How to check your WordPress theme for malicious code

How To Check If Your WordPress Theme Has Malicious Code

There are tons of themes out on the market today. And by tons, I really mean hundreds of thousands!

Now, logic would suggest that if someone spent the time to fully code a WordPress theme from scratch, they must love what they do and are fully dedicated to helping you, their potential client.

Well, unfortunately, that is not always the case.

The world is full smart coding pirates who know how to slip in some malicious code while designing a WordPress theme in order to do… well, whatever they plan for it to do.

Whether it be spammy backlinks, or code to help host a hijack attempt, unwanted code in your theme should be eliminated promptly.

Many people have these kinds of code in their themes, but they don’t even realize it. If you want to check if your theme has this issue, be sure to try these things out.

Use The Theme Authenticity Checker (TAC) Plugin

TAC plugin

The Theme Authenticity Checker is a WordPress plugin that scans all the source files of the theme that you’re running on your site. If nothing is found, it will give you a green light.

However, if something is located, you will be given the theme file path and line number where the code lies so that you can remove it yourself. You can get the plugin here.

Run Your URL Through Virus Total Or Sucuri.Net

Though the TAC plugin does do a good job of checking for things, I like to triple check my work. So I like to use other services to run a check on the full theme as well as my plugins. (Can’t forget those plugins now can we)

Virus Total

Virus Total is a free service where you can either upload a theme/plugin file or search a URL for the small stuff like bad backlinks, to heavy duty stuff like Trojans. If they find something, they’ll show you what they’ll found.

Sucuri Malware Scanner

Another great free malware scanning service is Sucuri.net. Like Virus Total, Sucuri will scan the files of any given URL and run it through a security check. If there happens to be anything that needs to be fixed–including your WordPress Core Software needing to be updated– they’re alert you.

They also have a plugin that you can add to your WordPress site so that you don’t have to run the URL all the time. You can grab that here.

Think Before You Download

If you’re still in the process of choosing a theme, think before you upload one you’ve found.

Do a search on it to see what others have ran into, or run the files through one of the above mentioned sites to check for malware. If something is detected, move on to another theme.

Always try to download your themes from a reputable source. If you’re choosing a free theme from say, CSSIgniter, but it’s free to download somewhere else, go the safe route and download from the source and not another place.

Since themes can be easily edited and malicious code can be inserted in the theme, it’s better to not run the risk of downloading one that’s been tampered with. Just think smart, and run these checks ever so often to make sure your site is up to par.

photo credit: Stian Eikeland via photopin cc

Also read: 7 Common WordPress Issues and How to Fix Them

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Join Over 50,000+ Subscribers

Interested In