How to Scan WordPress Plugins and Themes

How to Scan WordPress Plugins and Themes for Malware and Viruses

In WordPress Security by Fathi Arfaoui0 CommentsLast Updated: April 10th, 2018

Want to scan the WordPress plugins for malware and virus? And also, you need to verify the theme files and remove any malware that’s hidden in the code? Or maybe you found a good theme for free, and you want to check it for possible threats to your site? So, keep reading, after following my tips and recommendations, you’ll have the best WordPress protection against malware and virus.

To protect your WordPress site from potentially malicious codes and viruses, you need to verify each plugin before installing it. This can be done by installing the most rated ones, but once you have the problem, it’s too late to protect yourself. Today, I’ll show you how to scan WordPress for malware using simple and free tools to protect your website and make it clean all the time.

One of the main reasons why I recommend buying a premium theme is that you protect yourself from unknown sources where you download free plugins or themes. You should make sure that your theme is clean from links and hidden codes. Now, let’s find out how to scan WordPress for Malware.

Best way to scan WordPress themes

There are many tools to scan your WordPress theme. But the best way is to scan the theme file before uploading it to your site. So, make sure to take a virus test with Virus Total which is a free professional tool that use all the popular security programs to check the theme.

This tool checks the file separately for over 49 antivirus and malware checker programs and gives you a red signal if any of those programs find a virus or hidden codes. This tool works for any type of files, not themes only, so use it when you need.

scan wordpress site for malware

The next step after uploading the theme is scanning it directly after the activation. You can install the Theme Authenticity Checker (TAC) from the WordPress directory. It’s one of the most popular plugins used to scan the themes. The TAC plugin will show you any hidden link found in the theme.

Related:  How to Change the WordPress File Permissions in cPanel or FTP

Best of all, it will scan all your themes in a few seconds. If the theme is clean, then you get a green “OK” near the theme thumbnail. It’s an online tool to scan your website for malicious code.

The AntiVirus is another tool to scan WordPress files for malware. The plugin you need to install, there are over a half million downloads for it. It scans your theme files and shows you any problem. All you have to do is install, activate it, then run a WordPress theme scan. Next, from your “Settings” menu, clean theme files will be shown in green.

These free tools will verify your themes and take the website security to a better level.

Scan WordPress plugins and the entire website

To scan your blog plugins, you can start first with Virus Total before the upload, but then you need some specific plugins to search for malware and viruses.

1. Scan your WordPress website with Wordfence Security

This is the top WordPress security plugins that you should install without a doubt. In addition, Wordfence is not a regular plugin that scans your website. But, it will do what you can imagine, to protect your website.

For example, if a plugin author adds a single letter in the plugin files just for an update. You will get an alert from Wordfense telling you about the exact location, and the line where there is a modification in the plugin. Not all the security plugins can do that. At the same time, this plugin will scan your entire website every day.

If there is a new version of a plugin and you need an update. The tool will Scan the WordPress core and file for Malware and it will send you an email about the plugin that needs updating. All the website files will be scanned periodically. If there are new attacks, the plugin will update your security automatically.

Related:  How to Enable HTTP Loopback Connections in cPanel for WordPress

By the way, the plugin author is really active and send an instant email to webmasters when there is a new attack around the world. So, they compare the average attack number and alert people when an automatic manipulation detected from servers.

If you have problems with some IP or networks, you can block them with WordFense. It’s a powerful tool to protect and scan your entire website, in other words, it’s a plugin that every website should have.

2. Scan WordPress themes with Anti-Malware

Anti-Malware is a free WordPress malware removal plugin with powerful functions. It scans WordPress for Malware, threats, and vulnerabilities in the server. In addition, it shows you a summary after the scan. If the site is OK, you see all in green. The best part of this WordPress security plugin is to remove Known Threats.

So, you don’t need to search if what you see is normal or problem after the scan. They get signals from their network and mark the common viruses as “known”, to remove them automatically after verifying their hidden codes.

If there is a new information about new threats and malware. So, the WordPress anti-malware plugin gets the update automatically, you can edit the scan settings or even run a scan from your dashboard.

3. Scan WordPress plugins with Sucuri Security

The Sucuri Security is a WordPress malware removal service that will take care of your plugins, and websites in general. In addition, it’s a great work will be to scan all your plugins, and search for hidden codes where your files can be opened without your permission.

This is the best way to remove malware from the WordPress site. Furthermore, the plugin checks the website files for malicious redirects and PHP scripting that can affect your website. This plugin gets details about any attack from different sources and compares results with theirs. So, make sure to install this free plugin and run a scan.

Related:  How to Hide the WordPress Theme Name from the Source Code

4. Scan plugin and themes with Exploit Scanner

Exploit Scanner is a WordPress malware scanner and it’s known for searching for the “hide” functions in WordPress. People can insert their malware and hidden them with known options. So, this plugin understands exactly who they hide codes in your website and find them. Best of all, it shows you the hidden function.

Please don’t confuse the normal hide option in your theme and normal functions with the others. You will get many of the alerts, and you should delete only codes with URLs or negative impressions.

These are the most important tools you need to scan your site for malware, and other types of viruses. They can be installed instantly from your Dashboard, and you don’t need to pay for that great security level. Of course, some of them offers an upgrade for more special operation, because their server will take more resources with advanced protection.

Please remember to install only trusted plugins and themes. There are popular companies that you can search for themes or plugins. They secure your website and never add hidden codes like unknown sources. If you don’t care about your blog, you will be a victim of many attacks, and you should avoid that by installing verified plugins in your WordPress site.

Have you tried any other way to scan your WordPress website for malware?

Leave a Comment