Wordpress-unwanted-code

Apart from Official WordPress repository there are hundreds and thousands of websites which provides free WordPress themes and Plugins but the problem is you can not trust them always.

Yes, Most of them add a malicious code to themes and plugins which is not too easy for you to find out.

Before learning about the cure lets discuss about the cause.

Here  is why they add their custom codes

  • To get backlink from your blog unknowingly
  • To get access to your blog
  • To redirect your blog to spam links
  • To add their advertisements and banners.
  • or to simply get your website down

Not only free themes and plugins also the premium nulled plugins and themes that you have download from Warez and torrents may also infected by these malicious codes.

My Confessions

Did  you wonder what triggered me write this article ?

Yes, I too fell prey to these free plugins.Few days back, I was desperate to download a very famous nulled plugin from warez and after installing it in my blog I got to know that the plugin was infected and it redirects my blog to a spam blog.

I immediately disabled the plugin and checked for the code that caused the redirection in plugin files. After an hour I found the code and immediately removed it [ I don't use that plugin now ]

This incident taught me very important thing.

Never trust nulled WordPress plugins and themes

However many of you might want to use those nulled or free plugins and themes for God’s Sake, If you are one of them then read the remaining article

Detecting Malicious codes

After downloading the plugin or theme,The first thing you should do is to check for virus,trojans and other worms that you may not like it.

Check for Virus and Trojans

Go to VirusTotal.com and upload the zip file to check for virus.

If your file is infected you will get a red signal and if not then you can move on to next step.

VirusTotal Scan result

VirusTotal Scan result

Check for unwanted codes in Plugins

Now lets check for unwanted codes in plugins using another WordPress plugin called Exploit Scanner,which can be securely downloaded from WordPress website.

After installing it go to Dashboard >> Tools >> Exploit Scanner and run the scan.It will take some time to complete the scan and the time depends on number of plugins you have installed.

After the scan you can see a list of codes that are suspected.You can use the browser search function to find the plugins that you installed from outside WordPress repository.

Exploit Scanner

Exploit Scanner

[mybox]Note : This plugin will also scan themes but you might to be interested to try the tip that I am about to give next.[/mybox]

Check for Theme authenticity

Adding a backlink in a free theme is very common technique but you can easily find those exploited themes by the plugin called Theme Authenticity Checker (TAC).

Install the plugin and go to Dashboard >> Appearance >> TAC

You can see the list of themes installed with their authenticity result.It will give a warning if any encrypted links are found in a theme.

Theme Authenticity Checker

Theme Authenticity Checker

Security is in your hands

Its very rare to get hacked unless,We make mistake.So,security is in your hand : Either Act wisely or get fooled easily.

If you are pleased with this article, Share this to your social media circles and Subscribe our Newsletter to stay updated with us.

Comments

  1. says

    Hi vivek

    This information is lifesaver (of course) for every webmaster who uses wordpress as their CMS and one of my website also compromised by the hackers when i use such a theme as test drive.

    But, before to buy any premium theme, buyers who like to test drive any theme or plugin to understand its functions and features. Unfortunately not all theme sellers does offer such a feature like themeforest, creative market so on.

    If do they offer test drive option, then hackers got less options to compromise website who using wordpress CMS.

  2. says

    Hi Vivek,

    I really enjoy reading this article because an article like this one will help a lot when it comes to using Wirez themes and plugins… Thanks for advice – Security at our hand, we should either act wisely or get fooled easily… Yes!

    Thanks Vivek.

  3. Richmond says

    Thanks so much! My website was hacked a few hours ago. This has led to suspension of my hosting account. When my account is restored, I will implement this useful piece of information.

  4. Anis says

    Hey Vivek Thanxx.. Really thanks Bro!!!I have an Question – what Happen when someone use Nulled premium themes without Proper License of Themes ….is Theme Company May Takes Legal Action ? Against User?and what it is? I request You to Write An Article about this……..

  5. says

    Hi, good article.

    just one question:
    which plugin did you use to get the social media icons like that under the “STAY CONNECTED WITH US” text, that looks great.

    Thank you for your answer

  6. Lou says

    On the back end on my site, there is a banner every time I make update. It is a image “Theme was uploaded via WPLOCKER” I looked everywhere for code but no luck. I also ran the mentioned plugins and still….Nothing. Any Idea

  7. says

    Even I had faced a similar issue when I had downloaded a plug-in from warez. After which I never installed a nulled plug-in. Next time I will follow both the process to check the theme and plug-in

  8. says

    I recently installed a plugin from a free download and had quite a huge headache. It took me almost 1 whole week to identify the issue and remove the plugin. It was redirecting my users without my consent. Such things are nightmare to any person. As you said, security is in our hands. We better be careful than be sorry later on ! Thanks for your plugin suggestions. I’m using TAC too.

  9. says

    I am always afraid of some malicious code into my theme and plugins. Once my site had links to some casino sites. From that time I am always afraid of such malicious codes hidden in themes and plugin. Thanks for the nice sharing.

  10. says

    Thanks alot Vivek R .. I’ve used a lot nulled free theme and plugin. I don’t know about this.. I hope its not too late for me. Thanks again for the tips.

