It is almost impossible to find malicious code in a premium theme but still it is better to be safe than sorry. Unfortunately the same thing cannot be said for Free themes or Premium themes downloaded from anywhere other than the theme author’s page. I’m going to show you how to check a WordPress Theme for malicious code.
Malicious codes are added to these themes for several reasons, some of the common reasons are to get a backlink from your blog, to add adverts, redirect your website to spam links or worst of all to create a backdoor access to your website. Here is a simple guide on how to check a WordPress theme for Malicious code.
How To Check A WordPress Theme For Malicious Code
Perform a Google search
Perform a Google search on the website you are getting the theme from, this is just a precautionary move. Performing a Google search is a good way to check if there’s a malicious code in a particular WordPress theme. If someone out there has found a malicious code in a theme they got from the same location, such a person must have sounded out a warning to others.
e.g If you are getting the theme from wpseer.com, google “Wpseer.com malicious code” etc.
Scan for Virus
VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, Trojans, and all kinds of malware. The VirusTotal website is a very good tool if you want to learn how to check a WordPress theme for malicious code
Head over to VirusTotal.com, upload the zip file of the WordPress theme you want to check for malicious code, and click scan to check for virus.
Manually Go Through Theme Files
This might sound rigorous but if you know what you are looking for, this is the most effective way of checking a WordPress theme for malicious code or links. Two most common locations you are definitely going to find backlinks in a WordPress theme are the footer.php file and the style.css file.
Check Theme Authenticity
With this plugin called Theme Authenticity Checker, you can scan all of your theme files for potentially malicious or unwanted code. Theme Authenticity Checker searches the source files of every installed theme for signs of malicious code. If such code is found, it displays the path to the theme file, the line number, and a small snippet of the suspect code.
You should use this as a last resort, this is because you have to upload the theme to your WordPress site before you can perform a check with these plugins and you might infect your site in the process.
Scan Your Website
If you have uploaded the WordPress theme, a good idea would be to scan your website itself for malware or exploits. This can be done in two simple ways:
- Google Safe Browsing ( add your domain name to the end of this): http://www.google.com/safebrowsing/diagnostic?site=
e.g : http://www.google.com/safebrowsing/diagnostic?site=example.com
There you have it, now you know how to a check WordPress Theme for malicious code. Remember, the best way to protect yourself from these malicious codes is to buy a Premium theme from a trusted source.
Are you glad you read this article? consider sharing this article, dropping a comment or subscribing to our mailing list. We don’t Spam!