How to Detect Malicious Code in Free and nulled WordPress Themes and Plugins?
Introducing several tools to identify malicious code, and 3 step method to Find malicious code or unwanted backlinks from nulled or Free WordPress themes and plugins that are downloaded From any unreliable Website.
Apart from Official WordPress repository there are hundreds and thousands of websites which provides free WordPress themes and Plugins but the problem is you can not trust them always. before to buy any premium theme, Most of them add a malicious code to themes and plugins which is not too easy for you to find out.
On one hand, buyers who like to test drive any theme or plugin to understand its functions and features. Unfortunately not all theme sellers does offer such a feature like Themeforest, creative market so on.
However many of you might want to use those nulled or free plugins and themes for test before buying!, If you are one of them, read the remaining article!
Some Aims to create malicious code (by Hackers)
- To get backlinks from your blog unknowingly.
- To get access to your website.
- To redirect your website to spam links.
- To add their advertisements and banners.
- or to simply get your website down.
*Not only free themes and plugins also the premium Nulled plugins and themes that you have download from Warez and torrents may also infected by malicious codes.
First) Always install Nulled Theme/Plugins on a TEST Server, Never install on your main website. (for local test use Wamp server or Xampp server)
Second) Wait for at least 2-7 Days before migrating site to the main server.(While Site is installed on the test server, using these 3 Step below. you can keep your Nulled Themes or Plugins 100% Virus/Malware Free)
Step 1- Detecting Malicious codes
After downloading the plugin or theme,The first thing you should do is to check for Virus, Trojans and other Worms that you may not like it.
Go to VirusTotal.com and upload the zip file to check for virus. (VirusTotal sometimes finds fault with ZIP files.! A better way is the install theme/plugin on live test server and use VirusTotal online web checker.)
If your file is infected you will get a red signal and if not then you can move on to next step.
Step 2- Check for Unwanted Codes in Plugins
Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers. Exploit Scanner, which can be securely downloaded from WordPress website.
- Download and unzip the plugin.
- Copy the exploit-scanner directory into your plugins folder.
- Visit your Plugins page and activate the plugin.
- A new menu item called “Exploit Scanner” will be available under the Tools menu.
After the scan you can see a list of codes that are suspected.You can use the browser search function to find the plugins that you installed from outside WordPress repository.
Note : This plugin will also scan themes but you might to be interested to try the tip that I am about to give next.
Step 3- Check for Theme Authenticity by TAC
TAC stands for Theme Authenticity Checker. TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code, Adding a backlink in a free theme is very common technique but you can easily find those exploited themes by the plugin called Theme Authenticity Checker (TAC).
After downloading and extracting the latest version of TAC:
- Activate the plugin through the ‘Plugins’ menu in WordPress
- Go to Appearance -> TAC in the WordPress Admin
- The results of the scan will be displayed for each theme with the filename and line number of any threats.
- You can click on the path to the theme file to edit in the WordPress Theme Editor
Some Online tools to find the Malware and Security Scanner:
Some WordPress Plugin to find the Malware and Security Scanner:
Always monitor your Host Cpanel, Too much use of resources it may be caused by malware !.
After installed new Theme/Plugin, check your website Speed and Number of Request, use Gtmerix or Pingdom tools
Statistical comparison of before and after installing a plugin/theme and see a large increase in requests, Show that Something is Wrong.!!
*Its very rare to get hacked unless,We make mistake.! Good Luck