- Checking your WordPress website for malware
- Using anti-malware WordPress plugins
- Using anti-malware online services
Checking Your WordPress Website for Malware
If you’re low on budget, you probably will look for free WordPress themes for your website. And in free themes, received from untrusted websites, you can often find different malware files and unpleasant code. Even in
Even in themes, you get from resources that have proven to be secure, you can run into the advertising code (adware) or links to various unwanted websites. And you’ll have no idea about them until you go through your template code manually. Typically, adware code is located in the files called “index.php” and “footer.php”. If you’re an experienced webmaster and understand the basics of HTML and PHP, then you can check these files using some code viewer.
But doing that may not help, because most malicious links will be hidden (encrypted) and you’ll never determine where exactly their code is located.
Using Anti-malware WordPress Plugins
The first way to scan your WordPress-based website or separate themes for malware is WordPress plugins. Here are few of such plugins:
Theme Authenticity Checker WordPress plugin (TAC). This simple plugin checks all your WordPress files for a harmful code. The plugin detects hidden encrypted links and displays detailed information about detected problems.
AntiVirus is easy to configure WordPress plugin that looks for suspicious code in your files. This plug-in can be configured for automatic daily scanning and notification of detected potentially dangerous code (including by e-mail). The only downside is that it scans only the active WordPress theme. Your inactive installed themes won’t be tested.
Exploit Scanner WordPress plugin is the most powerful way to get rid of various types of malware, but it’s more suited for advanced users. If you have no experience in PHP coding, it’s better not to mess with it. This plugin is really paranoid since it’s so suspicious that it puts everything in doubt. But if there’s a problem it really helps to figure out what’s going on.
Using anti-malware online services
The second way is to use special services that will scan your WordPress-based website for viruses or to check only installed themes. Here are some of such services:
- Virustotal.com is a well-known resource where you can check your website files for viruses.
- Themecheck.org You can upload the theme archive and you’ll see all the warnings about possible malicious code that is found in it. You can also see info about other archives uploaded by other users.
- Google Safe Browsing. Few people know that their favorite search engine can provide a special API for checking sites for malicious code, but it does.
P.S. Just to make sure you get WordPress Templates in right place.