When installing themes, it is important to know that certain free WordPress themes come ridden with malware, broken code, or malicious links to third-party sites. This is especially so if the free WordPress theme is obtained outside the official WordPress repository. It becomes even scarier since most of these infected themes are offered in disguise as a special offer to the potential victims. While most of these infected WordPress themes may not contain harmful code but a backlink to a third-party site, some can contain encrypted code hidden inside theme files. Let’s look at how to detect malware and fix infected WordPress themes.
Detect Malware and Malicious in WordPress Themes
The first step in discovering hidden malware or malicious code in your WordPress theme is to check if the files contained in the theme are all required in the WordPress theme. WordPress theme has some basic files required and may have additional files that are in a folder called include, images, and JS if any file has not been called in the functions.php file, it should be your first suspect. There are also a number of issues that can lead you to suspect your theme or website has been infected with the malware:
White screen of death: When your site shows a sudden white screen of death, you should suspect there is a possibility of malware infection or malicious code in your website.
Malware Warning: Warning from the malware site and it should be displayed on your site either blocking your site entirely or partially.
WordPress .htaccess hijack: Your .htaccess has been high jacked and the site keeps redirecting to sites that you don’t understand, at times the redirect is to Google search.
Popup ads and redirects: Several popup ads all over the site that keep redirecting to more popups when you click on the close button.
If you have experienced these issues there is a high likelihood that your website has been infected and possibly your theme. I would like to narrow down to WordPress themes malware infection and injection of malicious code and how to get rid of it.
Reasons why WordPress theme is infected by Malware
When you are downloading and installing WordPress themes you should be very cautious not to download and install a WordPress theme from unknown sources, pirate websites or nulled themes websites. The danger of downloading and installing themes from these sites far outweigh the benefits of using such a theme.
I would recommend you always install themes from the WordPress repository. Make sure you install themes like evolve whose authors are reputable.
Most infected themes that have malicious code or malware are always obtained outside the WordPress repository or outside a reputable marketplace like Themeforest. These themes are infected since they are manipulated by hackers with the intention of stealing your data.
I cannot overemphasize the need to install only those WordPress themes whose authors you can trust. Most theme hackers want to create a secret backlink to their site, get access to your blog, redirect your site to spam blogs, add advertisements banners to your site and worse bring your site down!
How to Detect Malicious Code in WordPress Themes
Scanning WordPress Themes before Installation
The first step when scanning for malware in WordPress themes is to scan the zip file before you can even install it on your WordPress site. When I download a WordPress theme and want to scan it for malware before install, I go to Virus Total which is a very useful scanning tool. I upload and analyze the zip for any malware or malicious code:
I to use this site to scan for malware and malicious in WordPress theme since you can see a detailed report of a particular zip and see the previous scan that has been carried on this file. This helps you to make an informed decision before you install the WordPress theme.
Scanning Installed WordPress Themes
The fastest and easiest way to detect malware and malicious code in already installed WordPress themes is to use a plugin called TAC, a theme authenticity checker. This plugin is priceless since it is able to scan your site and point out the location of malicious code making it easier for you to remove this code.
The first step to detecting malware and malicious code in your WordPress theme is to download and install this plugin Theme Authenticity Checker (TAC)
How to Scan a WordPress Theme for Malicious Code with TAC
After downloading and installing this plugin you should go to Dashboard > Appearance > TAC and will see a list of WordPress themes with the warnings highlighted in red for those that contain malicious code if your theme is ok you see the message against the theme:
As you can see on the image above, on my localhost WordPress installation, I have three themes installed and the active theme is Evolve. You can see after the scan TAC has passed the themes since they don’t contain any malicious code or malware.
Testing for Malicious Code in WordPress Themes
I would illustrate by installing some malicious code in one of the installed WordPress themes and we’ll see what happens when TAC scans again. I have added malicious encrypted code in the footer of the Twentysixteen theme as shown below:
After adding this malicious code in this theme, I go back to TAC to check if it has been detected and look at the details for this malicious code:
As you can see from the scan, already we can see that this Twentysixteen theme has some encrypted code. This makes TAC a very effective plugin for detecting malicious code in WordPress themes.
