Free Themes with a Hidden Cost

About 11 years ago, I registered, as it derives from the name of my home county, or “The County” as Mainers call it. I later let a good friend have the domain, which I long regretted.

It’s nothing to do with him; he’s a great friend. In retrospect, I could have put the domain to good use. Today, I looked over the WHOIS record, which indicates the domain record was created in 2002. Mmmm, 1996 is more like it. He must have let the domain expire at some point.

He IMed on Friday about troubles. Our exchange:

Friend says: (9:02:13 PM)
hey Joe…
Friend says: (9:02:18 PM)
I was hacked…
Friend says: (9:02:24 PM)
Joe says: (9:02:33 PM)
Oh. Oh.
Friend says: (9:02:55 PM)
Yeah, friggin’ Joomla.
Joe says: (9:03:21 PM)
I told you Movable Type 4.
Joe says: (9:03:26 PM)
Your template right?
Friend says: (9:03:28 PM)
Still haven’t updated the site. Just made sure the hacker stuff was gone.
Friend says: (9:03:36 PM)

On Wednesday, Derek Punsalan warned on his 5THIRTYONE Weblog that “Templates Browser is re-distributing public blog themes which are modified in such a way as to exploit the end user by inserting hidden spam or malware links”.

I’ve wondered when something like this would happen. Last year, I stopped using WordPress out of concern free templates would get hacked in similar manner as they did last week—and who knows how much earlier.

While I’m a huge fan of the open source concept, I’ve long recognized that criminals could use WordPress openness, particularly the huge marketplace of free blog themes, for nefarious purposes.

I warned my buddy against Joomla, too, strongly recommending Movable Type 4 when its beta released a few months back. He’s using MT 4 now.

It’s disappointing, really. Free themes are part of these other blogging systems’ appeal. Maybe an old saying should be a new one: You get what you don’t pay for.

Photo Credit: Matt Brubeck

Update March 28, 2010: Last year, I reacquired from my friend. It will be an upcoming project.