WordPress themes are an amazing feature which comes with creating websites on WordPress. If you are not someone who knows the ins and outs of coding, then creating a professional looking website is still easy for you because of WordPress themes. Without fumbling with the codes, you can use themes instead to create amazing websites.
WordPress is one of the most used CMS because of thousands of themes available for it. There are various premium and free themes available for the CMS. However, a major reason for sites to malfunction and get hacked are themes themselves. While it is hard to resist nulled versions of premium themes, they often come with malicious codes.
If by any chance you install malicious themes on your site, it will be open for hackers to attack and conduct various malicious activities. They can redirect your traffic to another website, sell them fake products and even extract personal information of your visitors. This can seriously impact the rating and SEO of your website and websites hosted on your shared server. Google blacklists websites with malicious codes and your web host might even suspend your account if you use a shared server.
You can scan your themes for malicious codes to avoid any harm to your website and your visitors. If you have already installed a theme or you are yet to install one, you scan both of them for malicious codes. This can be either done using plugins or manually. In this guide we will be discussing both the methods.
How can malicious themes impact your website?
WordPress is the most popular website builder and CMS because of an array of themes that are available for it. Using in-house themes of WordPress is safe but when it comes to using 3rd party themes, you need to be careful. There are some great third-party marketplaces to buy some really awesome premium themes. However, using themes from inauthentic sources specially made to dupe developers can be a big problem. You can look for in-house themes at WordPress.org theme directory or look at marketplaces like Themeforest. You can find personal, blog, ecommerce, and portfolio WordPress themes which are pretty decent and safe to use.
Where free themes are irresistible, you must be also careful before using any free theme. Generally, hackers crack these themes to create backdoors to secretly access your website and conduct malicious activities. Since, there is no incentive for developers to create free themes, these might not be secured properly and might have vulnerable codes.
A few common ways it can affect you is as follows:
- Reduce visitors: Hackers can redirect your traffic to other websites they gain access to your site. They can sell fake products to these visitors or phish their personal data.
- Reduce SEO ranking: Hackers might use your websites resources resulting in slow loading speed. This will definitely drop your SEO and also expose your site to more serious damage. If your site is slow, then google will rank it low. It will also be irritating for the visitors. You can even get blacklisted by google for having malicious codes on your website.
- Suspension of web hosting account: if your website has malware, then it reduces the speed of your site and also affect the speed of the websites that share your same hosting. To prevent it, web host provides usually suspend your account and have strict rules against malicious websites.
How to scan your themes for malicious cod
There are two methods to look for malicious codes in your themes. Either you can look for them manually, which is a long and complicated process or you can use plugins to make the job easy. There are so many plugins out there claiming to do the job but you must be careful about which plugin you use.
We will discuss about some of the most popular and reliable plugins that you can use and also the manual methods to scan your theme for malicious code.
Manual method to detect malicious codes
Usually hackers disguise their codes which makes it difficult to identify. It is extremely difficult to scan for malicious codes manually. You have to go through line by line throughout the code to identify for malicious code lines.
Thus, using a plugin is more feasible. However, if you wish to do it manually, you can follow the steps given below:
- Download the zip file of the theme from the WordPress repository or the third-party site that is offering the theme.
- Unzip the file into a separate folder on your computer system.
- Open every file in this folder and check for suspicious code such as ‘eval base64 decode’.
- Upon finding these keywords, you will need to investigate whether the code is legitimate or malicious. This requires technical expertise.
Use plugins to look for malicious codes
Using a plugin is more reliable and feasible. The plugins run an automate scan on your WordPress theme for malicious codes. Since there are thousands of plugins out there, it can be a little difficult to chose the best of them all.
1. Wordfence Security
Wordfence Security is an amazing tool that will make it super easy for you to scan your themes for malicious codes. Wordfence scans your plugins and themes and can tell if your website is affected by bad quality code by doing a deep security check.
The plugin is competent to block entire malicious networks and safeguards your website against known attackers using gathered experience.
2. Virus Total
Virus total is an awesome tool that lets you scan the themes before installing them. Once you install the themes, certain codes can create a backdoor for hackers to access your site secretly. Thus, it makes it crucial to scan the theme before installing it and Virus total does the exact thing.
You can simply upload the zip file for your theme and tool will scan it for any malicious code. You can use this site to scan for malware in WordPress theme since you can see a detailed report of a particular zip and see previous scan that have been carried on this file. This helps you to make an informed decision before you install WordPress theme.
A malware ridden site will bring down your SEO and can potentially harm your visitors. For your business and for the safety of your clients, it is important that your themes are not the source of threat.
Malicious codes might not be very obvious in the beginning but will damage your site and reputation pretty soon. Make sure you keep your themes updated to the current standards. Use these tools to scan for any potential threats and keep your site and your visitors secured.