For you to determine where the malicious code is located you need to click on the Details button and look at the file and line of code that has this malicious code:
Since we have located the file and the line of code where the encrypted code is located, we can navigate to that file and clean up the file. After cleaning up the code, you can now test to see if the theme is clean:
After cleaning this theme we can now see that it is devoid of any malicious code or links.
How to Scan & Detect Malware in WordPress Theme – 2022 [Guide]
Need to find out if your WordPress theme is infected with a malware? Not sure if your nulled wordpress theme has a malware. It is not safe to install nulled wordpress theme as most of these are infected with virus or malicious code. It becomes mandatory for you to scan your WordPress theme & plugins for malicious code and detect malware infection to prevent wordpress hacking in 2022.
Let’s make sure that your WordPress Theme Is Free From Malware. In this blog, we will help you scan your WordPress theme for malware or malicious code along-with best plugins you can use to scan your WordPress theme for potentially malicious code. After you have detected a malware in wordpress, you might also need to know how to remove malware from your WordPress site.
WordPress premade templates are infected with backdoors in hopes that someone will purchase the theme and install it. When you install an infected theme, your WordPress site becomes target for hackers. Proper checks can help ensure you are safe, but many cyberattacks are not discovered until after the fact. So, how do you end up with malware-infected WordPress themes? It comes down to what theme you are using and where to get a secure wordpress theme.
Scanning your WordPress website with WP hacked help malware scanner is the quickest way to detect malware and malicious code. Another free alternative is to install TAC, this plugin is available on WordPress.org, but it’s not enabled by default. To get started with TAC, you’ll need to install the paid version of the plugin from your WordPress dashboard. You can also download the free trial version from the link below.
Once you’ve activated TAC, make sure your website is clean before continuing with the next steps. The reason for this is that if you try to disable certain malicious functions within a theme before its infection has been fully cleaned, you may cause issues with your site’s functionality.
Here are some ways that you can identify if your website has been infected with malware:
- If you notice any suspicious activity on your website (i.e., a lot of traffic or visitors), then there’s a good chance that malware has infected your site’s files.
- If someone posts suspicious links or content on your site, then there’s a good chance that malware has infected your site’s files.
- If someone sends you an email claiming that they have “discovered” problems on your site, then there’s a good chance that malware has infected your site’s files
Malware in WordPress themes can be detected by first checking for the presence of malicious files or code. Malicious files are typically located in the wp-content/themes directory.
For example, if you are using a free WordPress theme from outside the official repository, it is important to scan the file using a scanner such as VirusTotal before installing it on your website. This will tell you if the file has been previously reported as containing malware or not.
You can also check for malicious code within the theme by scanning it using an online service such as WP Hacked Help that allows you to detect suspicious code in your WordPress theme files and remove them or by scanning it locally using a tool like WordFence or Sucuri Security.
If you find any suspicious code within your theme files, then it is best to remove that code and replace it with a clean version from the original author’s site.
In 2022, More than 30% Nulled wordpress themes were found infected with a malware of some kind. So it becomes more important in 2022 to make sure that security should be yopur top priority.
Don’t Know if your WP theme is infected with malicious code. Find out now.
NEED IN DEPTH FREE WORDPRESS SECURITY AUDIT? GET IT HERE
What is A Nulled WordPress Theme?
Nulled means Cracked or Hacked Version of a WordPress Theme. Basically,its a Premium WordPress Theme which is available for free(illegally).
Nulled themes are designed by the developer who has hacked into their premium theme and published it for free. This can be done by downloading the original premium premium theme from their website and changing it by yourself, or by using an online tool to do so.
Once you have downloaded the theme, you will find inside a folder with all files needed to change your premium theme. You can then edit these files and upload them on your server. Themes like this are also known as ‘Theme Forest’ or ‘Theme Forest Project’ (TF).
These themes have been uploaded by many developers over time and now become available for download via various file sharing sites like Rapidshare, Depositfiles and Mediafire etc
Disadvantages of Nulled Themes
- The biggest disadvantage of using a nulled theme is that it’s not officially developed by the original developer. That means there are chances that you’ll run into a lot of bugs and issues, especially if you don’t know how to troubleshoot them.
- If you are using a nulled theme, there is no guarantee that the theme will work on all devices or in all browsers
- No support from the developer.
- May not be updated in future. You may not be able to update your theme without downloading the original files from the developer site.
- Some Nulled themes are not compatible with plugins and extensions, which means if you want to add a feature in your website, you will have to install those separately.