  11. says

    well i was building a website for my business. I used a theme from WPlocker.com Unfortunately after following your instructions my site is listed as infected. Now it seems that whichever site i enter irrelevant advertising columns are appearing at the footer of every page. Also random pop ups but th emost frustrating thing is that ever single website i access has words which have a link to quiz.mysupermarket.co.uk. Its very frustrating and both windows firewall as well as avast antivirus are picking up no files! What shall i do?

  12. Sumit Agarwal says

    @Vivek R

    Yeah you are correct once my website earns me to atleast bear cost, I would buy it…
    I used the tools and removed the code…I am using Nulled Gravity forms and a nulled theme..Will now it be a problem???Will it have any effect that I will not get google ads or will not be in google search engine??

    Thanks

  13. says

    It’s actually a great and useful piece of info.
    I am satisfied that you just shared this helpful
    information with us. Please keep us informed like this. Thank you for sharing.
    Isaac Dabah recently posted…Isaac DabahMy Profile

  14. says

    Even though the first two steps didn’t get me anywhere, TAC found some interesting eval() code in my themes footer.php. Thanks for the tip, this plugin will from now be installed in every of my wordpress installations!

  15. Emanuele says

    Very interesting informations. Anyway I tried your suggestions and no errors returns. But my site is infected!
    Some words have a link to the redirect to the site monster market place . com
    Do you have any suggestion for this?
    Thank you very much.. I have tried to many checks and solutions during a lot of nights… :-(

  16. says

    Thanks for sharing this great tip Vivek . Some day ago I also faced problem . I just installed a free theme to my blog and that automatically added a text link to footer . I searched all the files sql database to remove that and could not found that . I spent almost whole day doing that and found that a plugin was effected . Now I can easily find such problem and solve that

  17. says

    A couple of years ago, my site was severely hacked and Google banned, despite Hostgators help it was a disaster, losing me months of work and money. The redirection code( to Russian sites ) , hidden in iframe code spread through all my blogs in the common hosting space. My rules now are, individual hosting space, extra password protection over and above the wp login and the exploit scanner plugin . Plus I only use my own themes, simple ones made using the Artisteer program. So…. DON’T leave it to chance DO these simple things NOW!
    Andrew` recently posted…Halogen or Infrared Convection Oven?My Profile

  18. says

    Hi , awesome Article. and i would think twice of using it on my own blog. But Why use nulled themes if can buy it.. anyway thanks for this great information!!

  19. says

    Hi,
    Yesterday I downloaded a theme from a warez site,
    and I found base64 encoded data in it,
    it was a backlink to another warez site.
    Thanks for sharing these useful tools mate!
    Keep up the good work!
    Bye!
    AleX recently posted…Lucky Patcher v3.3.7 APKMy Profile

  20. says

    wordpress blog belongs to me ever encountered down after installing a plugin and after I asked for help on the hosting provider, the blog turned out to contain a cracker script
    for additional well, install security plugin such as WP Firewall 2 and Login Attempt Limit on our blog so that the blog can be more protected
    Rina recently posted…List of Free Dofollow Blogs and Web 2.0 SitesMy Profile

  21. rawoof says

    I ama newbie to wordpress
    i got two themes with static links
    will they affect my website or
    is there any posibilities to remove them

    THANKS FOR YOUR GREAT INFO

  22. Adrian says

    Hi Vivek,
    did i get it right?: I have to install a (potentially suspicious) plugin before I can scan it with Exploit Scanner?
    This seems a little bit weird. While installation it can already change files of my site.
    Must it be activated or is E. S. able to scan it while it is still inactive?
    Thqanks for your advice.

  23. says

    Thank you very much. I followed your tips provided on “Four Bullet Proof Methods to build a Spam free WordPress blog” and now i am not receiving any spam comment.

  24. says

    thanks for valuable information. i just migrated from blogger to wordpress. my friend gave me genesis framework(without any license) which i installed on my site. i tested using various plugin and different method and not found any suspicious code and warning. But i have still doubt. Many unknown people are commenting on my site which are not relevant..what to do? i like genesis framework but also afraid of using free copy!
    Madan Gehlot recently posted…5 Surefire ways to master SEOMy Profile

  25. says

    I also fell for this last month when i downloaded a premium theme from piratebay. my site began to display ads which were obviously not coming from Google. i reported thhe case and i was told its a malicious cript in the theme i downloaded, changed it and those ads went off. bottomline, themes are not too expensivem most goes for just $45 so bloggers should try to buy them

  26. says

    hello vivek , this is very helpful advise for newbie blogger , But nulled wp theme has huge amount of file, so newbie can’t make out this code . But i break some and free from malicious code :D , thx for share your article

  27. Shri says

    Hi vivek,used all this plugins,it shows warning, “containcodes like -Eval,iframe,ob_get_contents,base64_decode,uudecode which will Often used to execute malicious code” !

    But i think some may be false positive,Can you tell me how to decode all this without affecting the theme?

  28. says

    Hi Vivek, first of all congrats for your awesome effort in maintaining this micro niche blog. Simply, your works are fantastic.

    I would support your opinion about nulled themes and Plugins. Recently I had downloaded a popular SEO plugin. But after some while, I got mail from Hostgator that my blog was sending huge spam pings to the server. I immediately removed it.

    Suggestions for all newbies, never trust any nulled stuffs. Prevention is much better cure.

Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

CommentLuv badge