Skip to main content

Is acmethemes.com a Scam? Security Check Results - Acme Themes Reviews

acmethemes.com favicon

Is acmethemes.com Safe? Security Analysis for Acme Themes

https://acmethemes.com

Check if acmethemes.com is a scam or legitimate. Free security scan and reviews.

TechnologyN/asmall
WordPressEasy Digital DownloadsGutentor pluginYoast SEOGoogle reCAPTCHA+6 more
Analyzed 8/1/2025Completed 9:06:28 AM
62
Security Score
MEDIUM RISK

AI Summary

Acme Themes is a specialized WordPress theme development company offering a range of free and premium responsive themes targeted at WordPress users and small to medium businesses. The company emphasizes quality coding, elegant design, SEO friendliness, and excellent customer support, positioning itself as a niche player in the WordPress theme market. Their business model revolves around theme sales and support services, supported by a professional website with clear navigation and trust signals such as testimonials and social media presence. Technically, the website is built on WordPress with a modern tech stack including Easy Digital Downloads for e-commerce, Yoast SEO for optimization, and various marketing and analytics tools. The site is mobile optimized and performs moderately well, though accessibility features could be improved. Security posture is good with HTTPS enforced and reCAPTCHA on login forms, but lacks some advanced security headers and explicit incident response policies. Privacy and cookie policies are present and GDPR compliant, enhancing user trust. However, the absence of WHOIS registrant data reduces domain trustworthiness, suggesting either recent registration or privacy protection. Overall, the site is professional and trustworthy but could benefit from enhanced transparency and security practices.

Detected Technologies

WordPressEasy Digital DownloadsGutentor pluginYoast SEOGoogle reCAPTCHAFacebook PixelGoogle AnalyticsTawk.to live chatFastSpring payment integrationjQueryFontAwesome

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Acme Themes operates in the technology sector, focusing on WordPress theme development and sales. Their competitive advantage lies in offering both free and premium themes with strong customer support and live chat assistance. The company targets WordPress users, developers, and businesses seeking affordable, SEO-friendly themes. Revenue streams include theme sales and support services. The presence of multiple social media channels and customer testimonials indicates active engagement and a growing user base. The partnership with Acme Information Technology (acmeit.org) suggests a broader organizational structure. The company appears to be small-sized and founded around 2018, with consistent branding and good content quality. Strategic observations include the need to improve domain registration transparency and enhance security policies to strengthen market position.

Security Posture Analysis

Comprehensive Security Assessment

The website demonstrates a mature security posture with HTTPS enforced site-wide, use of Google reCAPTCHA on login forms to prevent automated abuse, and secure form handling with nonces. No exposed sensitive data or vulnerable libraries were detected in the HTML content. However, the absence of key security headers such as Content-Security-Policy, X-Frame-Options, and Strict-Transport-Security represents a gap that could be exploited by attackers. There is no publicly available security policy or incident response information, which limits transparency and preparedness perception. The site complies with GDPR through privacy and cookie policies and consent mechanisms. Overall, the security maturity is good but can be improved by implementing recommended headers, publishing security policies, and establishing a vulnerability disclosure program.

Strategic Recommendations

Priority Actions for Security Improvement

1

Implement comprehensive HTTP security headers including Content-Security-Policy, X-Frame-Options, X-XSS-Protection, and Strict-Transport-Security to enhance protection against common web attacks.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Acme Themes

Description:

Acme Themes is team of expert WordPress developers. We provide Best Premium and Free Responsive WordPress Themes with incredible support & many other services.

Key Services:
Premium WordPress themesFree WordPress themesTheme supportTheme customizationLive chat support
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
WordPressEasy Digital DownloadsGutentor pluginYoast SEOGoogle reCAPTCHAFacebook PixelGoogle AnalyticsTawk.to live chatFastSpring payment integrationjQueryFontAwesome
Frameworks:
Yoast SEO
Platforms:
WordPress
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
85/100
Best Practices:
  • HTTPS enforced
  • Google reCAPTCHA on login form
  • No exposed sensitive data in HTML
  • Secure login form with nonce
  • Use of security plugins (implied by reCAPTCHA and nonce)

Analytics & Tracking

Services:
Google AnalyticsFacebook Pixel
Tracking Level:moderate
Privacy Compliance:good

Advertising & Marketing

Tracking Pixels:
Facebook Pixel
Marketing Tools:
Mailchimp for WordPress
Transparency Level:good

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:high

Key Observations

1

Website is a WordPress-based theme provider offering free and premium themes.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

15/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

53/100
Score

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

No Data Protection Officer mentioned

LOW

Large organizations may need to designate a DPO under GDPR

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: energy, transport, health, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

85/100
Score

Strict DMARC Alignment

LOW

Strict alignment may cause legitimate emails to fail

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 mx a -all
DNS Lookups:2/10
Policy:-all
DKIM Selectors Found
Selector:default(1360-bit rsa)
DMARC Details
Policy:quarantine
Aggregate Reports:info@acmethemes.com
Forensic Reports:info@acmethemes.com

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

75/100
Score

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 44 days

Weak SSL Key Length

HIGH

SSL certificate uses 256-bit key, which is considered weak

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:acmethemes.com
Issuer:WE1
Valid Until:9/14/2025 (44 days)
SANs:acmethemes.com, *.acmethemes.com

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

85/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

DNS Records

A Records:104.21.58.52, 172.67.201.18
AAAA Records:2606:4700:3032::ac43:c912, 2606:4700:3036::6815:3a34
Name Servers:
blair.ns.cloudflare.comDNS only
neil.ns.cloudflare.comDNS only
MX Records:
10: mail.acmethemes.com
SOA:Serial: 2379436404, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:59ms

SPF Analysis

SPF Record:
v=spf1 mx a -all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on WordPress CMS with a modern and well-integrated technology stack including Easy Digital Downloads for e-commerce functionality, Gutentor for block editing, Yoast SEO for search engine optimization, and multiple third-party services such as Google Analytics, Facebook Pixel, and Tawk.to live chat. The site uses jQuery and FontAwesome for UI components and icons. Performance is moderate with optimizations such as preconnect and dns-prefetch hints. The site is mobile responsive and SEO optimized with proper meta tags and structured data (JSON-LD). However, there is room for improvement in accessibility and security header implementation. The presence of multiple external scripts requires ongoing monitoring for vulnerabilities. Overall, the technical infrastructure supports the business goals effectively but should be regularly audited and updated.
Analyze Another Website