Detecting Malicious WordPress code
After downloading the suspicious plugin or theme,The first thing you should do is to check for infections by virus, presence of trojans and other worms that you were not expecting.
Check for Virus and Trojans
Go to VirusTotal.com and upload the zip file to check for virus.
If your file is infected you will get one or more red signals with the detected infection name and if not then you can move on to next step.
VirusTotal Scan result
Check for unwanted code in Plugins
Now we check for unwanted codes in plugins and themes using another WordPress plugin called Exploit Scanner,which can be securely downloaded from WordPress website.
After installing it go to Dashboard >> Tools >> Exploit Scanner and run the scan.It will take some time to complete the scan and the time depends on number of plugins you have installed.
After the scan you can see a list of codes that are suspected.You can use the browser search function to find the plugins that you installed from outside WordPress repository.
If these two methods of checking your wordpress site components are all clear you can rest easier about the new goodies you uploaded to enhance your wordpress site.