WordPress Security – How To Check Your WordPress Installed Theme

Most Popular Content Management Systems

Based on information as at 13th Aug 2014, obtained from W3Techs (http://w3techs.com/), WordPress is the most popular Content Management System (CMS), having a market share of about 60.6%.


WordPress Security-WordPress Most Popular CMS

The popularity of WordPress is probably due to its ease of use and flexibility through its platform and the many themes available as well as its robustness, through plugins. In the good old days, it took many programming days to establish a website, thus making owning a website a costly affair. However, with technological advances, creating a fully functional website now, on WordPress, could be done in a matter of hours through a combination of platform, themes and plugins.

Free WordPress Themes

WordPress provides free themes to website owners for installation and is continuing providing updates to its themes, improving functionalities, fixing bugs as well as improving security. There are also many individuals and companies offering free themes for download, providing website owners more choices regarding the theme they want for their WordPress sites (e.g. restaurant, modern, slick, cool, ecommerce, etc.).

However, there are also some crooks out there who offer free WordPress theme as a pretext to hijack your WordPress site by including some malicious codes. Once they gain control of your website through this back-door method, they will then be able to use your website to create some mischiefs: participate in denial of services attacks (DoS), redirect your website visitors to some pornographic sites, deface your website, blackmail you by denying your access to your own website, etc.

Is There Any Free Lunch In This World?

We are all excited about freebies and will lay our hands on them whenever and wherever possible. We have been told that there is no free lunch in this world but if we could exercise some common sense and caution, perhaps, we can squeeze in a free lunch.

Before downloading any free theme, we need to do some research about the theme as well as the developer. Do a Google search or check WordPress.org for reviews of the theme as well as information about the developer.
Though we have done some good preparatory work by researching the theme and developer, but as a layman, we are not conversant with source codes and programming. We could innocently download a theme with malicious codes without our knowledge.

Luckily for us, there is a free plugin in WordPress.org which could help us check the integrity of the codes residing in the installed theme. This free plugin is appropriately named Theme Authenticity Checker or TAC in short. As stated in the description of this plugin:

TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. (more information available on http://wordpress.org/plugins/tac/).

For some peace of mind, after installing a theme, we can use TAC to do a scan of the installed theme. If no malicious or unwanted codes are found, TAC will return with the wording “Theme OK” in a green box. If TAC found some malicious codes, it will flag them out and we can then consult knowledgeable personnel to determine whether they are real threats or just false alarms.

You can also find out more about free themes by reading this article “Free WordPress Themes: The Ultimate Guide” on http://premium.wpmudev.org/blog/free-wordpress-themes-ultimate-guide/.


However, it should be noted that malicious codes could also be inserted into paid WordPress themes and they could be in the form of commercial WordPress themes, beautiful WordPress themes, cool WordPress themes, Corporate WordPress themes, customizable WordPress themes, etc.

So, as a good WordPress security practice, it will be wise to check and scan our installed WordPress theme regardless of whether it is free or paid. It pays to be safe than sorry and as a responsible website owner, we have a duty to all our website visitors, thus the need to secure our WordPress site.

In this article, we focus our attention on Theme Authenticity Checker (TAC) for scanning our installed themes for malicious, unwanted or encrypted codes. It does not imply that if we use TAC to scan installed themes, the themes are risk-free. The beauty of TAC is that it’s an easy-to-use plugin, it provides a quick way to ascertain the theme integrity.

There are also other tools available (free and paid) and you can get more information by referring to the following articles:
1. How to scan your WordPress site for potentially malicious codes.


2. How to detect Malicious code in nulled or Free WordPress Themes and Plugins.


3. How to Scan WordPress Plugins and Themes for Malware and Viruses.


Be safe on the online world and please share with us how you protect your themes from malicious or unwanted codes!

No comments yet.

Leave a Reply