What are your favourite free wordpress themes and plugins?

If it doesn't relate to Debian, but you still want to share it, please do it here

What are your favourite free wordpress themes and plugins?

Postby kedaha » 2017-08-12 07:09

There are only a few wordpress themes which have been packaged for Debian; in the current stable repository there are:
twentyfifteen
twentysixteen
twentyseventeen

and the only plugins are
xrds-simple
shibboleth.

There are plenty of other wordpress themes out there but they're usually demos of premium versions and the same applies to the plugins too. There are security concerns also when installing from non-Debian sources.

It's possible to customise the themes packaged by Debian by creating Child_Themes, but it's not exactly the lazy man's option. :wink:

I just use the default packaged themes and customize them but, it'd be interesting to know —perhaps with a view to packaging them— what your favourite wordpress themes and plugins are, whether they be from the Debian repository or not but preferably wholly free ones rather than demos where the full range of features is only available on acquiring the premium versions.

Thank you for reading and for any comments.
Desktop: Mate with Open Sound System (OSSv4].
Server: LaMp, WordPress; mail server set up as detailed at ispmail.
Debian Stable & Software
Do one thing & do it well.[/size]
User avatar
kedaha
 
Posts: 2681
Joined: 2008-05-24 12:26

Re: What are your favourite free wordpress themes and plugin

Postby TonyT » 2017-08-18 20:39

I write my own themes and plugins. Sometimes I use a free theme for clients.
There are security concerns also when installing from non-Debian sources
.
There is no security risk using themes and plugins from wordpress.org, there are thousands of them.
Themes and plugins don't get installed from debian sources anyway, they get installed from the wordpress admin section (domain.com/wp-admin) or by manually uploading and activating them.
TonyT
 
Posts: 473
Joined: 2006-09-04 11:57

Re: What are your favourite free wordpress themes and plugin

Postby HuangLao » 2017-08-18 21:30

Academia theme
WooCommerce
jetpack
wordfence
akismet
contact form 7
bbpress (for forum)
captcha
S2 member framework

and others......
User avatar
HuangLao
 
Posts: 283
Joined: 2015-01-27 01:31

Re: What are your favourite free wordpress themes and plugin

Postby GarryRicketson » 2017-08-18 22:15

TonyT wrote:I write my own themes and plugins. Sometimes I use a free theme for clients.
There are security concerns also when installing from non-Debian sources
.
There is no security risk using themes and plugins from wordpress.org, there are thousands of them.
Themes and plugins don't get installed from debian sources anyway, they get installed from the wordpress admin section (domain.com/wp-admin) or by manually uploading and activating them.

Maybe , maybe not,
From: http://thecyberrecce.net/2017/01/29/installing-wordpress-on-openbsd-6-0-with-httpd/
Conclusion

WordPress becomes insecure when adding plugins, which introduces the majority of new vulnerabilities. As such, attempt to avoid unnecessary plugins and themes and uninstall them once they are unneeded. Also enable auto-updates. There are quite further actions you can take to harden your WordPress install, and I’d recommend reading the reference at [1]. You can also review the database permissions you have granted to the “wp_user” in MariaDB, and possibly restrict them to simply INSERT/UPDATE/SELECT/DELETE instructions. Then test your installation with wp-scan, a great, free and open-source WordPress vulnerability assessment.



https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9603

I am not claiming or saying a WordPress site can not be kept secure, how ever
one should not just blindly assume , "There is no security risk using themes and plugins from wordpress.org, there are thousands of them."

There are , but most are documented and many have solutions , for example:
From : https://www.exploit-db.com/exploits/42172/1. Description:



SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress
allows authenticated users to execute arbitrary SQL commands via the jobid
parameter to wp-admin/edit.php.
2. Proof of Concept:
http://[wordpress_site]/wp-admin/edit.php?post_type=job&page=WPJobsJobApps&j
obid=5 UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL-- comment
3. Solution:
A new version of WP Jobs is available. Update the WordPress WP Jobs to the
latest version.

Even at a WordPress site, says:
https://codex.wordpress.org/Hardening_WordPress
Themes / Plugins

The vulnerabilities most affecting WordPress website owners stem from the platform's extensible parts, specifically plugins and themes. These are the #1 attack vector being exploited by cyber criminals to hack and otherwise misuse WordPress sites.

These vulnerabilities are usually not introduced intentionally, they are a result of mistakes and oversights during development. Many plugin and theme developers are not highly versed in security, and so they are prone to inadvertently write vulnerable code. As vulnerabilities are discovered, developers usually address them by releasing updates. If a plugin is no longer being actively maintained however, it may remain vulnerable, and should no longer be used. It's important that you take an inventory of all the plugins the website uses and subscribe to the developer's mailing list to ensure you stay current with the latest updates. Avoid plugins that are not being actively maintained.


My favourite theme is the older default theme:
twentyfifteen, and it is still maintained, etc.
Version: 1.8

Last updated: June 7, 2017

Active Installs: 500,000+
User avatar
GarryRicketson
 
Posts: 4118
Joined: 2015-01-20 22:16
Location: Durango, Mexico


Return to Offtopic

Who is online

Users browsing this forum: No registered users and 5 guests

fashionable