How To Pick a Secure WordPress Template

BY IN WordPress, 5.05.2016

Choosing the best WordPress template for your website can be overwhelming, and not just because of the wide arrangement of visual options! You need to consider price, compatibility with plugins and WP updates, ease of use… when you take all of that into account, it can feel as if there’s an impossible breadth of options.


In fact, most of the other factors can all feel so important that it’s easy to forget to even consider a theme’s security. And just practicing standard web security protocols, like frequently running virus protection, isn’t enough to keep your new WordPress website secure! But not all templates are coded the same, and some are significantly more secure than others. How can you tell? How do you pick a more secure template for your website?

Consider the Template Author

Whenever you’re browsing templates, make a note of their author, and give them a quick Google. Is it an individual or a company? Do they have their own website? How many themes have they coded? Are there any public reviews of their prior works?


Who the author of a template is absolutely matters. Some authors might crank out cheap, free templates just for the SEO benefit of having their website mentioned in the theme credits. Others are legitimate development companies who build their brand name based on the quality of their product. Usually, the more professional and experienced the author, the more secure you can estimate the template to be.

How Old is the Template?

Older templates and themes are far more likely to have vulnerabilities than newer ones, as newer templates are often coded with new discoveries about security loopholes in mind. For example, if you picked an older theme, it might still have a copy of the TimThumb file which allowed thousands of WordPress websites to be hacked! So always opt for a newer template than an older one.

Free or Purchased?

It’s a general rule of thumb that free templates are often less secure than purchased ones. Since WordPress is open source, no templates are independently checked for security. This means that free themes could be as secure or insecure as their coder desires. But the providers of purchased themes are held liable by their consumers for vulnerabilities and issues, and therefore often go the extra mile to ensure their themes are coded with safety in mind. In fact, many template developers highlight the security of their themes as a significant benefit of their products.

Does It Come With Support?

Some template authors provide ongoing support for their templates, which facilitates a dialogue and community between individuals using the template and the author. These communities often quickly discover and correct potential security flaws, and maintain the template for a specified period of time (usually anywhere from 1 to 5 years) to ensure that it remains secure to use.

Always Do a Security Scan

Several browser-based WordPress security scans exist which can test a website for potential vulnerabilities. Some examples of these include the Sucuri Site Check and the WordPress Security Scan web app. And the best part is that you don’t need to install the theme to your website to check! Simply put the url of the live mockup of the theme in the scanner. Doing this can give you a solid idea of the relative security of specific themes before you use them.

The Bottom Line

If security could be a concern for you, you should take pains to research your templates before selecting one. But your job doesn’t end there! You should also secure your hosting, select a strong security plugin to monitor your website, and practice sensible safety habits. Always practice safe web habits, and regularly use your virus protection software and your computer’s security suite. The personal web habits and safety practices of anyone with administrator access to your website are just as important as the security of your template.