WordPress is a great tool, at least until it is hacked. One reason to keep your sites updated.
WordPress themes are great fun, like a wardrobe for your website, change themes and you change the look and feel of your site. There are premium themes (ones you pay for, and should have customer support to help you with issues) and free themes. Both are OK, but use great care where your themes come from.
You can now upload and add themes from your wordpress admin panel. Those are checked for issues, I’ve not found any not safe to use.
What is sad is when you search online for free wordpress themes, you find many sites, several of which add spammy or malicious code. Adding these themes can even spread the bad stuff to your other themes, blogs. I look at the files before uploading. If I find encrypted looking stuff, I do myself and others a favor, don’t use it.
2 theme sites to avoid: I was wondering if they were just the themes someone sent me or all the themes on their sites. Not finding a theme without malicious encrypted code, I searched online to see if others also found such to be true.
Protect your sites, don’t add mal themes to your webhost.