It is almost impossible to find malicious code in a premium theme but still it is better to be safe than sorry. Unfortunately the same thing cannot be said for Free themes or Premium themes downloaded from anywhere other than the theme author’s page. I’m going to show you how to check a WordPress Theme for malicious code.
Malicious codes are added to these themes for several reasons, some of the common reasons are to get a backlink from your blog, to add adverts, redirect your website to spam links or worst of all to create a backdoor access to your website. Here is a simple guide on how to check a WordPress theme for Malicious code.
How To Check A WordPress Theme For Malicious Code
Perform a Google search
Perform a Google search on the website you are getting the theme from, this is just a precautionary move. Performing a Google search is a good way to check if there’s a malicious code in a particular WordPress theme. If someone out there has found a malicious code in a theme they got from the same location, such a person must have sounded out a warning to others.
e.g If you are getting the theme from wpseer.com, google “Wpseer.com malicious code” etc.
Scan for Virus
VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, Trojans, and all kinds of malware. The VirusTotal website is a very good tool if you want to learn how to check a WordPress theme for malicious code
Head over to VirusTotal.com, upload the zip file of the WordPress theme you want to check for malicious code, and click scan to check for virus.
Manually Go Through Theme Files
This might sound rigorous but if you know what you are looking for, this is the most effective way of checking a WordPress theme for malicious code or links. Two most common locations you are definitely going to find backlinks in a WordPress theme are the footer.php file and the style.css file.
Check Theme Authenticity
With this plugin called Theme Authenticity Checker, you can scan all of your theme files for potentially malicious or unwanted code. Theme Authenticity Checker searches the source files of every installed theme for signs of malicious code. If such code is found, it displays the path to the theme file, the line number, and a small snippet of the suspect code.
Exploit Scanner and Theme Check are two useful WordPress plugins you can use to scan your theme.
You should use this as a last resort, this is because you have to upload the theme to your WordPress site before you can perform a check with these plugins and you might infect your site in the process.
See Also: How To Check If A Domain is Blacklisted by Google
Scan Your Website
If you have uploaded the WordPress theme, a good idea would be to scan your website itself for malware or exploits. This can be done in two simple ways:
Ask Google
- Google Safe Browsing ( add your domain name to the end of this): http://www.google.com/safebrowsing/diagnostic?site=
e.g : http://www.google.com/safebrowsing/diagnostic?site=example.com
Ask Sucuri
Sucuri is a very reputable security company and they are generous to provide a free site scanner.
There you have it, now you know how to a check WordPress Theme for malicious code. Remember, the best way to protect yourself from these malicious codes is to buy a Premium theme from a trusted source.
Are you glad you read this article? consider sharing this article, dropping a comment or subscribing to our mailing list. We don’t Spam!
nicely described, like it
I’m glad you found it helpful, thanks for dropping by, Mehvish
Great article.
Thanks for sharing. Testing Sucuri now.
Appreciate the share once again mate. Keep it up!
Thanks Reginald!
nice tips, and list, but how can i test my plugin for the codes
The best way is buy the theme….
thanks (y)
Np, glad I could help!
My plugin for find a suspicious files from your wp-upload. https://wordpress.org/plugins/scan-upload-par-jm-crea/
Hi Brain, thanks for awesome tips. Now i dont use Nulled themes..
really helpful! THX!
Helpful post saved my blog from malicious plugin