Scan Your Blog Security To Ensure No Malicious Code Inserted Inside WordPress Theme

There are more than thousand WordPress themes around the Internet. You can find your answer by a simple search query. However, is that kind of free stuffs good and security enough to use? I have read many sources related this problem and in my opinion, the answer depends on your case!

If you can not afford to buy a premium theme, using a free WordPress theme is unavoidable! There are many sources to grab a free coat for your baby. They can be good or bad, nice or ugly in terms of design and style etc… but at first, it seems all bloggers love them and give much of credit. However, STOP! your blog might be stolen! Have you ever thought about this critical problem? Here I want to share you a very wonderful, free and effective solution to avoid the unwanted disaster!

Though WP is secure and reliable, there are many reasons that lead your blog to be stolen. Theme is one of the major ways hacker use to exploit your blog. In addition, some WP theme creators even insert malware or malicious injection code.

1. Antivirus for WordPress

As a regular blogger, we can not check the theme manually, so in this case AntiVirus for WordPress plugin is a smart and effective way for you.

Here are the main features:

  • WordPress 3.x ready: Design as well as technical
  • Detect the current WordPress permalink back door
  • Quick & Dirty: activate, check, done!
  • Manual testing with immediate result of the infected files
  • Daily automatic check with email notification
  • Whitelist: Mark the suspicion as “No virus”
  • Clean up after uninstall the plugin
  • English, German, Italian, Persian, Russian

Using this plugin is very simple. All you need is download it (here), upload via FTP or your Dashboard, then Activate it and start to scan your WP. The scan task time span is only few minutes and the result will show about your blog. Here is a screen shot.

antivirus plugin for wp

Then hit the Scan the them templates now.

antivirus plugin

Here is the result. My Premium WordPress Theme (I am using Thesis) is safe, of course!

wordpress security

If there is any problem, your will be noticed and then, the next step is remove it from your server and install a new trusted one.

Small tip 1: You should download and install free WordPress theme from reliable source. I recommend you to find a suitable WP theme on

Small tip 2: Do not hesitate any more. Purchase a premium WP theme such as Thesis them, Genesis them or Theme-Junike. They are cheap but offer you lots of feature and various supports and most important SECURE!

Download AntiVirus for WordPress

2. TAC (Theme Authenticity Checker)

TAC stands for Theme Authenticity Checker is very renowned plugin in security category. Its task is very simple: scan your WP theme and make sure your theme does not have any malicious code. As TAC creators introduced: free WordPress themes sometimes have been inserted malicious code and average end users need a smart by easy to use solution to analyze what are happening with their WP theme.

After installing this plugin, visit Appearance setting section. Click on TAC as the image below:

scan wp theme

If the WordPress has malicious code, there will be a notification like the image below: (I have checked on another blog and amazingly, almost free WP themes have malicious code). In total 17 free WP themes, there are only 5 themes are free of malicious code, meaning 12 free WP themes have–>70%. BE CAREFUL!

malicious code WP theme

Small tip 3: After using the two plugin I mention in this article, you can inactivate it or even uninstall it to make your blog runs as  regular.

Small tip 4: In case you are using a “free” premium WP theme which you download on the Internet or receive it from free, take care your blog with the plugins.

Download Theme Authenticity Checker here.

About Daniel Kopetski

Hi there, I am Daniel Kopetski, a geek and hi-tek enthusiast. Maintaining StarBlogger is one of my hobbies. Here, I want to cover as many as possible topics that are related to Web 2.0, Internet Trends, WebApp, Freebies stuff and Blogging Tip as well.


  1. I haven’t heard abut an Anti-Virus for WordPress.. I have used TAC to check my Blogs..Thanks Daniel for sharing it..

    • This is the problem many new bloggers do not know and I hope this tiny piece of information will bring little benefit to them. BTW, I haven’t ever thought 12 in total 17 themes I have installed on another blog include malicious code. In short, they are stealing our back link. Thanks to free stuff and we should give them a few credits but it is unacceptable with this problem. They steal back link and sell on market!

      • I even was shocked seeing this result from TAC.. even one Premium theme also had some backlink codes which TAC found out..

        • LOL. Perhaps you get this from untrusted sources. What will you do now mate?

          • Daniel,
            Many theme designers include a backlink to themselves, as the original designer. I’ve read that this is very common and is similar to a copyright notice. Most designers will permit someone who downloads one of their themes to remove the code for a small fee. Is it possible that this code is often mistakenly identified as malicious by the virus scan?


  2. Just scanned my blog, it’s cleaned.

  3. I just got a message from Google through the webmaster tools that one of my sites has a fishing page. Its a WordPress install and the address they show does not exist in the physical folders on the drive. I am assuming it is something that Hostgator provides for webmasters to add on services. But maybe the site has been hacked. I will have to scan.

    • I JB! I think you should first back up your data and code, then remove all of the code, reinstall and backup data. It is sometime we download a plugin or theme from untrusted sources. Thanks for dropping by!

  4. Hi daniel,
    Thanks for bringing this to everyone’s notice. I’ve never heard of the concept of anti virus for WP blogs until now. I will remember to do this when I use a free WP theme.

  5. I have currently installed Tincredible in which I have found many Malicious Codes but TAC could not find any of theme. I have checked all the files manually and removed the codes. I think TAC is a useless plugin.

  6. Sorry I forgot to mention Tincredible is a theme which I have installed on my blog.

  7. Hi Daniel.

    I wanna asked. I’ve got alert from Antivirus at my mail. This message like this. Do you know how to remove it? is it Antivirus automatic will remove it? Thank’s

    • Hi Dimas! You are welcome! I cannot see the image so to be honest, I am not able to give you some advice at the moment. However, I think if you downloaded the free theme from a well-known creator, you have not to worry. Otherwise I suggest you replace the theme with a premium one, specially you are seriously blogging.

      • Hi Daniel. Well, when i clicked the link, suddenly goes to my Home blog. It’s never goes to the target. About my blog theme, i buy it from Themeforest. As far i’m using it, my blog were attacked by SQL Injection and Directory Traversal. I’m contact the SEOegghead, they never respond my message. Do you have some suggestions?

        • I think if you have purchased a premium theme from a well-known WP theme creators, perhaps there will be no problem related to it. Maybe one of your plugin has been infected by malicious codes or so. In this case, I think you should: backup your database, reinstall a fresh WP code, re-download the theme from Themeforest and only install reliable plugins.

          If there is no improvement, I think you should make a switch with the current hosting provider, especially in case you are using shared hosting account. Nice to hear your response.

  8. this is good to all WP theme users this plugin was very useful thank you Daniel .

  9. I recently used this TAC theme its really good working,I have checked all the files manually and removed the codes. I think TAC is a useful plugin.

  10. Thanks, this is really useful info, cause i think it’s not enough when we just scan our sites with Virus Total or URLVoid. Also, i worried about my wp theme have some codes cause downloaded it from untrusted source

  11. Are there any similar plugins or anything else to check the plugins also for malicious code?

  12. A lot of WP theme for free are FULL of malicious code… you better download always official free themes in my opinion. Thanks for this interesting content :)

  13. After I scanned my blog using this plugin, I received color yellow mark which says require_once as the diagram shown above, but it says no virus, so I just updated my theme “twenty eleven” and started to scan again. All of the templates turn green.. Sometimes we need to update our theme and the wordpress itself.. This plugin is very useful for me since I use this..

Speak Your Mind