TutorialWordPress Tutorial

How to Detect Malicious Code in your WordPress Themes

Malicious code is everywhere. They can also infect a website, server, even in a WordPress theme. It could be a trojans, botnets, even more dangerous, a backdoor / webshell. So it’s very important to do a routine scan on your WordPress themes, especially if you get them from unknown sources (nulled?).

Here is a plugins review which can help you to check a WordPress for Malicious code.

1. Theme Authenticity Checker (TAC) Plugin





TAC scan result


TAC stands for Theme Authenticity Checker. TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code.

[tj_download caption=”VISIT” url=”https://wordpress.org/plugins/tac/” color=”red”]


2. Theme-Check Plugin

Theme Check WordPress Plugin

Theme Check WordPress Plugin


The theme check plugin is an easy way to test your theme and make sure it’s up to spec with the latest theme review standards. With it, you can run all the same automated testing tools on your theme that WordPress.org uses for theme submissions.

 [tj_download caption=”VISIT” url=”http://wordpress.org/plugins/theme-check/” color=”red”]



3. WP Change Tracker

Change Tracker WordPress Theme

Change Tracker WordPress Theme



WordPress Change Tracker Plugin’s Setting


WP Changes Tracker is not a malware checker. What it does is highlight the changes that have been made to the WordPress database, plugin files, and theme files. This plugin will keeps track of all changes made to your wordpress structure: core, network, plugins and options.

[tj_download caption=”VISIT” url=”https://wordpress.org/plugins/wp-changes-tracker/” color=”red”]

4. Wordfence Security

Wordfence Plugin

Wordfence Plugin




Wordfence Options Page

Wordfence is one of my favorites. It starts by checking if your site is already infected. We do a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. It’s  100% free, but also offer a Premium API key that gives you access to premium support and feature.

[tj_download caption=”VISIT” url=”https://wordpress.org/plugins/wordfence/” color=”red”]

5. Sucuri Online Scanner

Sucuri Free Online Scanner

Sucuri Free Online Scanner

Sucuri scan form

Sucuri scan form

Sucuri is one of leading internet scurity firm, provides free online scanner that will check the website for known malware, blacklisting status, website errors, and out-of-date software. It’s free, but you can also paid for premium plan/feature. Sucuri, by far is one of the best online scanner out there. And it’s worth to try.

[tj_download caption=”VISIT” url=”http://sitecheck.sucuri.net/” color=”blue”]


No comments entry.


Lets Work Together!