WordPress Theme Hacked: How to Scan & Clean Corrupt Themes


Finding out that your WordPress theme is broken is a nightmare. The majority of the time, website owners do not know this until it is too late. Hackers may use hacked themes to gain access to and manipulate your website. For example, they may be storing illegal files, inserting spam links, stealing data, or using black hat SEO techniques to get their goods to rank (recommended read – pharma hack), as well as redirecting visitors to their own site.

When this occurs, you must clean your website and take preventative measures in the future. We’ll walk you through the steps.

TL;DR version

Use our malware removal service if you’re short on time and need to clean your website right away. It’s critical, however, to return and learn how to defend your website from corrupt themes.

How to Scan & Clean Hacked Themes With a Plugin

Both active and inactive themes on your website should be thoroughly examined. We may begin cleaning up the website after finding the corrupt themes.

Scanning and cleaning can be done manually or with the help of automated machines.

There are several protection plugins to choose from, but testing them all takes time. You must immediately clean up your website. We’ve prepared a comparison of the best WordPress protection plugins to assist you. Every plugin on this list will search and clean your themes if they are corrupted.

Scanning for Hacked Themes With a Plugin

After you’ve decided on a plugin, you can get it from the WordPress repository or the plugin’s official website and instal it. It’s possible that you’ll need to double-check the site’s ownership. The plugin will run a scan of your website to look for infected themes and other issues. It will take a few minutes to complete this task. This saves you a lot of time as compared to manual scanning. Apart from that, plugins are more effective at detecting difficult-to-find malware.

Not all protection plugins, however, are equally successful. Some only use pattern/signature matching, which leads to false positives. Others just look at files, not the database. MalCare’s WordPress Malware Scanner is a popular protection plugin that isn’t affected by these issues.

The WordPress security plugin should be installed and enabled. It begins scanning your site for malware once it is enabled.

The plugin analyses the code’s behaviour in addition to the normal pattern/signature matching. This aids in determining whether or not the code is malicious, as well as reducing false positives. MalCare checks all files and database tables, so there’s almost no risk of missing a hack.

It’s worth noting that the plugin runs your scans on its own server, meaning that your website is not affected. It notifies you right away if it detects malware on your site.

Don’t be alarmed if you find the hacks. Look for a plugin that can fully and quickly clean your web.

Cleaning Hacked Themes With a Plugin

Security plugins are paid services that clean compromised WordPress pages. Purchase a subscription and instal the plugin on your hacked account. The majority of plugins have a turnaround period of a few hours to a few days. It takes a long time for a security specialist to manually examine your website.

However, in this case, time is of the essence. When your site contains malicious material, Google will blacklist you, and hosting providers may suspend your account. Using the appropriate protection plugin will make a big difference.

MalCare is your best bet for removing malware from your hacked theme quickly. It’s the only plugin that lets you clean your site automatically. Let’s look at how to use the plugin to uninstall malware from your pages.

Sign up for MalCare and instal the plugin on your website to get started. When you turn it on, it automatically runs a check and alerts you if it detects malware. To begin the procedure, the user must first press the ‘Auto Clean’ button. Your website will be malware-free in a matter of minutes.

MalCare’s Automated Malware Removal is thorough, removing any trace of malware from your site. It’s also clever in that it won’t remove files until it’s positive it’s a hack. It will prompt you to contact the support team in such situations. The team will then perform a manual search and clean up your site without causing any harm.

Plugins make life easier, but if you need to search and clean corrupt themes manually for any reason, use these manual methods.


Detection and cleanup are time-consuming and inefficient when done manually. Furthermore, if you aren’t tech-savvy, you can make mistakes that lead to bigger problems. Manual approaches have a much lower performance rate than automated WordPress plugins.

2. How to Scan & Clean Hacked Themes Manually

Manual scanning necessitates WordPress users searching the site’s backend for malware. Although there are a variety of ways to look for malware, we’ll show you the three most popular.

