How Well Does your Theme Work with the WordPress Core?
Themes available through wordpress.org have more information available on the security of the theme than through other popular theme sites.

Most of my new clients come to me with existing sites. Sometimes, their developer has gone on to a corporate job, or disappeared altogether. Other times the site has been hacked or has a coding problem that is beyond the skills of the original developer. It is not uncommon for the problems to come from the choice of themes.

Examples of Theme Problems
Example 1: Turning off the WordPress child theme function. Some years ago, I started work on a site where the developer had gone on to a corporate job, but the site had been hacked. In trying to restore the site, which had no recent backups, I found a second major problem. The previous developer had chosen Thesis, a theme that by-passed and turned off the WordPress core function of child themes. To get out of the theme with the same look and feel would have required a significant rebuild beyond restoring the site.
Example 2: Too many themes. Another client who came to me with a hacked site had installed an incredible number of themes on his site. Some of the themes were not from trusted sources and gave hackers access to his files. In a WordPress class, he had learned how easy it is to switch WordPress themes, but not how to do a check on the security of the themes.
Example 3: Worst practices. A third client had the Avada theme. It was a complicated framework theme. While it didn’t override the child theme function, the framework was built in such a way that it added a couple of thousand lines of code in a place that made the site load slowly. Also, there were insecure plugins embedded in the theme.
Why Do We Need Themes?
When you first install a theme, you don’t know how it works. You don’t know what all it can do or how to make it do what it can do. For example, a student changed from Twenty Fourteen to a different theme because there was no easy way to change the background color. That means that the theme writer either didn’t write a function to change the background color, or the theme writer didn’t make it easy to find that function.
For a WordPress site to work, it has to have a theme. The WordPress core provides functionality, not layout. But, all WordPress installs also come with themes written by the folks at WordPress. The reason other people write themes is because they want something different than WordPress out-of-the-box. That means that the theme has to change the way the WordPress default install works. But that doesn’t mean that you change the files that come with the WordPress install. WordPress has provided a system to make those changes called Child Themes. But, child themes have a learning curve, so many themes try to make it easy. In fact, the theme fights the core for you so you can fight the theme!

Here is an example. The Kahuna theme comes with some very nice boxes under the main banner image. At least the version on the theme page shows that it does, but when you first set it up, those boxed just don’t work. That is because, it’s up against the WordPress core.

The WordPress core was originally designed to show the most recent posts because it’s blogging software at the core. But, the WordPress core allows you to choose instead to have a “static” page, which is just a regular page, for the home page instead of a list of your most recent posts. The Kahuna theme starts with that same WordPress core function. The problem is that you don’t know why it’s different from the photos, it just is.
Now, you have to fight Kahuna to get it to look like it’s advertised. If you go to Appearance -> Customize -> Landing Page -> Settings and enable the Landing Page, it seems like it should do the trick … but it doesn’t. Well, you do have to do that, but it’s not enough. You also have to go to Home Page and choose a Static page.

Leave a Reply

Your email address will not be published. Required fields are marked *