Apart from Official WordPress repository, there are hundreds and thousands of websites that provide free WordPress Themes and Plugins but the problem is that you can’t trust them always. Yes, most of them add a malicious code to themes and plugins which are not too easy for you to find out. Before learning about the cure let’s discuss the cause. Here is why they add their custom or malicious codes
- To get a backlink from your blog unknowingly.
- Have access to your blog.
- Redirect your blog to spam links.
- Add their advertisements and banners or to simply get your website down.
Did you wonder what triggered me write this article? Yes, I too fell prey to these free plugins. A few days back, I was desperate to download a very famous premium plugin from a nulled site and after installing it on my blog I got to know that the plugin was infected and it redirects my blog to a spam blog. I immediately disabled the plugin and checked for the code that caused the redirection in plugin files. After an hour I found the code and immediately removed it [ I don’t use that plugin anymore].
This incident taught me very important thing. Never trust nulled WordPress plugins and themes. However many of you might want to use those nulled or free plugins and themes for God’s Sake, If you are one of them then read the remaining article.
How To Detect Malicious Codes In Nulled WordPress Themes
After downloading the plugin or theme, The first thing you should do is to check for virus, trojans and other worms that you may not like. Check for Virus and Trojans
- Go to VirusTotal.com and upload the zip file to check for the virus.
- If your file is infected you will get a red signal and if not then you can move on to next step.
Check for unwanted codes in Plugins
Now let us check for unwanted codes in plugins using another WordPress plugin called Exploit Scanner, which can be securely downloaded from WordPress website.
After installing it go to Dashboard >> Tools >> Exploit Scanner and run the scan. It will take some time to complete the scan and the time depends on the number of plugins you have installed.
After the scan, you can see a list of codes that are suspected. You can use the browser search function to find the plugins that you installed from outside WordPress repository.
Themes Authenticity Checker (TAC) is also a great plugin that detects malicious codes in your overall website. It’s very rare to get hacked unless you make mistake. So, security is in your hands; Either act wisely or get fooled easily. Enjoy!