If your WordPress blog isn’t secured nor has a loop hole, it can be hacked easily. To avoid this, always follow our WordPress security tips and hacks to make your WordPress blog bullet proof. If you own websites which doesn’t run under WordPress, then you can follow our guide on online tools to check virus / malware on websites that doesn’t run on WordPress. Bullet Proof WordPress plugin can help you to scan your WordPress site for exploits, malware, loop holes from XSS, Base64, SQL Injection hacks. So these are must have WordPress plugins for securing your blog.
WordPress self-hosted is open source software; there can be lot of loop holes. But the security team at WordPress is fixing those issues on regular intervals. If you analyze the major reason for all these “my blog is hacked, help me please” kind of issue is mainly because people don’t use the legal softwares, tools on the WordPress website. If you try to download WordPress themes illegally and use it, there are lots of chances that the WP theme which is uploaded by a random stranger on the internet can have malicious code and malware present inside the core WP theme files.
How to clean a nulled WP theme
I am not encouraging you to use Premium themes illegally by downloading it. (You should read the last paragraph about pirating WP themes). But, if you wanted to use, make sure your nulled WP theme is clean without any malicious code or malware present inside the core WP theme files. How to check/scan for malicious code inside WP theme files?
What kind of malicious code is there inside WP theme files? The person who is uploading can insert any kind of adult keyword linking back to his website, or upload set of codes to exploit your theme later when you upload it to your website, etc.
They can inject codes which are difficult to find. The codes aren’t like regular ones, they might be encrypted, and calling just the class name using PHP code and the original code might be present on some other WP theme file. So, here we are going to learn where the malicious codes always hide? Tools to check it out after installation and how to clean theme before you install the WordPress theme.
I usually test out any WP theme on my local host. So download the WP theme on your desktop and unzip it. Use wingrep or fgrep (depend if I am on Win or Linux box) to find: “mail(” and “eval(” strings. Checks this calls if exist and remove it.
Also I would suggest you to manually open all the files under WP Theme and scan line by line for any malicious codes calling any function or class outside WordPress. If you find any codes encrypted, you can use this online tool to decrypt PHP codes.
Manual method is always the best one. Now you can install it on your local host and check the files once again. Make sure they work properly and all the functions on the theme work perfectly.
WordPress Security Scanner
Scan WordPress for Malware
You can perform additional test like if you want to reveal hidden spam links inside your website. As I said before, random strangers who upload WP themes on the internet might hide some of their website links with adult, drug keywords.
With the help of this tool, you can find whether your website is infected with these keywords stuffed inside.
Plugins to Check WordPress Infected with Malware
I will put down a list of WordPress plugins that can help you to clean nulled WP theme or any hacked theme.
This plugin doesn’t prevent any hackers to enter your website. But it can find out the scripts and modified content that are left by the hackers. Some of the methods used to insert scripts are hide the code or spam links using CSS, hide text. So these kinds of things can be found out using this plugin.
Some hackers go a step further and bind the text or codes in your database. Spam links are sometimes added to blog posts and comments. They’re hidden by CSS so visitors don’t see them, but search engines do. This plugin searches for content that are changed in WP files and DB records.
WP Antivirus plugin will scan for any malicious injections in your theme files. Not once, but automatically every day. Sometimes, you might have a perfect theme without any malicious code, but hackers try to inject code via a loop hole in your plugins directory. So this plugin daily scans all WP theme files and database tables. WP Antivirus
Theme Authenticity Checker (TAC)
This is what exactly we need. TAC stands for Theme Authenticity Checker. It searches the source files of every installed theme for signs of malicious code. If such code is found, it displays the path to the theme file, the line number, and a small snippet of the suspect code.
So I hope all these links will help you to enjoy malware free WP themes.
Note: If you’re using a free WP theme, don’t be happy. These days, hackers and strangers on the internet insert malicious codes in the free WP themes and upload it to the web. So what I suggest is, if you’re downloading a free WP theme, download it from the official WP theme repository. If you’re planning to get Premium WP theme, buy it legally from sites like themeforest, elegant themes, Woothemes etc. They’re the best in the market. Don’t PIRATE!
It takes just 10 seconds to pirate a WP theme, but do you know how many hours it takes to design a theme, code, debug and release its first version? So, Don’t PIRATE!
| For a limited time I'm sharing some select Tips and Tricks and How-To Guides for FREE. |