Are themes a security risk?

[recoil]

Hello everyone, is it a security risk to install a downloaded theme? I see so many out there but it makes me wonder if the creator could introduce a vulnerability to the store via a  theme since I see quite a bit of them that install modules, I am guessing they could introduce malware to the site under the disguise of a theme. Thank you in advance.

[recoil]

No answers at all? No one knows?

[TreeTheme Dev]

Yeah it is possible, but highly unlikely.

Maybe only some shady developers would try that but that would be revealed quickly and those themes would not last long.

 

And most of marketplaces have strict validation process that themes have to pass in order to even start of selling.

Also there are theme developers that are active on forum and selling themes on there own websites, and you can see feedback for them.

 

So you should be safe as long as you get themes well known marketplaces and developers. And in WordPress there is plugin 

that checks integrity and security of the themes, that is nice but for Prestashop there are more general (paid) module that checks malaware http://www.prestashop.com/forums/topic/303132-module-prestavault-malware-trojan-virus-protection/ so you can check that out.

[vekia]

in some cases authors of the themes adds own modules, or modify default modules, and only this is possible "break point", tpl files not

[recoil]

Thank you guys I been wondering how secure it is to get those free themes, some of them look pretty complicated loaded with modules that leave me wondering if they are safe.

TreeTheme Dev, thank you for the link to the malware module.

vekia, I am a newbie I do not know what a "break point" or tpl files are.

Once more thank you for your help.