Detecting Malicious WordPress code

After downloading the suspicious plugin or theme,The first thing you should do is to check for infections by virus, presence of trojans and other worms that you were not expecting.

Check for Virus and Trojans

Go to and upload the zip file to check for virus.

If your file is infected you will get one or more red signals with the detected infection name and if not then you can move on to next step.


VirusTotal Scan result

Check for unwanted code in Plugins

Now we check for unwanted codes in plugins and themes using another WordPress plugin called Exploit Scanner,which can be securely downloaded from WordPress website.

After installing it go to Dashboard >> Tools >> Exploit Scanner and run the scan.It will take some time to complete the scan and the time depends on number of plugins you have installed.

After the scan you can see a list of codes that are suspected.You can use the browser search function to find the plugins that you installed from outside WordPress repository.

Exploit Scanner



If these two methods of checking your wordpress site components are all clear you can rest easier about the new goodies you uploaded to enhance your wordpress site.


NetEvolution is a Richmond web development company based in Twickenham, Richmond upon Thames to increase the value of your brand online contact us.