Skip to main content

How to Scan And Detect Malicious Code In WordPress Theme?

Do you suspect that your WordPress theme is malicious? Or maybe you’ve finally found a WordPress theme you love but you’re not sure if it’s safe to install? We will show you how to scan WordPress theme for malicious code.

Apart from the WordPress repository, there are thousands of websites where you can find a theme for your site. Plus, there are nulled versions of a premium theme that are hard to resist.

We wish we could tell you could use any theme you find! But the truth is many themes from third-party sites contain harmful code that can infect your website.

Once you install an infected theme on your site, it gives hackers access to use your site to execute malicious activities. Hackers can redirect your visitors to other websites where they dupe them into sharing their personal data or buying fake products. They can display malicious ads on your site and even steal your data.

If there’s harmful or malicious code on your site, Google will blacklist you and your web host will suspend your account.

You can prevent all this by scanning your WordPress theme to make sure it’s clean. In this step-by-step guide, we’ll show you how to scan a WordPress theme and give you tips on how to pick a good theme that’s safe to use.


To scan your WordPress theme for malicious code, you can activate MalCare on your site. It will run an automated scan on every file and folder. If it detects malicious code in the theme, you can instantly clean it.

How Are WordPress Themes Infected With Malware?

Every WordPress site uses a theme. Themes enable the site owners to build professional-looking websites without knowing how to code or hiring expensive developers. In fact, the abundance of theme choices is one of the main reasons why WordPress is such a popular website-building platform with over a billion active websites.

On the flip side of the coin, you’ll find that themes are also the one of the most common reasons why websites get hacked. If you install an infected theme on your website, it makes your website vulnerable. Hackers can exploit the infected theme to gain access into your website.

The question is how are themes infected in the first place. Here, are the top reasons for infected WordPress themes:

1) Third-party sources

You can get a theme from the WordPress repository or you can get one from a third-party website or marketplace.

Before we begin, you should know that not all third-party sources are bad. There are premium theme sites that build and maintain their products very well.

That said, hackers also intentionally create websites that offer WordPress themes. These sites are made to look legitimate but carry themes that are already infected with malware. You may be tricked into believing it’s a good theme but once you install it, your site gets infected with malware.

2) Free themes

Premium themes are built professionally and with a lot of care as companies want to create a good name and garner more business.

The same principles may not apply to free products. They may be created by rookie programmers who aren’t savvy with securing their software.

There are often times when such themes become difficult to maintain and as it’s a free service, it’s just not worth the work. In such cases, developers may abandon the theme. This leads to the possibility of security issues and vulnerabilities appearing which can be exploited by hackers to gain access into the site.

When hackers break in, one of the first things they do is inject malware and create backdoors in your theme. This will enable them to access the website remotely.

3) Bundled Theme Solutions

Some themes come with plugins pre-installed to increase responsiveness and add functionality. These are referred to as bundled themes as they have other software all tied up together as one.

While the theme itself may be clean, there could be a plugin within the theme that’s infected.

For example, recently a vulnerability was discovered by exploit of a Slider Revolution plugin. Many themes offered the plugin as part of their package. However, many site owners were unaware that this plugin was a part of their theme and active on their site. Slider Revolution fixed the issue and released an update. If a site owner was using a theme that had this plugin bundled in, they couldn’t update it themselves. Only the theme owner could update the plugin. This left many WordPress sites vulnerable till theme owners updated it.

4) Theme Editor

We have been working with WordPress websites for over a decade and many times we’ve come across infected WordPress themes wherein the source of infection was not the theme itself. Hackers had already broken into the website and then infected the theme.

This can easily be done using the WordPress Theme Editor on the dashboard.


This feature is made available for developers to easily make changes to the coding of themes. However, it is also exploited by hackers to infect your website. We’ll discuss how to disable this feature in a later section.

Impact Of An Infected WordPress Theme On Your Site

Installing an infected theme on your WordPress website could lead to devastating consequences. It could damage your site which could have a negative impact on your business and your revenue.

1. Direct Impact

When hackers infect your site, they carry out malicious acts such as:

    • Stealing Visitors – One of the most common things hackers do is redirect your visitors to their own sites. These sites are usually phishing sites designed to steal the visitor’s personal data. They could also be adult sites, or online stores that sell counterfeit products.
    • Stealing Data – Hackers can steal login credentials, credit card payment information, or even personal contact information of your customers. They can sell such data or use it to run more malicious schemes.
    • Integrating Unwanted Ads – Hackers hijack your advertisement spaces and display their own ads. Here too, these ads could lead visitors to malicious sites, adult sites and the like.

2. Impact on SEO

    • Slow Website – In order to run their malicious acts, hackers use your website’s resources. This puts a heavy load on your server and will bring down your site’s performance and cause it to slow down.
    • Drop in SEO Rankings – Getting to the top of Google’s SERPs (Search Engine Results Pages) is no easy task. It takes constant effort to achieve SEO ranks. One of the ranking factors is the speed of your site. When Google detects that your site is slow, your ranking will drop. Plus, if your visitors are being redirected, it will cause a severe loss in traffic as well.
    • Google Blacklist – Next, Google and other search engines crawl sites regularly and if they detect such code on your site, they immediately blacklist your site. They display a warning to visitors that your site is infected in order to protect them.

3. Web Host Suspension

Once your hosting provider detects malware on your site, they will suspend your account and take your site offline.

They do this because hackers always use your server resources to run their malicious activities. Not only will you reach your server resource limit, it will also impact your server’s speed and performance. If you’re using a shared server, your site could bring down the performance of the other sites on the same server.

Many hosts have very strict policies against malware and may permanently ban your site from their platform if you have multiple instances of website hacks.

4. Brand Image and Reputation

Needless to say, when visitors are defrauded and duped by hackers on your site, they will lose the trust they have in your brand. It’s likely that many visitors won’t return to your website.

Thus, it’s so important to use only trusted themes on your WordPress site. So without further ado, let’s proceed to scanning WordPress themes to ensure their safe to use.

How To Scan WordPress Theme For Malicious Code

There are two ways you can scan a WordPress theme:

A. Using a plugin or a tool – There are plenty of tools available in the market to run an automated scan on a WordPress theme. Not all of them run thorough scans that give you reliable results. So choosing the right one becomes difficult. We’ll discuss the ones we think are best tools based on ease of use and reliability. You can use MalCare WordPress Malware Scanner.

B. Manually – This process requires technical expertise. It is a long process and is not always efficient. However, if you’d like to learn the process, we’ve detailed it here.

A. Scan a WordPress Theme Using an Automated Tool

There are two instances where you would need to scan a WordPress theme:

    1. Scan a theme that is already installed.
    2. Scan a theme before installation.

We’ve detailed the tools you can use in both cases.

1. Scan a theme that is already installed

You can use any WordPress security plugin to scan your website to check if there is any malicious code on your site.

We recommend using the MalCare Security Plugin because, or you can check our top WordPress security plugins here.

    • It’s reliable and guaranteed to find any kind of malware.
    • It’s very easy to use and doesn’t require any technical expertise.
    • You can scan and clean your WordPress theme using a single tool.
    • After the scan, it continues to monitor and protect your website from hackers.

Here’s how to use the MalCare’s malware scanner and malware removal plugin on your WordPress site.

(a) Install the plugin on your WordPress website

Malicious Code, WordPress

  • Created on .
  • Hits: 18756