WordPress Theme Deceptions: Are You Getting What You Really Want?

Yesterday, I happened to check source code of one of my friends's WordPress blog. The blogger was looking for a new WordPress theme and she fell prey to this good looking new theme. I won't mention the name of the theme or the company that prepared it. It's an affair I need to deal with the company itself.

The issue is thus. The theme, once installed, leaves out a white bar on the top. There are a larger number of links at the bottom, as (supposedly) credit to the theme designer.

I have a particular way of analyzing things. As you well know I am a W3C-valid theme geek, I went to W3C validator and checked the source of the blog. It showed a particular error regarding a hyperlink.

When I looked at the source, I found that this hyperlink pointed to some casino website, which of course is against all search engine terms of service and can get your site blocked. But more peculiar thing was the link was to be seen nowhere on the blog with naked eye. When I selected the entire blog with Ctrl + A, I could see the link to this casino site on the white bar on the top. A white invisible link! Something that will make you look like a black-hat SEO man to the search engines.

Decided to remove the link, I checked the entire theme files but nowhere could I find the link code. It was a hyperlink dynamically written to the blog with a PHP function. If search engine ever indexes this blog and finds out that there is a hidden link, the website will suffer greatly, but the casino site will have a good enough boost in rankings.

I found the link was written at run-time through a PHP decode function. I found this decode function within the header file of the theme&151;A gibberish of a code, which was decoded to the exact hyperlink. A highly unethical practice to promote the casino website!

I promptly removed the hyperlink for my friend. I also advised her to remove all the other credit links as well, so that whoever did this stratagem doesn't get any benefit from the blog.

A more interesting aspect is that a professional theme designer company designed this theme; this made me conclude that it was stolen by whoever put up that ploy. What I did next was I alerted the original theme designer that a theft had happened for one of their themes and they should be wary.

Anyone, including you, can fall in such a condition. Here are the steps you need to take to ensure you are protected.

  • Always look for any hidden links or text in the theme.
  • Check the theme after installation and see if it has links to any bad neighborhood sites, like casino, sex, or drug dealing.
  • Look for any unknown functions or decode functions within the theme files to see if it could write anything potentially dangerous on any of your pages.
  • Don't download the theme if you don't trust the provider. It is always best to download only themes provided directly at WordPress.org. They are checked for any malpractice before made available to the users.
  • If you find out that a theme has been stolen and used for promoting websites, alert the theme owner immediately.


Deception is everywhere. It is our precaution and discretion that will save us. Don't let the crooks get away with their stratagems. High-end professional bloggers may not take this issue seriously because they have their own themes built by professionals, and are more busy making money than taking interest in fellow-bloggers' problems.

1 Opinions:

  1. Yikes...maybe you should warn us of which theme designer did that! (Though I might have a few guesses!) Obviously wasn't downloaded from wordpress directly :)

    Many themes are not created equal - even the ones that are paid themes can be a nightmare to customize and not have the best seo. I always download them and tear them apart before installing - if there's anything in there I don't like I will either change it or not use it at all.


Comments are moderated very strictly