Check Malicious Code

It is almost impossible to find malicious code in a premium theme but still it is better to be safe than sorry. Unfortunately the same thing cannot be said for Free themes or Premium themes downloaded from anywhere other than the theme author’s page. I’m going to show you how to check a WordPress Theme for malicious code.

Malicious codes are added to these themes for several reasons, some of the common reasons are to get a backlink from your blog, to add adverts, redirect your website to spam links or worst of all to create a backdoor access to your website. Here is a simple guide on how to check a WordPress theme for Malicious code.

How To Check A WordPress Theme For Malicious Code
Perform a Google search
Perform a Google search on the website you are getting the theme from, this is just a precautionary move. Performing a Google search is a good way to check if there’s a malicious code in a particular WordPress theme. If someone out there has found a malicious code in a theme they got from the same location, such a person must have sounded out a warning to others.

e.g If you are getting the theme from wpseer.com, google “Wpseer.com malicious code” etc.

Scan for Virus
VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, Trojans, and all kinds of malware. The VirusTotal website is a very good tool if you want to learn how to check a WordPress theme for malicious code

Head over to VirusTotal.com, upload the zip file of the WordPress theme you want to check for malicious code, and click scan to check for virus.

How To Check A WordPress Theme For Malicious Code

Manually Go Through Theme Files
This might sound rigorous but if you know what you are looking for, this is the most effective way of checking a WordPress theme for malicious code or links. Two most common locations you are definitely going to find backlinks in a WordPress theme are the footer.php file and the style.css file.

Check Theme Authenticity
With this plugin called Theme Authenticity Checker, you can scan all of your theme files for potentially malicious or unwanted code. Theme Authenticity Checker searches the source files of every installed theme for signs of malicious code. If such code is found, it displays the path to the theme file, the line number, and a small snippet of the suspect code.

Exploit Scanner and Theme Check are two useful WordPress plugins you can use to scan your theme.

You should use this as a last resort, this is because you have to upload the theme to your WordPress site before you can perform a check with these plugins and you might infect your site in the process.

See Also: How To Check If A Domain is Blacklisted by Google

Scan Your Website
If you have uploaded the WordPress theme, a good idea would be to scan your website itself for malware or exploits. This can be done in two simple ways:

Nithin Sai

Read more posts by this author.