How To Check A WordPress Theme For Malicious Code

It is almost impossible to find malicious code in a premium theme but still it is better to be safe than sorry. Unfortunately the same thing cannot be said for Free themes or Premium themes downloaded from anywhere other than the theme author’s page. I’m going to show you how to check a WordPress Theme for malicious code.

Malicious codes are added to these themes for several reasons, some of the common reasons are to get a backlink from your blog, to add adverts, redirect your website to spam links or worst of all to create a backdoor access to your website. Here is a simple guide on how to check a WordPress theme for Malicious code.

How To Check A WordPress Theme For Malicious Code

Perform a Google search

Perform a Google search on the website you are getting the theme from, this is just a precautionary move. Performing a Google search is a good way to check if there’s a malicious code in a particular WordPress theme. If someone out there has found a malicious code in a theme they got from the same location, such a person must have sounded out a warning to others.

e.g If you are getting the theme from, google “ malicious code” etc.

Scan for Virus

VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, Trojans, and all kinds of malware. The VirusTotal website is a very good tool if you want to learn how to check a WordPress theme for malicious code

Head over to, upload the zip file of the WordPress theme you want to check for malicious code, and click scan to check for virus.


How To Check A WordPress Theme For Malicious Code


Manually Go Through Theme Files

This might sound rigorous but if you know what you are looking for, this is the most effective way of checking a WordPress theme for malicious code or links. Two most common locations you are definitely going to find backlinks in a WordPress theme are the footer.php file and the style.css file.

Check Theme Authenticity

With this plugin called Theme Authenticity Checker, you can scan all of your theme files for potentially malicious or unwanted code. Theme Authenticity Checker searches the source files of every installed theme for signs of malicious code. If such code is found, it displays the path to the theme file, the line number, and a small snippet of the suspect code.

Exploit Scanner and Theme Check are two useful WordPress plugins you can use to scan your theme.

You should use this as a last resort, this is because you have to upload the theme to your WordPress site before you can perform a check with these plugins and you might infect your site in the process.

See Also: How To Check If A Domain is Blacklisted by Google

Scan Your Website

If you have uploaded the WordPress theme, a good idea would be to scan your website itself for malware or exploits. This can be done in two simple ways:

Ask Google

Ask Sucuri

Sucuri is a very reputable security company and they are generous to provide a free site scanner.

There you have it, now you know how to a check WordPress Theme for malicious code. Remember, the best way to protect yourself from these malicious codes is to buy a Premium theme from a trusted source.

Are you glad you read this article? consider sharing this article, dropping a comment or subscribing to our mailing list. We don’t Spam!

author bio
Brian Jackson

I craft actionable content and develop performance-driven WordPress plugins. Connect on X, subscribe to my newsletter (once a month), or buy me coffee.

12 thoughts on “How To Check A WordPress Theme For Malicious Code”

Leave a Comment