- These themes mostly come up with the backdoor hack for entering your website which loosens the website security and makes it prone to hacking and common malware infections like Japanese keywords hack & WordPress malware redirect.
🛑 Is Your WordPress Theme infected with Malware?
WordPress is featuring premium themes in its latest versions which are highly secure and malware insusceptible. Unfortunately when it comes to free themes, they are the most easily targeted preys for web attackers. The reason behind is that downloading a free theme from an unknown source or pirated websites may affect the security of your websites.
Such themes are poorly coded and lead to create unauthorized access to websites through loopholes. An unknown source of theme may be created by a hacker who tweaks it for their own profits. There are several reasons behind the exploitation of such themes.
Some of the common reasons are:
- To get a back link from the blog posts on your websites
- For redirecting your website to spam links
- To add adverts.
- To create a backdoor to your website
Impact Of Malware Infected WordPress Theme
An infected theme can lead to many different problems.
First of all, it could damage your website. This could cause your site to act in an unexpected way or even crash. It could also slow down your site and make it inaccessible for visitors.
The worst case scenario is that the infection will steal all your blog’s content and put it on another website – a malware distributor. This would be devastating for your business as you will lose all your revenue and traffic overnight.
You should always make sure that the theme you are going to install on your WordPress site is not infected before you install it. You can do this by using a virus scanner or by looking at the reviews on the official website of the developer.
1) Malicious code embedded in the theme will be executed by the server every time a user visits your website. The code may include a backdoor or virus, which infects the files on your server and damages them.
2) If you purchase a premium theme from an untrusted seller, there may be malicious code inserted into it by the seller before they sell it to you. They may do this so that they can spy on their customers and steal their data (for example: credit card details). When you install this theme onto your website, the malware will run automatically and collect information about you and other visitors to your website. This can lead to identity theft, credit card fraud and other financial crimes being committed against you or other people visiting your website using infected themes downloaded from untrusted sellers
If you are using a premium theme for your website, then it is a good idea to check for the latest security updates regularly. A lot of times, security patches are released for themes to ensure that they are safe to use.
If you are using an untrusted theme, then it will be better if you can uninstall it and install a new one that has been verified by the WordPress team. It is important to keep your website secure because a compromise could lead to loss of revenue and reputation.
Apart from installing an infected theme, there are several other ways in which your WordPress website can be hacked or compromised. You can get infected by visiting websites that have malicious content on them or by clicking on a link that contains malware. There are also chances that your website can get hacked if you are using an outdated version of PHP or MySQL database server software.
If you want to stay away from all these wordpress security issues and keep your website secure at all times.
⭐ How To Detect Malicious Code in A WordPress Theme?
Before discussing the steps to How to Detect Malicious Code or Malware in WordPress Theme , let us hammer out the locations where the malicious code is generally inserted by the hackers. The two common locations on target of smart hackers are the footer.php file and the style.css file.
Apart from this, you should manually check all the files within the theme. The WordPress themes might include some basic files for its functioning. But, if you find additional files that are called without the .php function then your themes are injected with serious malware.
Signs that your WordPress theme is infected with malicious code:
- Google Warning Messages (“This Site May Be Hacked”, Deceptive site ahead warning, Google Blacklist Warning message): Your website will be displayed with a malware warning message with either an entirely blocked website or partially blocked website.
- WordPress White Screen of Death: When your website suddenly starts showing white screen of death, it means that your site is probably exploited with malware infection. Read it in detail here.
- .htaccess pirate: If your .htaccess file is corrupted, it keep redirecting your website to other spam links which you can’t understand.
- Popups: When there are several popup ads running on your website start redirecting towards malicious links or other popups if you tend to close, this means your website is a victim of malware exploitation.
- Constant crashes: Your website crashes too often
Found any of the above signs on your website. Get urgent help fix your hacked site now.
🛑 How To Find Malware in nulled WordPress Theme?
You can follow these methods for checking Malware in WordPress Themes .First of all, Perform a Google search on the website you are getting the theme from, this is just a precautionary move.
Performing a Google search is a good way to check if there’s a malicious code in a particular WordPress theme. If someone out there has found a malicious code in a theme they got from the same location, such a person must have sounded out a warning to others.
Initial step in discovering hidden malware or malicious code in your WordPress theme is to check if the files contained in the theme are all required in WordPress theme.
