How to Scan WordPress Theme For Malicious Code


Imagine running a search for malware codes on your WordPress theme, but discovering that it is not corrupted.

This means that you’re not going to need to waste hours hunting for a cleaner. You won’t have to shell out hundreds of dollars to get the theme cleaned up.

The optimal situation is this. But the truth, sadly, is different.

Here are two situations you may be faced with right now:

  • The theme built on your site has been identified as malicious by your WordPress Protection Plugin or hosting company.
  • On your homepage, you want to add a new theme that you believe might be contaminated with malware.

Any way, to make sure it’s really infected with malware, you want to search the subject. So how can you do that, exactly?

Don’t be scared.

In this post, our aim is to help you accomplish the following:

  • Scan your theme, whether or not it’s installed
  • Theme-infected with clean malware
  • Show you how your website can be shielded from malicious themes

We also helped hundreds of thousands of websites plagued by stolen themes over the last decade. Only follow the steps below that we have mentioned.


To scan an active WordPress theme:

  • Install MalCare WordPress scanner on your website
  • And run a scan

To scan a theme that isn’t installed on your site: 

  • You need to create a staging site
  • Install the theme on the staging site 
  • And scan the theme with MalCare malware scanner

Why Was The Theme Infected in The First Place?

In a nutshell: In the expectation that it will be built on a web, WordPress themes are corrupted. Infected themes have backdoors that hackers can use to obtain access to a site.

Obviously, on their web, no one wants to install an infected theme. Site managers are unaware that they are using a malicious theme in most situations.

So how can individuals end up with a theme tainted with malware? It’s just what sort of theme you’re using and where you got it from.

Using Themes From Untrusted Sources

There are also third-party sources selling or giving away premium themes for free, in addition to the WordPress repository.

These themes are modified and malware-infected. It is for this reason that they are always given away for free. You’re opening doors to hackers when you load an infected theme on your WordPress blog.

Using Free Themes

Confidence and integrity must be upheld by luxury theme builders. They have more sales to garner. The themes they bring into the industry are also subject to stringent quality management. Free themes lack some influence over content.

Free themes are vulnerable to bugs. To obtain access to your web, hackers use these vulnerabilities.

They inject backdoors into other themes or even plugins built on your site until they have access to your website from a compromised theme.

Using Bundled Solutions

Any themes come with plugins packed together. Bundled ideas confuse things.

Taking the Slider Revolution plugin, for starters. It’s a popular plugin for photos. Many themes were sold as part of their bundle by the plugin. Many site owners, however, were unaware that this plugin was a feature of their theme and active on their site.

Slider Revolution has a big flaw that was patched easily with an upgrade.

The owners of the site were unable to upgrade the plugin, only theme owners could. This left several WordPress pages exposed before the plugin was updated by the theme owners.

A hacked plugin or even host may be a result of infection in your theme.

In the same domain, shared hosting services run hundreds of websites. If one website is hacked, it is also possible to access other websites on the same server.

Ideally, downloadable themes, packaged options and the use of themes from untrusted services can be discouraged. But you should scan the theme before downloading it on your web, if that’s not possible. Some malware or malicious code embedded within the theme should be detectable by a decent scanner.

How to Detect Malicious Code or Malware On WordPress Theme?

Scanning it using the MalCare WordPress scanner is the simplest and most powerful method of identifying malicious code or malware on a WordPress theme. Unlike other scanners, to detect some sign of malware, it dives deep into each nook and corner. As a legitimate piece of code, it will detect malicious code concealed.

We’ll teach you how to run a search of your theme using MalCare, whether it’s built on your website or not.

There are two situations we are trying to cover:

1. Scanning Installed Themes
2. Scanning Themes Before Installation

Note: We’re teaching you how to search a theme with a plugin scanner in both scenarios. But you would rather manually search your theme and jump to this segment.

Let’s plunge straight away into the steps—

Scanning Installed Themes

a. On the WordPress website where the theme is mounted, sign up and activate the MalCare Scanner.

b. Next, from your WordPress dashboard, from the menu, pick the MalCare option.

c. Enter your email address and then press the Safe Site Now tab.

d. MalCare will continue to search the entire website that contains your themes.

MalCare will warn you if it detects any virus on your web.
There are a couple other scanners you can use to search the themes built on your web, apart from MalCare. They are Wordfence, Quttera Network Malware Detector, Protection for BulletProof, Sucuri, security for iTheme, etc.

Scanning Themes Before Installation

Before downloading it on your website, there are two ways to search a theme-

  • Build a place for staging, install the theme and run a plug-in search (reliable)
  • Upload the theme to a scanner online (unreliable)

Many scanners that are free online are ineffective. They are built to look at the code on the browser that is available. Malware is not that noticeable much of the time.

To search for malicious codes, only a specialized malware scanning plugin like MalCare dives deep into the web. Nevertheless, we’ll explain both strategies to you.

a. Scanning Themes Before Installation With a Plugin (reliable)

In a nutshell:

  • First, you need to build a staging location that is an exact copy of your live website.
  • Then install on your staging site the theme.
  • Enable a plugin for authentication and run a scan.

