With roughly 17 bajillion WordPress themes, it’s hard to narrow it down to one that you like the look of. But picking the wrong theme can also set your security back. Like way back. If you don’t know what to look for, you could pick a theme that hackers can break into in a heartbeat. Don’t panic just yet. I have 4 tips for picking a secure WordPress theme. Plus, you can use them to verify if your current theme passes the test too.
Pick a secure WordPress theme built by the team at WordPress
What’s the best way to know you have a top-notch theme? Pick one built by the team that also is in charge of WordPress itself.
Think about it. Why would they want to set their users up with weaksauce themes? Especially when their themes come pre-installed with WordPress. Including a security vulnerability with their product could be a PR nightmare!
So stick with the “twenty ____” series to know that your theme was created by a team that’s not only skilled but has a serious interest in keeping your site safe. (My personal favorite so far? twenty sixteen.)
Created by a framework company
Similarly to picking a theme created by the team at WordPress, buying a theme from a larger company focused on a specific framework is a safer bet than a random theme created by Joe the developer.
I’m talking about frameworks like Genesis, Headway or Divi/Elegant Themes.
While you need to be careful that you are purchasing an official theme from the framework creator, it’s typically easy to do as they label them in their own theme store.
Keep in mind that going this route requires you to buy 2 themes. First you buy the framework theme (parent), then you buy the styled theme (child).
One that is regularly updated
Don’t want to go the framework route with your site? I don’t blame you. Instead, you can scour the numerous theme sites for a few options that you are crushing on.
Once you’ve narrowed your choices down to a small handful, look at 2 important things — when it was last updated + the support/comments area.
If you’re thinking about buying a WordPress theme that hasn’t been updated in 2 years, I’d strongly recommend you look at another option.
It’s not that the theme is guaranteed to be bad. But it does mean that the theme creator has not put their attention on it in a long while. If ever again after launching. And that does not give off good security vibes.
Don’t go down the rabbit hole of internet comments. But do take a little bit of time to read some of the issues, questions + concerns folks have had around this theme. And then notice how the theme creator responds, if at all.
If they reply with helpful solutions, you’re looking at a great theme option that will be supported as you use it. If they reply with snarky comments or don’t even bother to reply, then you know you are likely on your own. And that typically means they aren’t too concerned with updating the theme either.
A custom + secure WordPress theme
The final tip that I have for picking a secure WordPress theme that will contribute to keeping your site secure, is to have it custom built just for you by a developer that gives a damn about security.
Getting a custom built theme means that your site isn’t bloated with unnecessary features + code that can give hackers access to your site just by existing, even if you aren’t using them.
We love building secure + responsive WordPress themes for our clients so that they don’t lose sleep or business over security issues. If you’re ready to talk about your custom theme project, we’re ready to chat with you.
And while custom themes typically aren’t updated routinely, that doesn’t mean they are bad for your site. Because it was built specifically for you (versus a theme listed for sale to anyone + everyone), it was likely coded with security measures in place from the start.