If it sounds too good to be true, then it probably is. Unfortunately, this is the case with most Envato ThemeForest themes for WordPress websites. It’s easy to understand the draw: ThemeForest offers affordable website designs with lots of bells and whistles. Instead of spending hours creating your site, or paying for a custom site, you can purchase a package for under $100 and have a beautiful looking site. Which is fine and dandy until something goes wrong. And something will go wrong. We have seen it time and again, and the multiple security issues we’ve had to fix on client sites are a big part of why we don’t recommend Envato ThemeForest for WordPress sites.
What is Envato ThemeForest?
ThemeForest is like an Etsy marketplace for all kinds of website designs. Independent developers sell their templates and themes for the various content management systems. Due to the immense popularity of WordPress as a website building platform, that content is a big seller. Consumers can search for WordPress themes by category and niche, pay one fee, and quickly get started with their new website. Unfortunately, building your site on a ThemeForest theme means you are starting out with a very poorly built foundation that results in lots of needed repairs in the future.
It’s common practice on ThemeForest for developers to bundle themes with premium plugins. Who wouldn’t be enticed by a package that offers all the tools and services you need for your site? Unfortunately, when you purchase these themes you don’t receive a license key for any premium plugins that are “included”. This means that in order to update the “bonus” plugins in the future you will have to make an additional purchase. Ouch.
To make it even worse, these themes often suppress update notifications for the bundled plugins. This means that site owners are not even aware that an update is available! Out-of-date plugins create huge security issues for your website, which will lead to more headaches and expenses for you down the road. We have seen this first hand, and it’s a real bummer to have to deliver such bad news.
Security Issues with Envato ThemeForest
The best known example of this type of issue happened several years ago with Slider Revolution, one of the most commonly bundled plugins on ThemeForest. A serious security vulnerability was uncovered with the Slider Revolution plugin, and the plugin developers released an update that fixed it. However, for people who had unregistered versions of the plugin that came bundled with their themes, the update wasn’t available because of the points listed above. This left tens (or maybe hundreds!) of thousands of websites wide open to hackers, and site owners were largely unaware of the issue. We dealt with fixing this problem for multiple clients who were affected by this massive security risk.
Failure to Meet Industry Standards
Industry standards and best practices dictate that theme and plugin products should be separate, not bundled together. Most ThemeForest themes ignore this standard. If these themes were submitted to the WordPress.org repository, they would be rejected because of their poor practices. (That means that, by industry standards, these “premium” themes are not even considered good enough by WordPress themselves to be given away for free, let alone sold!)
Why does this matter to you? What we are currently seeing is that older version of the WP Bakery plugin (formerly Visual Composer) from ThemeForest are not compatible with the newest versions of the WordPress core. When the core is updated, this conflict issue causes all kinds of wonky formatting on the page. This current issue is causing things like disappearing images in sliders and making images and text overlap where they shouldn’t. Their failure to meet industry standards means you wind up with a website that looks unprofessional.
Due to the nature of these serious issues, we think of most ThemeForest themes as ticking time bombs. The problems get buried by shady practices and usually only become apparent once a site has crashed or been hacked. When your site is built correctly you will know exactly when and why plugins need updating. This means you can fix small issues before they turn into big problems.
You can still build a beautiful site without ThemeForest using WebWiskee, a soon-to-be-released DIY WordPress site builder. Genesis is another option for building a safe, secure site. If you’re not sure what framework your site was built on, or whether your site is even up to date, we can help! Our WordPress Website Technical Audit will take a magnifying glass to your site to find all the security threats and others issues that need to get fixed ASAP!