Let’s immerse ourselves in the steps…

Step 1: Create a staging Site

a. On your homepage, download and install BlogVault.

b. Pick the BlogVault choice from the WordPress dashboard. Insert your email ID next, then press Get Started.

c. Next, BlogVault will ask you to create an account. All you need to do is enter a password.

d. Then you’ll be asked to add your site to the BlogVault dashboard. Just click on Add

e. BlogVault will start taking a complete backup of your site. Wait for the process to end.

f. Now on the BlogVault dashboard, click on Sites and then select your website.

g. On the next page, scroll down to the Staging section and select Add Staging > Submit. BlogVault will start creating a staging site for you.

e. BlogVault will start taking a complete backup of your site. Wait for the process to end.

f. Now on the BlogVault dashboard, click on Sites and then select your website.

g. On the next page, scroll down to the Staging section and select Add Staging > Submit. BlogVault will start creating a staging site for you.

h. When the staging site is ready, you will be given a username and password. Make sure you are noting it down somewhere. You’ll need it in the next step.

i. The next step is to open the staging site by clicking on the Visit Staging Site. 

j. As soon as the staging site opens in a new tab, you will be asked to enter the username and password you had noted down in the previous step. The staging site is password protected to secure it against unauthorized access.

k. You should now be able to access your staging site. Just add /wp-admin/ at the end of your URL to open the login page. .

l. Log into the staging site with the same credentials you use to access your live site.

Step 2: Install The Theme On The Staging Site

The theme on the current staging platform was installed exactly the way you can do it on the live site. Open the dashboard for WordPress, move to Appearance > Themes, and import the theme.

Step 3: Install MalCare Scanner on Staging Site & Run a Scan

In the previous chapter, we covered how to use the MalCare scanner. To skip to that section, click here and carefully follow the directions.

Manually Searching Themes

Some of you are unable to get new plugins built on your website. The more you use plugins, the more time you waste handling them.

Under that case, why not try manually scanning the themes?

Now, we’ll be upfront.

Manually scanning a subject is not the most effective way to detect malware. Too many archives are there, too much area to cover. You are bound to fail to detect all scripts that are malicious.

In addition, this strategy is bound to fail if you are not an experienced developer. It’s hard to tell a bad code from a decent code.

That said, you want to give it a shot, here’s an article on how to do a manual malware search that will help you do just that?

If you have detected an outbreak of malware on your theme, clean it immediately. The more you wait, the more the virus will spread and who will tell your site what harm it can do!

How to Clean Infected WordPress Theme?

If you have used MalCare to check malware for the WordPress theme, you can also use it to clean the theme.

Cleaning an Installed Theme

a. Open the dashboard of MalCare and pick your website.

b. There is a section called Protection on the next tab. Tap on Auto-Clean and your site will start washing up with MalCare.

MalCare will only take a few minutes to disinfect the site.

Cleaning a Theme Before Installing

If your website is corrupted with the theme you want to use, it’s best to find an alternative theme and use it.

When you downloaded it from the Internet, the theme was still malware-infected. The vendors could be purposely peddling a malicious theme so that they can hack your site later.

If they have no knowledge of the contamination of the malware, so you should not trust the consistency of any of the goods they sell or give away.

You are putting the site at risk even though you clean up the theme and install it. Hackers can quickly locate a flaw and hack it to obtain access to your web if the theme is improperly coded.

Ask for a refund if you purchased the theme.

Whether you got it for cheap, never ever to use goods from that marketplace.

Get your theme from the repositories of WordPress or famous markets and suppliers, such as Themeforest, ElegantThemes, MyThemeShop, AThemes, etc.

> Cleaning Infected Themes Manually

Manually cleaning a contaminated subject is best left to an experienced creator. That said, even 10+ seasoned WordPress pros are hesitant to uninstall a piece of code.

By default, certain PHP functions such as eval, base64 decode, gzinflate, etc are not malicious. These features are used by several plugins to carry out operations. If you uninstall a legal piece of code, your website will be broken.

But with the aid of this tutorial, if you feel ambitious, go on ahead and clean your themes. Cleaning WordPress Theme Hacked

If you’ve given up halfway, then just clean the theme with MalCare.

You need to make sure that you defend your website from infected themes as long as you are running a WordPress account. There are some fundamental moves you can take. But let’s take a look at the effects of downloading an infected theme on your web before we get into that.

Impact Of An Infected WordPress Theme On Your Site

On your WordPress website, downloading an infected theme could lead to catastrophic consequences. It could hurt your website, which could have a detrimental influence on your company and your profits.

Direct Impact

They carry out malicious activities such as: when hackers infect your site,

One of the most common things hackers do is to deploy unauthorized redirects from the website to other pages. Stealing Tourists This pages are usually phishing sites intended to steal sensitive data from users. They may also be sites for adults or online retailers offering counterfeit items.

