Modernthemes – Free WP Theme Question

Home Forums BulletProof Security Pro Modernthemes – Free WP Theme Question

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #22353
    bill
    Participant

    Hello, AITpro.

    There is a website: http://modernthemes.net/ that offers free WP themes. Some of which are as good as (if not better than) some premium sites I’ve seen. That said, they’re pretty ghostly… there’s no real information about the developers; there’s no forum, their FB link/page is a “fake” (url doesn’t exist) and I’ve heard things years back about free themes out there that had malicious code (ex: with malware/spyware) and I was concerned.

    My question is: If I used one of these themes (this one: http://modernthemes.net/demo/flatter/), and ran BPS Pro with it, would/could I still be at risk or exposed on that level to a potential security threat?

    Please advise when your schedule permits… thanks.

    Bill

    #22355
    AITpro Admin
    Keymaster

    First off, well done on doing some research before just installing something in your server environment|website.

    BPS Pro typically protects against external threats trying to get into your internal server environment|website.  If you install anything on your website|internal server environment that has a flaw|coding mistake in that code that creates a vulnerability and can be exploited then BPS Pro can protect against some of those flaws|coding mistakes being exploited, but let’s say you install something that has a flaw|coding mistake that appears to be the normal functionality of a plugin or theme.  If that flaw|coding mistake appears to be normal functionality|code|code processing in that plugin or theme then BPS Pro will not interfere with that plugin or theme functionality and will not be able to protect against that flaw|coding mistake in that plugin or theme.

    The site looks legitimate to me.  The Twitter link goes to an active Twitter account that has a recent tweet.  The facebook link may just be a URL mistake.  Modernthemes.net Domain information:  Created on 2014-02-05 – Expires on 2016-02-05 – Updated on 2015-02-02.

    Since I am a coder then I look at all of the code in a plugin or theme before installing it in my server environment.  If you are not a coder then you can do additional Google searches like:  X reviews, X scams, X hacked, X vulnerability, etc. to see what other folks are saying about a particular plugin or theme.

    #22356
    bill
    Participant

    Thanks for the response and invaluable insight…. As always, I really appreciate your time. Re: the Google searches: I was searching them out to find some reviews/references etc. and nothing’s really out there. Sidebar: I found out above them via WP. They have a free theme (https://wordpress.org/themes/gridsby/) there… no many reviews but over 27000 downloads. Its not the theme in question but…

    I know the decision is mine to make, and I will hold full responsibility of what happens next either way, but that being said: would *you use the theme? (Note: If your reply is no, then its no. There’s no way I’d use it.)

    #22358
    AITpro Admin
    Keymaster

    On the surface Modernthemes.net appears to be a legitimate outfit.  So yes I would install the theme AFTER checking the code.  I do not install anything in my server environment without first checking the code.  Post a link to the theme you want to use and I will download that theme and look at the code and post back here.  Note:  It usually takes about 15 minutes for me to go through all of the code in a plugin or theme.

    #22359
    bill
    Participant

    Thank you very much!
    This is the link: http://modernthemes.net/wordpress-themes/flatter/

    #22360
    AITpro Admin
    Keymaster

    Results for the Modernthemes.net Flatter Theme:

    Overall the theme coding work looks good. Overall the theme coding work is sanitized and secured appropriately.  Nothing supicious or malicious found in this theme’s code.

    The theme utilizes the WordPress wp_remote_post() function to check for and install theme updates from the modernthemes.net website – nothing unusual, suspicious or malicious in the update checking code.
    The theme utilizes an AJAX and jQuery file uploading script that is secured and sanitized appropriately.

    Checked the Flatter theme with Otto’s Theme Check plugin: https://wordpress.org/plugins/theme-check/ and found a couple of very minor nick nack issues below that are not a big deal|nothing to be concerned about.

    WARNING: file_put_contents was found in the file my-custom-css.php File operations should use the WP_Filesystem methods instead of direct PHP filesystem calls.
    Line 45: $makecss = file_put_contents(css_path(), ‘/********* Do not edit this file *********/\

    REQUIRED: The theme uses the register_post_type() function, which is plugin-territory functionality.

    #22364
    bill
    Participant

    I am sincerely grateful for you/AITpro.

    Thank you very much for the time invested. I will never take it for granted.

    Continued Success,
    Bill

    #22366
    AITpro Admin
    Keymaster

    Very welcome.  Checking plugin or theme code out is a quick and easy thing to do.  Debugging, fixing or creating code is a very time consuming thing.  😉

    #22367
    bill
    Participant

    Sheer genius is awesome to behold. (Insert Superman logo here!)

Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.