itself, which can also lead to security problems.
- Pirated WordPress themes can be infected with malware.Β Some people download pirated versions of premium WordPress themes to save money, which often ends up with an infected website.
The good news is you can avoid unreputable themes for the most part by downloading yours from reputable sources only. Weβll talk more about some of the best places to look for themes in a minute. For now, letβs talk about how you can spot the safest options.
5 Ways to Check If Your WordPress Theme Is Safe
Figuring out which themes are safe to use is mostly a matter of common sense. There are several red flags you should be on the lookout for and if you know what they are, spotting winning options isnβt complicated. Letβs take it from the top.
1. It Receives Constant Updates
As we mentioned earlier, regular updates are the number-one indicator of a safe theme. If the team behind a theme is active when it comes to updates, chances are they arenβt just working on adding new features but also patching bugs and vulnerabilities.
Most theme repositories enable you to keep up with development updates. If you check out a theme on WordPress.org, for example, you can see the last time it was updated right below its version number:
For even more information, you can scroll down a bit further and click on theΒ Development LogΒ button underΒ Browse the Code. On the next screen, youβll see a list of every update to the theme throughout its history:
If you click on the latest number under theΒ RevΒ column, youβll see a list of folders representing each version of the theme:
From this screen, you can open the directory for any version of the theme and look for its changelog file within. You can open the file right from your browser, which will enable you to see a thorough breakdown of the changes from one version to another:
Sadly, not every theme on WordPress.org includes full changelog files, but theyβre common enough for most popular options. Likewise, premium theme repositories also make a habit of letting you know when themes were updated last and what changes there are for each version. For example, we usually publish in-depth articles each time we launch a new version of Divi, or just plain old updates if thereβs enough new content for us to discuss:
If youβre a regular reader of our blog, chances are youβve seen at least one of those update announcements. In case you havenβt, you can sign up for our newsletter so we can keep you informed about theme updates.
2. There Is Direct Support From the Developers
It doesnβt matter how many amazing features a theme offers if thereβs no way for you to get in touch with the developers when you need support. Thorough documentation often does the trick when it comes to solving problems, but itβs not the same as being able to ask a human being for help with specific issues.
Sure, popular themes often have such large enough communities that other users may be able to help you, but even they may not be enough. Finally, if you have zero ways to reach someone who works on the theme, it means they might not care about user bug reports, which is a huge red flag.
On WordPress.org, thereβs a section calledΒ SupportΒ below each themeβs reviews. If you click theΒ View Support Forum, youβll find a section where you can ask questions and wait for answers by the themesβ developers:
When a question is solved, youβll see a green checkmark next to it. The more checkmarks and replies you see in the forum, the better the odds youβre using a theme with developers who are happy to provide support. When it comes to premium repositories, you should also be able to find dedicated support sections for any themes you look into. For example, ThemeForest shows aΒ SupportΒ tab right below the themeβs title. Within, youβll find information on how to contact the themeβs developers and get help:
Finally, when it comes to Divi, you can open a support ticket at any time from your account dashboard, and weβll get back to you as soon as possible:
Support is available for licensed users, and there are dedicated sections for each of our products. Thereβs also a support forum, where you can get answers from the entire Divi community!
3. You Can Find Clear Information About Whoβs Working On the Theme
Transparency is one of the things that sets successful WordPress themes apart. When you know whoβs working on a themeβs development, chances are youβll come to trust them over time and maybe even check out some of their other WordPress projects.
In most cases, itβs easy enough to find out the basics about a themeβs developer(s). When youβre using WordPress.org, for example, you can see who built a theme right next to its name at the top of the screen:
If you click on their user, youβll see a list of all the projects theyβve created:
However, this often isnβt enough information. We recommend looking for a website, where the developers include further information, such as team members, a business address, and more. Itβs not a matter of stalking your favorite themeβs developers β instead, itβs all about accountability. If youβre using a theme created by a team with a legitimate business, chances are theyβll be more proactive when it comes to developing their products and supporting them. Elegant Themes is a great example of that business model (in our humble opinion!).
Many of the people behind Divi are regular contributors to the Elegant Themes blog, so chances are you already know a few of them. However, you can always check out the full list of the companyβs members within ourΒ About UsΒ page.
4. The Themeβs Website Showcases Unbiased Reviews
These days, finding reputable online products (including WordPress themes) isnβt hard if you take the time to read through reviews. Most reputable theme repositories showcase unbiased, detailed reviews, from genuine users.
