Everyday, a lot of WordPress themes are created and introduced into the market. Some are free, some are for a fee, while others are free copies of premium themes.
Most beginner WP users are not really familiar with the various codes and scripts used in WordPress – the reason why they become victims of hijacked and repackaged WP themes.
As the popular adage goes “there’s no such thing as a free lunch.” Snagging a premium theme for free (when it’s supposed to be a paid theme) might mean that your freebie theme is already injected with spam and malware links. This is how unscrupulous individuals gain from you for giving you a freebie.
Theme Authenticity Checker
There’s a WordPress plug-in called “Theme Authenticity Checker” or TAC that scans all of your theme files for potentially malicious or unwanted code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
The Theme Authenticity Checker is easy to install. Here’s how to install this WP plug-in:
- In your WP Dashboard, go to Plugins then click Add New.
- Search for Theme Authenticity Checker then click Install Now (or you can click Details first if you want to find our more about it).
- Activate the plugin through the ‘Plugins’ menu in WordPress
- Look for the TAC link in your WordPress Dashboard
- The results of the scan will be displayed for each theme with the filename and line number of any threats.
If you find something, contact the theme’s original author to double check if that section of code is supposed to be in the theme in the first place – chances are it shouldn’t as there isn’t a logical reason have obfuscated code in a theme.
If something is malicious or simply unwanted, TAC tells you what file to edit, you can even just click on the file path to be taken straight to the WordPress Theme Editor.
What a great plug-in for WordPress, right?