Tag: themes



Why WordPress Themes Won’t Save You Money

While I prefer to do all my work in a 100% customized scenario, a lot of clients do request theme modifications. Many of these themes, they’ve purchased from ThemeForest or some other WordPress theme marketplace. And all that is fine and dandy, if you were just looking for something to build off of. The problem is, working with these themes versus building from scratch isn’t actually any faster or cheaper than finding a good ground up designer and developer to build something from scratch.

I know the allure of themes, many of them come with a lot of great features and WYSIWYG and built-in SEO or whatever. Heck, I’ve been tempted to create my own themes, but haven’t yet had the time to really dive into that kind of project. There’s nothing wrong with using a theme for your website, but you have to keep in mind that you can’t customize it beyond a certain point. Many themes will do really amazing things and offer some level of flexibility, but their basic structures will remain pretty similar because you can’t get away from whatever was originally laid out by the theme developer. And they try, I’m not dumping on theme devs. They do a lot of amazing, gorgeous work. I’m just saying not every business should cram their online marketing into a theme and then worry about customizing it later. At least, not if they want their marketing to be unique and easy to update.

Making the Case for a Ground Up Approach

Here’s the thing with customizing a theme or building from scratch, and I’m going to put it into a list because I am into lists.

1) Your developer will have to figure out how things were organized and coded by the theme developer.

The vast majority of the time, you’re not going to be able to get the original theme developer to come and work on your website. So very often, clients will hire out to another developer to come in and do modifications for them. The general line of thought goes that if you have a theme, most of the framework is already set up, so the developer you’re bringing in just needs to make a few adjustments here and there and add a new feature on top of the existing site and they’ll be done. Right?

The problem is, with every single project, where there’s an existing theme that the client wants to retain, I spend a good amount of time looking at the files, going through the code and getting into the mindset of the previous developer. I’ve done this countless times–hundreds of times–and I still spend time doing this ramp up for every project. The thing is, there are so many themes and developers out there and everyone thinks and codes just a bit differently. Code is an artform in a sense, because no one ever writes code the exact same way as someone else.

Code isn’t just code a lot of the time because while there’s a lot of standardized code, there’s also an unlimited amount of ways that things can be accomplished using code. And with HTML/CSS getting bigger and better all the time, there’s more code and more ways to do things than ever. All of that takes discovery time, which tends to add to development time, which means more money is spent and while the framework might be there, your hired on developer still needs that ramp up time to get used to the existing code.

2) Theme developers don’t support themes forever.

Some developers will stand by their product for the long haul, but many theme developers eventually drop support for the theme because they want to move onto something else–possibly another theme, a custom build for a client, an entirely different industry even. You can’t bet that a theme you purchased will stick around for the long haul because what’s going to happen when the developer stops supporting the theme? It might not continue to work as WordPress versions go up, certain conventions go out of date and your theme can’t be updated otherwise the entire site will break.

Can this scenario happen with a custom website? Sure. But at least with a custom website, you always have the option of calling the developer back and having them update your site to ensure it’ll work for WP versions in the future. I’ve been called in to fix or update themes that have been abandoned before, many of them ceased to work because of deprecated features that WordPress changed or removed.

Many times when a website stops working, or starts throwing blank screens at you, it’s a result of a faulty theme. This could cost a lot of money to get a developer in to figure out what’s going wrong, and related to point #1, it’s going to take that developer some time to absorb the existing code and do something about it.

3) Bloated all-in-one themes will cost you in the long run.

There’s a philosophy that I prescribe to when it comes to developing sites. And that is that I should never allow my client to be shackled by the theme or template that they’re using. What this means is that I will often (if I have the choice) develop from the ground up or choose a theme with as few built-in features as possible.

But, wait–why wouldn’t you just get the theme with the million shortcodes, and hundreds of built-in features that promises to save orphans from burning buildings? Because what happens when that theme stops being supported? Or WordPress updates and half of those built-in features conflicts with the new version of WP? What do you need millions of shortcodes for? Or what happens when you need to add a plugin to your site and that plugin conflicts with something in the theme? It happens all the time, and it’s usually as a result of theme bloat.

Themes are supposed to be about the aesthetics of the website, how it looks, basically. If you needed functionality, that’s what plugins are for. Yes, there is such a thing as plugin bloat too, but at least with the plugins, it’s a simple on or off. Malfunctions in features can be more easily diagnosed, and if one plugin does haywire, you can turn it off, fix it, or replace it. The same can’t be said for an entire theme where one built-in function ceases to work and you’re trapped still using the theme because the other built-in features you’ve been relying on are still fine.

This isn’t to mention that bloated themes often have superfluous features that end up slowing down the website and taking up massive resources. I’ve see themes that were 300MB – 400MB in size. Most of that went into features that most people won’t need. For example, why do you have 10 different pre-made color choices? Who needs all 600(?) Google Fonts natively hosted within the theme? It’s much better for optimization to only take what you need.

4) It’s not just about changing some colors and pictures. It never is.

There are a lot of great themes out there, beautifully written and flexible enough to take a lot of customization. But let’s face it, businesses are unique. Every single one of them has a special circumstance or situation and the only way to ensure that your business stands out in the website field is make sure it’s unique. You can only get so far with a pre-made theme. Sure, you can change the colors, swap out the images, add a couple of lines of code to style things just a smidgen different, but themes have had to be designed and developed a certain way to allow for that customization.

