There are several sites that offer free WordPress themes, for example, WordPress.org This blog post is not about them. If you do a search on Google for “free WordPress Themes”, you will find many sites that offer “free” templates but look out! They may have added their own encrypted code in the footer or other file. This rogue code can open up your blog or server for malicious attacks without your knowledge.
Best practice is to stay away from those sites altogether. If you do download a free theme, check the footer and all the files manually before installing it. If you have already installed a “free” theme, use this WP Plugin that will check the code for you.
TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.