Monthly Archives

August 2017


Detecting Malicious Codes Hidden Within WordPress Themes/Plugins

Step 1: Check for Virus and Trojans

After downloading the plugin or theme, the first thing you should do is to check for virus, trojans and other worms that you may not like it.

Go to and upload the zip file to check for virus.

If your file is infected you will get a red signal and if not then you can move on to next step.


Step 2: Check for unwanted codes in Plugins

Now lets check for unwanted codes in plugins using another WordPress plugin called Exploit Scannerwhich can be securely downloaded from WordPress website.

After installing it go to Dashboard > Tools > Exploit Scanner and run the scan. It will take some time to complete the scan and the time depends on number of plugins you have installed.

After the scan you can see a list of codes that are suspected. You can use the browser search function to find the plugins that you installed from outside WordPress repository.


Step 3: Check for Theme authenticity

Adding a backlink in a free theme is very common technique but you can easily find those exploited themes by the plugin called Theme Authenticity Checker (TAC).

Install the plugin and go to Dashboard > Appearance > TAC

You can see the list of themes installed with their authenticity result. It will give a warning if any encrypted links are found in a theme.