They’ve had built-in restrictions put on them because without those restrictions, things begin to go haywire. Columns don’t line up, images don’t crop properly, colors are mismatched and who knows what else. If things were just a simple color, text and image swap, you wouldn’t be calling in a developer for additional help. And even though you called in a developer and they did everything you needed them to do, a lot of websites built off of themes will forever give off the, “pre-made theme” vibe. That’s really where the whole thing comes full circle, isn’t it?

If you’re already calling in a developer to modify your theme so it looks how you need it to look, why not just build from scratch?

Again, building from scratch isn’t the right choice for every business. Some businesses thrive with premade themes that have had a couple of things about them changed. Others truly do need fully customized solutions. Just be aware that a theme will only cost under $100 if you never plan to change anything about it but the colors, text and images.



Not So Innocent WordPress Themes

The ease of setting up a WordPress blog is fairly common knowledge. WordPress themselves talk about the easy 5-minute installation. And it really is that easy! What isn’t so easy, and what a lot of people often overlook, is the maintenance and security of their blog after the initial installation.

WordPress security is about as exciting as–well, it’s not exciting at all. But like most unpleasant, but necessary things in life, your blog’s security shouldn’t be shuffled into a dark corner and never considered. This post aims to bring to light, one of the most overlooked aspects of running a WordPress blog: Malicious Themes.

While a large portion of malicious themes are free, there are some paid themes that might not be quite so innocent either. Your best defense against having your blog compromised is knowledge and the understanding that no matter how large, small, popular, or private your blog is, malicious code can infiltrate it.

I run a very small blog, do I still need to worry?
Yes. Compromised blogs don’t have to be big or popular. Most people’s blogs get infected with malicious code because they inadvertently installed something bad–not because they were directly targeted. It doesn’t matter how small your blog. Not even if you write in a blog solely for your family and friends, if you download and run a lot of unverified plugins and themes, you run the risk of compromising your blog’s security.

Do I need to a security plugin for my WordPress blog?
Some people run security plugins for their blogs, some people don’t. I can’t advise whether you should or not. It’s a personal decision with pros and cons. If you do choose to use security plugins for your blog, make absolute sure you are installing and using a trusted plugin. Read all the reviews, read reviews on different sites, make sure you are downloading the plugin from a trusted site, see what kinds of problems users have with it. Security plugins can be a lot of work, sometimes they ingrain themselves deeply into your WordPress installation so uninstalling them might be tricky. What you can do if you don’t want to run security plugins is know the risks that are out there and be vigilant about what you install.

With those two questions out of the way, let’s talk specifically about malicious themes. A theme might seem harmless enough. After all, customizing the appearance of your new blog is probably one of the more fun parts of the setup. But not all themes are created equal and not all themes are innocent.

Some theme authors will embed code that redirects, links to, or otherwise manipulates the theme to an unscrupulous website. There’s nothing wrong with a theme author linking back to their own website, and a link back to the original author is common practice. But there are some authors to embed links to sites with poor reputations. Sometimes these links can drag your own blog down, so if you’re trying to get into Google’s good books, having links to bad sites embedded in your free theme that you don’t know about won’t look good. Sometimes it isn’t easy to find these links in your theme because they might be encoded.

Base64 encoding is one of the things to be vigilant about. Very often, the presence of Base64 encoding implies that the theme author has something to hide. Perhaps it’s malicious code, perhaps it’s a link to a bad website, sometimes the purpose is legitimate but can you really take that chance? Decoding Base64 is straightforward. You can plug it into any number of websites you find on Google and discover exactly what’s being hidden from you. I recommend this site: Base64 Decode and Encode. There are a lot of reasons why Base64 encoding exists, but there better be a very good reason for it to exist on your website in the form of a theme.

Another sad development resulting from the glut of free WordPress Themes are ripoff themes. We have counterfeit handbags, counterfeit perfume, counterfeit toys, why not counterfeit WordPress Themes? These are themes that may have been offered as pay themes or were good free themes that were taken, altered to add some malicious code then released as “fresh, new, unique” and of course, “free”.

So how do you avoid downloading a bad theme?

1. Stick to official channels. Googling, “Free WordPress Theme” might yield tons of results, but who’s to say those websites are legitimate and offering good themes? Stick to WordPress.org whose theme repository contains a ton of perfectly nice free themes, Smashing Magazine and other trusted websites often recommend good free themes. But like with all things, you shouldn’t rely solely on a recommendation alone. Read other reviews, and do your own investigations before downloading and installing anything.

2. Consider paid themes. ThemeForest and WooThemes have huge selections of WordPress themes available, many of them are feature-rich, SEO optimized, supported by the authors/developers who made them, are versatile, and look beautiful.

3. Hire a designer or developer. Of course, I have to include this! 😉 Hiring a designer/developer to make you a theme isn’t for everyone–especially not for most personal blogs, hobby blogs, or blogs you keep just for fun. This can get expensive and it still requires plenty of research, but if you’re setting up a business and want to represent yourself well, a free theme that’s got malicious code in it most certainly isn’t going to cut it.