Stealing Data-Hackers can steal the clients’ login passwords, credit card payment numbers, or even personal contact information. Such data may be sold or used to execute further malicious schemes.

Integrating Unauthorized Advertisements-Hackers hijack and show their own ads in the advertising spaces. These advertisements may also direct visitors to malicious pages, adult sites, and the like here, too.

Impact on SEO

Slow Website-Hackers use the tools of the website to perform their malicious actions. This places a heavy burden on your server which will reduce the output of your web and cause it to slow down.

Fall in SEO Rankings-It is no straightforward job to get to the top of Google’s SERPs (Search Engine Results Pages). The attainment of SEO ranks requires relentless commitment. The pace of your platform is one of the rating considerations. Your rating will decrease as Google detects that your site is weak. Plus, if the guests are diverted, it would also cause a serious lack of traffic.

Google Blacklist-Next, Google and other search engines frequently crawl pages and automatically blacklist the site if they find such code on your site or suspend your Google Adwords account. In order to protect them, they show an alert to tourists that the site is compromised. To learn more about it, checkout this article on Google Blacklist Elimination.

Web Host Suspension

They will suspend your account and take your site offline until your hosting company discovers malware on your site.

They do this because hackers are still using the tools of your computer to conduct their malicious operations. Not only can you hit the resource quota for the server, it will also affect the speed and efficiency of your website. Your site can reduce the output of other sites on the same server if you are using a shared server.

Many hosts have very stringent malware policies and, if you have several incidents of website attacks, they will permanently remove the domain from their network.

Brand Image and Reputation

Needless to mention, they would lose the trust they have in your brand as tourists are defrauded and duped by hackers on your web. Many visitors would definitely not return to your website.

Thus, on your WordPress blog, it is so important to use only trustworthy themes. So let’s continue to search the WordPress theme for malicious code without further ado to make sure they’re safe to use.

How to Protect Your Theme From Malware Infection

You need to ensure that your theme is never infected again, now that you have washed your theme. Here’s what it takes you to do:

Use Themes From Trusted Source Only

Using only trustworthy sources when picking a style. This include the repository of WordPress Theme, Theme Forest, Mojo Themes, Innovative Themes, ThemeSnap, WP Eden, InkTheme, AppThemes, DMartify, etc.

Before letting them on their website, these market places vet their developers. They still have strict guidelines and policies that must be adopted by developers.

Avoid using compromised and nulled themes so ransomware is likely to be injected. Premium plugins can be a little too pricey to use. But the good news is, there are several free themes out there that are available.

Always Scan Your Theme Before Installation

Whether you download your theme from a reputable source or not, before you launch it on your website, we also suggest scanning your theme. Automated online applications such as VirusTotal can quickly be used to search files in less than a few seconds. You should go ahead and install it on your WordPress account until you’re sure it’s secure to use.

Disable Your Theme Editor

The theme editor is accessible from your WordPress dashboard, as we described earlier. If hackers manage to break into your site, your theme editor is one of the first things they attack, since it allows them direct access to your WordPress files from the dashboard. This editor can be used to build backdoors to allow them hidden access to your web. We highly advise disabling it if you do not need this feature. This can be achieved for you in two ways:

  • Using the Protection Plugin MalCare
  • Simply open the dashboard of MalCare and click on your site.
  • First, go to ‘Security’ and pick ‘Hardening for WordPress’.
  • You will uninstall the File Editors here. You will uninstall the theme and plugin editors on your WordPress dashboard by clicking on this one.
  • By modifying the wp-config.php file manually,
  • This technique is dangerous and the site can be broken by the slightest flaw. Before proceeding with this procedure, we suggest taking a thorough backup of the site.
  • Access and go to cPanel for your web hosting account. Pick File Manager > Public html here.
  • Next, locate the wp-config format, right-click it and choose ‘edit’.
  • Just before the line, paste the following code which says ‘That’s all, stop editing! Publishing Happy ‘:

define( ‘DISALLOW FILE EDIT’, true );

Delete Inactive Themes

Installing and testing out various themes is popular for WordPress site owners. Sometimes, though, we fail to delete the themes we don’t use.

Each part of your website offers hackers another chance to break into your website, like inactive themes. So, the safest thing is to retain just the theme you need and delete the rest of it.

We’re sure that your WordPress theme is stable after you enforce these measures.

Next What?

We are sure that your subject will be protected from malicious infection if you follow all the steps we have mentioned above.

That said, it won’t shield your website from a hacking attack by protecting your theme alone.

On multiple fronts, you need to safeguard your website. We’ve assembled an article that will help you do exactly that by checking out this WordPress Protection guide.

This guide will assist you in taking some protective precautions. Some of them, though others are nice to have, are mandatory.

Installing a WordPress protection plugin like MalCare is one of the most critical safety steps you need to take.

It will put a firewall between the incoming traffic and your site. It can cover your login page from attacks by brute force. In a regular basis, MalCare can search your website and help you clean your website immediately if it is compromised. It would also encourage you to take action to harden the web to protect the site from hacking attempts.