Most bloggers and webmasters who use WordPress understand that you need to keep their core files up to date and also update any plugins that they may have. Fortunately, WordPress makes the process of doing so very easy and painless, usually just a click away, and most users seem to do it without thinking about it.
To drive this point home, prominent WordPress core developer Mark Jaquith said in a recent talk at WordCamp Phoenix 2011 that “The themes of today are pretty much like plugins in terms of what they can do.”
In short, the functionality of themes and plugins overlap greatly as even “basic” themes include additional elements that manipulate WordPress by adding new options and settings.
However, while all of this new functionality is a great thing for bloggers, especially those who want to easily design a great site, it’s bad news for security. WordPress themes are a potential security risk, just as with any plugin, and they require maintenance and testing to make sure they are still safe.
Unfortunately, few people give their themes such weighty consideration, possibly leading to major problems down the road.