Hackers have been looking for weaknesses to exploit in their effort to infect websites and users’ computers with malware. Hackers have likewise been exploiting WordPress themes offered to bloggers who unknowingly install plugins and code on their websites. Here is advice on how to know if your WordPress theme is safe.
Use Reputable Websites
One of the simplest solutions is relying on websites that test and verify the quality of WordPress themes to find WordPress themes for your own website. There are a few free options on these websites, so you don’t have to trade off cost for quality, or in this case, safety. Note that you’ll want to do an internet search on the quality of the “reputable” website, since they may virus scan the themes for malware but let badly coded products be uploaded as safe.
Manually Review the Theme Files
If you’re looking at the WordPress theme’s associated files, you may be able to see obvious added, malicious files. You could find backlinks to a malicious website when you review the footer.php file or style.css file. However, this isn’t something most bloggers and hobby website admins have the training to do, though someone who has completed an online master of science in information security from Norwich University would.
Virus Scan It
You can run a virus scan of downloads as a check for malicious code. Do this after you’ve downloaded the zip file but before you open it. You can also use reputable antivirus websites to scan the zip file of the WordPress theme. Another option is using the Theme Authenticity Checker to scan the theme for the unwanted code. This is the last resort, though, since you have to upload the theme to your website before you can run the check – and now you have to clean up the website or your system if it did contain malicious code.
If you’ve already installed the WordPress theme and you’re unsure of its safety, use the Google Safe Browsing diagnostic followed by your website name to let them virus scan it. The side benefit of this process is that it can tell the difference between malicious code and merely bad code that causes problems in its own right. Norwich University Online offers training in how to check existing websites and files for malicious code as well as how to debug sites.
A better choice is ThemeCheck; this service can scan for both IT security concerns and bad code. Another benefit of this site is that you can search for the WordPress theme by name and see if others have reported security concerns about it. Security can be used to scan a WordPress theme zip file as well as a website that already has the theme installed on it.
The first step would be to use reputable websites that vet themes as the source of the WordPress themes for your website. Another option is searching the internet to look for complaints about the security of the theme. Manually reviewing the theme file may reveal an obvious hack. Scanning it or using a third-party service to scan it for malicious code is the safer choice.