How to Check your WP Theme for Malicious Codes
There are tens to hundreds of different WordPress themes being created each day.
Different themes can be found on official repository of WordPress themes, companies and theme designers’ blogs, different webmaster forums and other blogs and websites. One might even say that there’s an oversupply of WordPress theme, and with that follows the risk of downloading and using a theme that is infected with malicious code or even Trojans and other executable files.
So you might ask why would people put malicious codes on your theme and why do you need to check it?
Here are a few reasons:
Stealing Keywords
Keywords are the gem of Internet Marketing and SEO. Marketing and SEO strategy starts with the right keywords, and some people don’t want to spend time and effort on finding these gems, they rather steal them – just like in the real world.
Affiliate Links
In the mind of these hackers and people who would put those malicious codes on your template, the manner on how they can receive conversions and sales don’t really matter, as long as they get their commissions, so they will stuff your pages with affiliate links in hope that your readers would buy products through their links.
Advertisement
A lot earn from advertisement and these sneaky people can put codes that will show their ads on your pages, without you even realizing it.
Link Insertion
People can get links from your site without your permission through these malicious codes. These can be used to build up PR or simply increase their backlinks. Why there’s nothing wrong to link out to the creator of the theme it could be dangerous to your website if the link points to a bad neighborhood like porn and gambling.
General Hacking
Your theme is stored on themes folder but some scripts can be run to access your database information, which includes database username and password and if the hacker’s really skillful, you’ll just be surprised to find that you hosting account now harbors websites and blogs other than yours.
So if you’re convinced now that you need to if the WordPress theme you’re about to use or your already using is clean read on.
Opening Theme’s Individual Files
You can manually check your theme’s individual files and see the codes and if you find encrypted codes, encoded javascript or function calls that points to other websites then you could be in trouble.
You can easily open your theme folder and select all your theme files which should be in .php format and open them. I use Notepad++ for this but you can also use other programs like jEdit or the classic Notepad. There should be nothing on it except .php files, your css, and few image files and in rare instances javascript files. If you find other file formats on your theme folder then you may want to investigate what that file does.
Here’s a great tool that you can use to decrypt a javascript: http://www.vincentcheung.ca/jsencryption/
Of course this method is daunting and I usually only do this when I need to customize a theme for a certain campaign. I download my themes only on trusted sources so I know I’m pretty sure there’s nothing bad on the theme, but of course quick browsing of the theme files won’t do you any harm.
Running the Theme on Local WordPress
If you have a WordPress installation that you run locally you can activate the theme you want to check. Once activated, check the main page, single post page, archive and other pages to check for malicious codes and links. A simple search for the keystring “a href=” can make you aware if your theme points to a bad website, if it does, you can edit corresponding theme file or simply opt to use a different theme.
Using WordPress Plugins
This plugin scans your WordPress installation, including the themes for viruses. Having this plugin increases overall protection of your blog. It can do manual checking of your WordPress files and can also do daily automatic checking so you won’t have to worry of virus injections on your blog.
Fromg the Plugin’s page:
AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections. AntiVirus protection for your blog.
TAC (Theme Authenticity Checker) WP Plugin
Using this plugin is pretty easy. If you’re having problems
installing and using this one, don’t hesitate to email the
developer or me, I’d be happy to answer your question
if I have the time.
From the Plugin’s page:
What TAC Does TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
Theme Check is another WP Plugin that can well, check your theme. It isn’t really a tool to check your theme for malicious codes but I found out that these malicious codes often affect the integrity of the theme’s core files and checking whether the theme is up date with the correct theme standards can potentially tell you if the theme has been compromised.
From the Plugin’s page:
The theme check plugin is an easy way to test your theme and make sure it's up to spec with the latest theme review standards. With it, you can run all the same automated testing tools on your theme that WordPress.org uses for theme submissions. The tests are run through a simple admin menu and all results are displayed at once. This is very handy for theme developers, or anybody looking to make sure that their theme supports the latest WordPress theme standards and practices.
Using AntiVirus Scans
This is actually basic. Everytime you download a file, scan it. You can use your anti-virus scan on your desktop. If you don’t have one I suggest you get one fast. You can also opt for online virus scanners like VirusTotal.
You can also opt for Web Hosts that can offer protection for your website and blog against hackers and viruses. If your super cheap web host fails on this aspect then think again, you will certainly lose more money in the future.
I think I forgot to mention that I have personally come across a few themes that contain malicious codes. There is this one theme that used an encrypted code for Link Insertion to a gambling website, there was also one that pulls a php file from his website to display ads on my sidebar. How about you? Share your experiences below.
Categorized Under
Related Posts
-
How to Check your WP Theme for Malicious Codes
There are tens to hundreds of different WordPress themes being created each day. Different themes can be found on official repository of WordPress themes, companies and theme designers’ blogs, different…
-
What To Do When Your Blog is Hacked – Steps In Recovering Your Hacked WordPress Blog
Getting hacked is perhaps among the worst nightmares of every blogger and Internet Marketer. Getting hacked is almost synonymous to getting your business robbed and in a few instances burned….
-
WordPress vs Blogger and their Pro Blogging, SEO and Social Media Advantages and Disadvantages
Which is better, WordPress or Blogger? This is an age old question and I first asked and encountered when I was just starting. Finding the answer to that question was…
Last updated by at .
I generally use TAC and if I find a base64 encrytion, I stay away from the theme. There is no reason whatsoever for theme creators to use encryption of they have nothing to hide.
Hi Rothman, theme sponsors often require their links be encrypted so they won’t lose their investments. :)
I always do a virus scan right after downloading something. It’s an SOP everyone should follow.
Thanks for sharing this Kim! I never knew that there are more great tools to secure our wordpress sites! I’m going to use TAC and AntiVirus from now on…
I didn’t even know this could happen… I am going to start scanning and being more aware instead of just downloading themes like mad… Thanks for the post!
[...] is open source. And that openness extends to people who want to hack (whether for profit or just because they can) WordPress. It’s a common problem on the Internet [...]
i never know about this TAC until now. i only do anti-virus scanning right after download. gee thanks..