Is not updated wordpress themes vulnerable to hacks?
 

So we update wordpress versions, it is all good, but have some themes/templates that do not release updates, some are from way back.
Is theme folder as vulnerable to hacks as all the actual wpadmin, wpincludes etc folders that are getting updates?

Unless they contain custom functions and are not properly locked down, not really.

Old plugins though.. yep.

Plugins get hacked, theme a lot lot less..

Themes are as big a thread as plugins, if your server isent updated/hardend

Contradicting first 2 posters, so need couple more opinions to settle the score :)

bumpedski

some are, but most are not, it depends on the theme... if the theme is just a template without any additional features, it's usually safe... but if the theme includes additional features, it could be vulnerable...

No updates on anything, themes or plugs... Replace them.

Understood. It is not a good situation when you have an older theme that you like very much (and that has features).

Some themes are no cookie cutter, not so easy to replace.

just update everything to the newest version

I'd say that 90% of all "nulled" themes and plugins that floating on the Net have backdoors. There are no Robin Hoods nowadays and warez is a huge business.

The topic is not about warez and shady people installing backdoors. The topic is about non updated themes that get vulnerable due to no updates and not due to backdoors.

Even if a theme doesn't use any custom functionality, with time functions or ways of doing things which are usual or standard today might become deprecated by either Wordpress or PHP.

So yeah, keeping everything as up to day as possible is your best bet.