Scanning Your WordPress Website For Malware

  1. Checking your WordPress website for malware
  2. Using anti-malware WordPress plugins
  3. Using anti-malware online services

Checking Your WordPress Website for Malware

Checking website

If you’re low on budget, you probably will look for free WordPress themes for your website. And in free themes, received from untrusted websites, you can often find different malware files and unpleasant code. Even in

Even in themes, you get from resources that have proven to be secure, you can run into the advertising code (adware) or links to various unwanted websites. And you’ll have no idea about them until you go through your template code manually. Typically, adware code is located in the files called “index.php” and “footer.php”. If you’re an experienced webmaster and understand the basics of HTML and PHP, then you can check these files using some code viewer.

But doing that may not help, because most malicious links will be hidden (encrypted) and you’ll never determine where exactly their code is located.


Using Anti-malware WordPress Plugins


The first way to scan your WordPress-based website or separate themes for malware is WordPress plugins. Here are few of such plugins:

Theme Authenticity Checker WordPress plugin (TAC). This simple plugin checks all your WordPress files for a harmful code. The plugin detects hidden encrypted links and displays detailed information about detected problems.

Developer: builtBackwards
Price: Free

AntiVirus is easy to configure WordPress plugin that looks for suspicious code in your files. This plug-in can be configured for automatic daily scanning and notification of detected potentially dangerous code (including by e-mail). The only downside is that it scans only the active WordPress theme. Your inactive installed themes won’t be tested.

Developer: pluginkollektiv
Price: Free

Exploit Scanner WordPress plugin is the most powerful way to get rid of various types of malware, but it’s more suited for advanced users. If you have no experience in PHP coding, it’s better not to mess with it. This plugin is really paranoid since it’s so suspicious that it puts everything in doubt. But if there’s a problem it really helps to figure out what’s going on.

Exploit Scanner
Exploit Scanner
Developer: Automattic
Price: Free

wordpress plugins

Using anti-malware online services

The second way is to use special services that will scan your WordPress-based website for viruses or to check only installed themes. Here are some of such services:

  • is a well-known resource where you can check your website files for viruses.
  • You can upload the theme archive and you’ll see all the warnings about possible malicious code that is found in it. You can also see info about other archives uploaded by other users.
  • Google Safe Browsing. Few people know that their favorite search engine can provide a special API for checking sites for malicious code, but it does.

Of course, all these methods don’t give a 100% warrant that everything is fine with your site, so the best way to be sure is to get content from trusted sources like Envato Market or TemplateMonster.

Related Posts

How to Monetize Your New WordPress Website [Expert Tips]

How to BUILD A WordPress Website Using A Free News Theme

Guide to Perform SEO Audit of WordPress Website

How To Add A Favicon To Your WordPress Website

P.S. Just to make sure you get WordPress Templates in right place.

Anton Vosko

Being a part of the TemplateMonster team is a great pleasure. I write about templates, marketing secrets, presentation tips, and different CMS. Hope my articles will be useful to you. If yes - please leave me a comment. Besides that, you can also meet me on Quora.

Get more to your email

Subscribe to our newsletter and access exclusive content and offers available only to MonsterPost subscribers.

From was successfully send!
Server error. Please, try again later.

Leave a Reply