For example, on WordPress.org theyβre under theΒ RatingsΒ section to the right of the screen. There, youβll find the themeβs average score, which ranges from one to five:
In our experience, most themes below a four-star average arenβt worth your time. However, it pays to read any one, two, or three-star reviews your theme might have regardless of its overall score, so you can check out if users are dealing with common errors or anything else to scare you away. To get to these reviews, just click on the links next to the ratings:
On the next screen, youβll find a list of all available reviews for each star rating, and you can click on any of them to read a full version. When it comes to premium repositories, such as ThemeForest, you should also be able to find an average rating and read individual user reviews:
Finally, themes with their own home pages could be trickier due to the developer being able to βfinesseβ the content towards their own narrative. In our opinion, youβll either need to carry out some deeper searches (which should bring up some independent reviews), and take all of the other factors into account before making a decision.
You may also find some developers provider deeper insight into their customer base, such as with our own customer spotlights:
These arenβt paid or sponsored, theyβre genuinely happy customers who want to help us spread the word about Divi. In short, a trustworthy developer in all other areas with a vested interest in happy customers is likely going to deliver the goods, rather than hoodwink you into opening your wallet.
5. Itβs Popular With Plenty of Users
The wisdom of crowds isnβt something you can always rely on. However, users tend to do a great job of making secure and powerful themes popular within the WordPress ecosystem. In most cases, unsafe or mediocre themes never make it too far, whereas great ones spread around fast.
Of course, the size of a themeβs user base is something you should only take into consideration if youβre impressed with the other criteria weβve mentioned so far. To see how many people are using a specific theme, you can visit its WordPress.org page and look at theΒ Active InstallsΒ section under itsΒ DownloadΒ button:
Generally speaking, any theme with over 10,000 simultaneous installations tends to be pretty good. After all, users often donβt stick around for long if a theme doesnβt meet their requirements. Sadly, premium repositories often donβt include information about active installs. Instead, they just show you how many sales a theme has, which doesnβt tell you the full story:
Whatβs more, less reputable independent developers will forgo information such as how many people use their products. Every Elegant Themes page includes those numbers, so you know youβre in good hands:
Overall, popular themes are that for a good reason. Usually, there are multiple factors, but hard numbers offer a good base from which to research a developer further.
Where to Find Secure WordPress Themes
Generally speaking, the safest place to find new themes is in the WordPress.org repository, due to the theme approval process. However, they donβt include premium options, so chances are youβll need to look through marketplaces such as ThemeForest. They are the most popular premium theme repository online, and their themes tend to be safe.
Finally, youβll also find plenty of theme shops that offer only their own products, such as Elegant Themes:
For these, youβll want to take all of the tips mentioned in this piece and ruthlessly apply them. In our case, weβve gone through several security auditsΒ from Sucuri, and passed with flying colors each time. Good developers will often display their successes proudly, making your choice much easier.
Conclusion
Most WordPress themes with sizable user bases are safe enough. However, if youβre going to pay for a premium option, you should aim for only the best. Our own Divi is a great option for most types of websites, andΒ itβs gone through extensive security audits to ensure itβs safe for you to use.
In any case, here are five ways you can spot a safe WordPress theme quickly:
- It receives constant updates.
- You can get direct support from its developers within a reasonable timeframe.
- Information about whoβs working on the theme is freely available and easy to find.
- It has excellent reviews with high average scores.
- It has a sizable install base.
On a final note, whether you are confident in your themeβs security or not, you should also be using a WordPress security plugin to cover your bases. We made a list of the best WordPress security plugins, so be sure to check that out next!
What do you think is the most important criteria when it comes to choosing a safe WordPress theme? Share your thoughts with us in the comments section below!
Article thumbnail image by Anton Chuvstvin / shutterstock.com
Hello,
Hestia is one of the best one.You did good writings about security website with an information architecture.
Thanks Sumon π
Thank you for keeping the theme up to date. Security is indeed essential. Nobody wants a hacked site or a site that has been flagged by google.
No problem, Janet π That’s very true.
Divi is a great product and kept up to date the updates are regular and often.
Security is one of the biggest issues when you have a WordPress blog so kudos Divi developers on keeping it up to date.
Hi Bryan. Thanks for your comment. π
I use Divi so..
The most important thing is the theme of wordpress theme in a trusted place. Like here, elegantthemes, themeforest or free download on WordPress.org
thanks for sharing
You’re welcome, Khalifa. π
Security of a website is very important. Every blogger needs to concentrate on their blogging securities for making their blog a better and safe place to visit.
Hi Johnson. Thanks for your comment. Security should always be a priority. π