Identifying Unknown Files & Folders

Scanning: Hackers can use files and folders that aren’t related to the theme. By comparing your website’s theme to one available in the WordPress repository, you might be able to find the hacked files. Here’s how to compare and contrast themes:

Make a list of all the themes on your site (both active and inactive) and then download the same themes from the WordPress repository. It’s important to remember to download the same versions.

Then it’s time to compare and contrast the themes. Sign in to your web host account and go to public html > wp-content > themes to see the files for the themes on your website (you can do the same using Filezilla).

Now open the themes you downloaded from the repository and compare them to the ones on your homepage.

Do you see any additional files or folders?

If you discover an unknown file or folder, it’s most likely a result of a hack.

Cleaning: We recommend deleting all unknown files, but this could have unintended effects if the folder isn’t part of a hack. Often the WordPress repository fails to detect new theme modifications, resulting in misunderstandings. An unknown folder could be an important part of the theme, and removing it could cause your website to break.

Searching for PHP Functions

Scanning: Another thing you can do is search in the theme folder for popular malicious PHP functions like ‘base64,’ ‘eval,’ ‘stripslashes,’ and ‘move uploaded file.’ The same functions can be found in the Uploads folder as well.

To look up keywords on the Linux desktop, use simple commands like Find, Grep, and Stat.

Cleaning: You should be able to uninstall malicious code if you can spot it. However, there is a disadvantage: PHP functions can be used in non-malicious code. The said PHP functions are known to be used by certain themes and plugins, and removing them would cause the theme to crash unnecessarily.

Checking Recently Modified Files

Scanning: Scanning at recently updated files has a fair chance of revealing malware. If you don’t make regular changes to your site’s backend, recently updated files may be part of a hack. Look for PHP functions in the files/folders specified in the previous section.

Cleaning: You should be able to uninstall the malware once you’ve identified it. However, since hackers alter timestamps to hide their traces, this is not a fool-proof method of malware removal.

Cleaning and scanning are insufficient. You’ll need to keep your website safe from malicious themes.

3. Protecting Website Against Corrupt Themes

Avoid Pirated Themes: If you don’t want to go through the hassle of scanning and cleaning hacked themes, follow these steps:

WordPress plugins and themes, like any other programme, can be pirated. I mean, who wouldn’t want a premium theme for free? Consider the potential damage to your website, in addition to the apparent ethical implications. Pirated themes are insecure since they instal secret backdoors on your website (recommended read: WP-VCD malware).

Instead of using pirated themes, look for alternatives that are free. Genesis themes, for example, are extremely common due to their simplicity and light weight. GeneratePress is a decent free Genesis replacement.
Purchase Themes From Reputed Marketplace:

Buying items from reputable vendors such as MyThemeShop, Themeforest, Evanto, AThemes, ElegantThemes, and others is a good rule of thumb. You can be certain that the product is of good quality, which ensures that it is less likely to develop vulnerabilities. And if they do, the themes are easily changed to prevent hackers and bots from exploiting them. Furthermore, strong marketplaces have support forums to assist consumers who are having issues.

Take the Following Security Measures:

You may also take certain basic security precautions, such as:

  • Maintain the freshness of your website (including themes)
  • Install a firewall.
  • Two-factor authentication should be implemented.
  • Apply the theory of least privilege.
  • File editing and PHP file execution can also be disabled.
  • Scrutinize the website on a daily basis, and so on.

Last Thoughts

We sincerely hope you find our WordPress theme hack removal guide to be straightforward and that you were able to successfully restore your hacked website. We know it’s been a long guide, but before you go, take a moment to read the following:

  • Make a note of this article. I’m serious. Make a note of it.
  • By sharing this post, you can assist a colleague or an acquaintance.
  • Then, to protect your website from hack attacks (recommended read: brute force attacks), instal a WordPress protection plugin. You can quickly repair your hacked WordPress theme if you have the right tools. Instant malware removal will easily clean your hacked site, avoiding any of the negative consequences of being hacked.
  • Are you ready to go? You can now concentrate on growing your company rather than worrying about your website being hacked.

Make sure you’re not hacked and that you stay that way!