💡 NOTE – If you are a developer, want to dive deep in and find out. Otto does a great job here, going in-depth and dissecting the theme to check for malware presence.
- ⭐Scan WordPress Theme before Installation
The most frequent technique to detect malware on your installed themes is to scan your entire website. This will scan all the files on your website. You can do so in several ways:
- ⭐Safe Browsing Tool:
Google Safe Browsing is a tool that alerts the webmasters when their websites are compromised with unsafe content or malicious files. You can use this tool to diagnose your website for surreptitious malware and resolve it.
Insert your website url in the above mentioned link and press ENTER. For example –
When you press ENTER, it will provide you the Safe Browsing status of the website with the unsafe content found on your website.
- ⭐Search Files
Make a cross file search for
eval. If you find this one then the author (or someone who ripped it) has something to hide. Read more about eval(base64_decode hack.
- ⭐Tools to Detect Malware in WordPress Theme
You can also use free wordpress security scanners for scanning your website. A short overview of such scanners:
- PCRisk: It is a free online tool that can be utilized to can any website for malicious codes, vulnerability exploits, infected files and other suspicious activities.
- SiteGuarding.Com: Another popular online tool to check your website for malware and security issues.
- After downloading the plugin or theme, The first thing you should do is to check for virus, trojans and other worms using Virus Total.
- WP Hacked Help: A free online wordpress malware scanner tool. You can scan your website for potential malware with this tool. You can also use a security plugin such as Wordfence
⭐ WordPress Theme Checker Plugin To Detect Malicious Code
Another effective way to deal with malicious code disguised in your free WordPress themes is to install best security plugins for WordPress, that are designed for this purpose only.
So here are the most powerful WordPress plugins to check WordPress Theme for malware.
- Theme Authenticity Checker (TAC)
TAC scans the source files of all the WordPress themes installed on your website. It takes you to the particular theme, the line number and a small piece of the distrusted code where the suspected malware is found. You can analyze the code and hence, easily remove the malware. To download this plugin, click here.
- WP Antivirus Site Protection
This plugin regularly scans not only the WordPress themes but also all the other files uploaded on your WordPress website. The important feature is that it keeps the customers up-to-date with the site’s security issue by sending alerts and notifications via email.
- Quttera Web Malware Scanner
This plugin is specialised in detecting hidden malware, viruses malicious codes, spam links, blacklisting status and much more. So, you can use this tool to scan your website for free by installing this plugin. Quttera offers different malware cleanup plans for websites. To check these plans, you can visit the website.
- BulletProof Security plugin:
BulletProof Security is one of the best wordpress security plugins of 2020, it comes with a number of salient features for WordPress security protection. This plugin has MS Malware scanner to scan each and every file present on your WordPress website. It also offers .htaccess Security WordPress Protection (Firewalls). Other features are login security. database backups, anti-spam and regular monitoring of website for website protection.
Anti Malware is one of he popular plugins used to scan and detect malware from WordPress websites. Free version of WordPress offers detection of malware whereas you can also choose premium version for additional features. A premium Anti Malware plugin checks the WordPress site for brute-force attacks and DDos Attacks. You can get it here for free.
⭐ Preventive Tips To Make Sure That WordPress Theme is Safe.
- Never download any free theme from other than author’s website. It can make your website vulnerable. Get paid Themes From Reputable Places such as Theme Forest, Mojo Themes, Creative Themes, ThemeSnap, WordPress Theme Directory, WooThemes or templatemonster
- Scan your website regularly with a reputable WordPress security scanner. It checks your website for WordPress infections like Malicious Redirects, Malware Injections, WordPress Backdoors, Google Blacklisting, Japanese SEO Spam. We start cleaning up your website once your request is submitted. Another important feature is we scan your website on regular basis and keep you notifying about the current security status of your WordPress site. If you are interested 👉👉 Give it a try here. today.
- Use Tools to Check Your Themes such as Themecheck.info, Theme Check & Exploit Scanner
- Keep backup of your website at hand.
- Make sure you have a highly secure hosting service.
- Always use the latest version of WordPress. (See WordPress Releases)
- Keep the plugins and themes up-to-date with the latest versions. Always buy premium themes from official WordPress theme repository.
Need Urgent Help Fixing Hacked WordPress Site.