How can you identify trustworthy themes and plugins? There are a few telltale signs. Here are some ways you can identify trustworthy themes and plugins so you can be rest assured the code is of good quality and, more importantly, safe.
WordPress plugin directory contains a rich and abundant collection of free themes and plugins. The great thing about the directory is that it is maintained and policed by a great team of contributors, including people like Ipstenu who is contributes directly to the WordPress core.
This maintenance is invaluable as they are very quick to act on reports for untrustworthy content. Abusive themes and plugins are promptly removed, and the majority are reviewed before the first iteration is published.
Download Counts and Reviews
wordpress-download-ratingIn the directory, look at download counts. Yes, there may be a new plugin which will obviously have a low download count but, generally, a plugin with more than 100,000 downloads is something you can trust more.
Additionally, any registered user can review a theme or plugin and rate it out of 5. Reviews are a great indication of how the plugin performs on people’s sites. Reviews may also be useful to double check on specific features, or possible conflicts with other themes and/or plugins running on your site.
Read reviews that are rated 1/5. Reviewers generally rate something 1 out of 5 if a plugin is genuinely of low quality or doesn’t work, but sometimes a user can give something a low rating because it doesn’t work for themonly, not knowing that some other conflict may be happening. In addition, WordPress mods do check on reviews to overlook their substance.
wordpress-last-updatedAnother thing to look out for is when the plugin was last updated (or at least look at whether the author is contributing to the support section, as above).
Generally, any plugin that hasn’t been updated in more than 2 years is a plugin you should avoid. This is mainly because WordPress, in terms of core code, has evolved a lot over the past two years and with it includes new functions and processes which developers need to adopt to ensure it is compatible with current versions. Two years ago today the latest version of WordPress was 3.1.3 – as opposed to today’s 3.5.1 (with 3.6 soon to be released).
NEVER Download Free Themes
This rule doesn’t have to apply to free themes in the WordPress directory that have already satisfied the trust mentioned above – I am referring to themes available on the web in general. Don’t trust these themes. The code could contain anything, and could be harmful to your site both in terms of performance and security.
Essentially, it would be very easy for anyone to develop a simple WordPress theme and code it in such a way that they could have your whole installation (including posts, pages, usernames and general login credentials) conveniently emailed to them – or someone could run a simple script on the site that sends details about every visitor to your site.
Another thing to avoid is trying to find a free version of a premium theme or plugin. It’s easy enough to search for “[theme name] WordPress theme download free” and find what you want, but that zip file could have been forked by anyone. I have tested this once by purchasing a premium theme and then downloading one on the web offered for free. The difference between the two were slight, but enough to raise concerns.