Premium themes from ThemeForest, Elegant Themes, and many other major theme developers are widely used. These themes are beautiful, versatile, and professional-looking.
However, both developers and hackers are well aware of this fact. Hackers know that these themes have been downloaded and used millions of times worldwide. As a result, hackers target these premium themes and write scripts that exploit vulnerabilities in the themes to upload files to the server.
You can read about what these uploaded files do here, and how to recognize these files here.
Premium themes have some major drawbacks when it comes to the security of your website. They contain 2 to 20 times more code than necessary.
Why Premium themes contain more code than necessary
Premium themes are designed to be flexible, offering various ways to display content. All these functionalities are pre-programmed.
Instead of having 3 templates for home, subpages, and single pages, they have 8 + site builders and several files that control the templates if you want to customize the content further, add sliders, social media functions, etc.
Even if you don’t use these features, they are still present on the server and can be accessed by hackers. If your website is not properly secured, they can even execute files, giving them considerable power.
Incorrect use of Premium themes
When used correctly, a premium theme is a “cheap” solution for developing a website. However, I often see the mistake of not using these flexible themes properly and making graphical modifications outside the theme’s capabilities in the code (hardcoding).
The problem with this is that you won’t be able to update the theme! Updates include new files, which means you will get graphical changes. Especially when a programmer has written the code (perhaps due to a lack of knowledge about premium themes and all their possibilities), you, as the website owner, cannot update without reapplying all the previous adjustments to the new version.
Often, premium themes are not updated, and therefore, they contain vulnerabilities.
Downloading a premium theme for “free”
Downloading a premium theme that should be paid for, for “free,” is the biggest mistake you can make!
Those who distribute these paid themes for free insert a piece of extra code into the theme.
This code publishes information that allows them to find the theme in Google. They then run a query on your website, gaining access to your server, the website, and your WordPress admin.
As I mentioned in a previous article: cheap is expensive, hacking is free.
The proper use of a premium theme
Before using a premium theme, you should familiarize yourself with its features. Then, take a careful look through all the menus the theme has set in your admin area and explore the possibilities so you can give your website the desired layout.
Most premium themes have pre-programmed options for setting and choosing the following:
- Your logo
- Sliders (using a built-in slider or Revolution Slider)
- Theme colors
- Intro texts, landing page texts, author texts
- Favicon (the small bookmark icon)
- Font choices
- Forms
- and more…
Additionally, the themes offer in-content shortcodes, tabs, jQuery solutions, and more.
In short, if you have purchased such a theme, you have a lot of options, and it is not a good idea to “conveniently” hardcode things directly into the theme.
After you have made all the settings in the admin panel and WordPress itself, you can update your theme, after creating a backup, when a new version is available. Some themes offer automated updates, while others require manual updates via FTP.
Tip for programmers/designers
Elegant Themes offers you access to all themes for one fixed price. They also have several plugins, such as additional shortcodes, that you can download, and themes in various categories.