How to check wordpress theme for malicious code

As we all know, WordPress is currently the most popular website management system in use. It is one of the most popular content management systems (CMS).

Did your WordPress blog ever hacked?

Do you know how to check your wordpress theme for malicious code?

9 WordPress Plugins

Help You To Detect Malicious Code

In Your Website/Blog

1. Theme Authenticity Checker (TAC)

TAC stands for Theme Authenticity Checker. TAC searches the source files of every installed theme for signs of malicious code.

If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code.

Scan all of your theme files for potentially malicious or unwanted code.

2. Exploit Scanner

This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.

3. Sucuri Security

Sucuri is a globally recognized authority in all matters related to website security, with specialization in WordPress Security. The Sucuri Security WordPress Security plugin is free to all WordPress users.

4. Anti-Malware


  • Run a Complete Scan to automatically remove known security threats and backdoor scripts.
  • Firewall block SoakSoak and other malware from exploiting Revolution Slider and other plugins from known vulnerabilites.
  • Upgrade vulnerable versions of timthumb scripts.
  • Download Definition Updates to protect against new threats.

Premium Features:

  • Patch your wp-login and XMLRPC to block Brute-Force and DDoS attacks.
  • Check the integrity of your WordPress Core files.
  • Automatically download new Definition Updates when running a Complete Scan.

5. WP Antivirus Site Protection

WP Antivirus Site Protection is the security plugin to prevent/detect and remove malicious viruses and suspicious codes.

6. AntiVirus for WordPress

AntiVirus for WordPress is a easy-to-use, safe tool to harden your WordPress site against exploits, malware and spam injections.

You can configure AntiVirus to perform an automated daily scan of your theme files and database tables.

7. Quttera Web Malware Scanner

The Quttera Web Malware Scanner plugin will scan your website for malware, trojans, backdoors, worms, viruses, shells, spywares.

And other threats as well as JavaScript code obfuscation, exploits, malicious iframes, malicious code injection, malicious code obfuscation, auto-generated malicious content, redirects, hidden eval code and more.

8. Wordfence

The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.

9. Wemahu

Wemahu is a crowd powered malware scanner for wordpress. The component can help to find malicious code within a “hacked” wordpress installation.

This project has been discontinued and is no longer maintained. You should switch to another plugin!

Related Reading:

5 Easy Tips to improve the Security of WordPress

can’t login to wordpress or forget wordpress password

Related Posts

How To Make Your Own WordPress Blog