Laura J. Rinaldi

I tend to use premium themes, such as  Gensis or Thesis, so I haven’t run into the problem, mentioned in this article, which talks about free themes, but my gosh, it makes you realize that people are evil out there.  I have been extra wary after the whole thumb.php episode, so seeing that here are people who put bad code into free themes just to catch you, it makes me want to continue my plan of never using the “free themes” out there.

Definitely a ‘get what you pay for”, if you get a free theme, and it infects your website, or has link backs you don’t need, or any number of things that you wouldn’t have put there if you had had a say in the matter..

I had been reading a mumbling of trouble on the wordpress groups I belong to, so knew something was up, although I wasn’t sure what. One group mentioned thumb.php, and that it was a security risk, but I thought to myself, I haven’t installed that anywhere, so I guess I am safe.

Wrong. My favorite premium theme supplier had been using it, and I got an email, recently, telling me just that:

TimThumb (or thumb.php as you know it) – the open-source script we use in all of our themes to do dynamic image resizing – recently uncovered a critical security flaw in the script. This flaw is vulnerable to a potential hacker that could gain access to your server. This affects all of our existing themes and thus everyone that are currently using our themes.

Good thing, of course, is that they noticed, and have redone their themes.

And, even more wonderful, all you have to do is update their framework, and it looks for the thumb.php, and updates it to one that is not vulnerable.

So, I don’t have to dump the theme, or update the theme, just the framework. Thanks Woo.

Of course the bane of a designer working on the web is that we have to use the fonts that everyone has on their computer. Well, not quite. Recently, I started using Font Squirrel. First, because the designer I was working with insisted that I did, and then because the client I was working with wanted it.  Of course, she didn’t know that is what she was asking for. She just wanted the font to be closer to her logo, and so I went to Font Squirrel, and found something damn close, and she was happy.

Now, what is funny, is some WordPress themes claim they are special because they have this feature, but you don’t have to use anything special. You just have to include it in your css, and put the font package that font squirrel gives you in the same directory. Well, there is more to it than that, and perhaps, when I have time, I’ll do a step by step. But, right now, I have to go work on a site, with a different problem, that I need to solve.

I’m sure I don’t need to tell anyone, who has been tweaking themes in WordPress, the importance of saving the theme you are working with. Saving it on your desk top, save it in a separate folder, but do save it.  WordPress always suggests backing up your data, and perhaps that is important as well, but if you don’t have a recent copy of your design, before you start mucking with it, you will be sorry by the end of the day.

I have relearned this lesson several times, most recently on a WooTheme that I was mucking with. I did something that made it render wrong in Safari and Chrome, but not FireFox, and because I was testing in FireFox, I didn’t notice right away. The client brought it up, and I didn’t notice or understand what he was talking about until he mentioned which browser he was in. Fortunately, I had kept a copy of my earlier Theme, so I just reloaded it, and then copied my custom.css over again  It was so much easier than having to back track where I had gone wrong with the theme.

I love working as a freelancer because people who ask me to design things have ideas that I would never have thought of. To me, working in WordPress is so cool because all the page formats look the same, but people used to web pages want to have each page look different. I had a client that wanted a different graphic in the header of each page, and I had to change the code to do that.

This time, it was having a different sidebar for each page. I was talking to the client, via skype, and she noticed the pause in my voice when she told me what I wanted. “Is that going to be a problem?” she asked. “I’ll have to look to see how to do it.”

And this is true. It isn’t just me. Someone else has usually solved the problem before me, in WordPress, which is why I love using it. And sure enough, after Googling it a little, and reading responses, I settled on “Custom Widgets”, and it worked a charm. I love it. And it solved the problem I was trying to solve by reworking the code.