WordPress Theme Hacked: How to Scan & Clean Corrupt Themes

Feb 14, 2019

WordPress Theme Hacked: How to Scan & Clean Corrupt Themes

Feb 14, 2019

It’s a nightmare to discover that your WordPress theme is corrupt. In most cases, website owners realize this all too late. Hacked themes enable hackers to enter and exploit your website. For instance, they could be storing illegal files, injecting spam links, stealing data, or implement black hat SEO techniques to get their products to rank (recommended read – pharma hack), redirect visitors to their own site, among other things.

When this happens, you need to clean your website and take precautions for the future. We’ll guide you through the process.



If you are running out of time and need to clean your website immediately, use our malware removal service. However, it’s important to come back and learn how to protect your website against corrupt themes.

1. How to Scan & Clean Hacked Themes With a Plugin

All the themes present on your website (active and inactive) should be scanned thoroughly. After identifying the corrupt themes, we can proceed to cleaning up the website.

Both scanning and cleaning can be executed manually or by using automated tools.

There are many security plugins to choose from but trying them out is time-consuming. You need to clean your site right away. To help you we have a comparison of the best WordPress security plugins ready. Every plugin mentioned in the list will scan and clean corrupted themes.

Scanning for Hacked Themes With a Plugin

Once you select the plugin, you can download and install it from the WordPress repository or its’ official website. You may need to verify site ownership. The plugin will scan your website to detect corrupt themes and other infection. This will take a few minutes. Compared to manual scanning, this saves you a fair amount of time. Besides plugins are more successful in detecting hard-to-find malware.

However, not all security plugins are as effective. Some solely rely on pattern/signature matching which returns false positives. Others scan only the files and not the database. If you want a powerful security plugin that is not plagued by these issues, go for MalCare’s WordPress Malware Scanner.

Install and activate the WordPress security plugin. Once activated, it starts scanning your site looking for malware.

The plugin goes beyond the usual pattern/signature matching to analyse the behaviour of the code. This helps determine if the code is malicious and reduces false positives. MalCare scans both the files and the database tables, hence the chances of missing a hack is close to zero.

It’s noteworthy that plugin runs your scans on its own server ensuring that your website does not experience any downtime.

After detecting malware on your site, it promptly notifies you.


scanning corrupt themes

MalCare has detected hacked files


When you discover the hacks, don’t panic. Find a plugin that can clean your site completely and promptly.

Cleaning Hacked Themes With a Plugin

Security plugins clean hacked WordPress websites at a cost. Purchase a plan and install the plugin on your hacked website. Most plugins have a turn around time that ranges between a few hours to a couple of days. A security expert looks into your website manually which takes substantial time.

But in this situation, time is of the essence. When there’s malicious content on your site, Google can blacklist you, and hosting providers can suspend your site. Choosing the right security plugin can make a significant difference.

To remove malware instantly from your hacked theme, MalCare is your best bet. It’s the only plugin that allows you to auto-clean your site by yourself. Let’s see how to remove malware from your site using the plugin.

To use MalCare, sign up, and install the plugin on your website. Once activated, it immediately runs a scan and notifies you when it finds malware. Next, the user has to click on the ‘Auto Clean’ button for the process to start. Within a few minutes, your website will be malware-free.


cleanning hacked themes

Clean hacked files using MalCare’s ‘Auto-Clean’ tool


MalCare’s Automated Malware Removal is meticulous and removes all signs of malware from your site. It’s also smart, it won’t delete files without first being certain that it’s a hack. In such cases, it’ll prompt you to contact the support team. Then, the team will do a manual check, and clean up your site without breaking it.

With MalCare's 'Instant One-Click Malware Removal' you don't have to wait for hours or days. 🤘 Click To Tweet

Plugins make life easy but if for some reason you need to scan and clean corrupt themes on your own, follow these manual methods.


Manually detection and cleanups are time-consuming and unreliable. Moreover, if you aren’t tech-savvy, you could end up making mistakes that could lead to greater issues. Automated WordPress plugins have a much higher success rate than manual methods. 


2. How to Scan & Clean Hacked Themes Manually

Manual scanning requires WordPress users go to the backend of the site and look for malware. While there are many ways to search for malware, we are going to show you the three most common ones.

Identifying Unknown Files & Folders

Scanning: Files and folders that don’t belong to the theme could be a part of a hack. Comparing the theme on your website with the one available in the WordPress repository could reveal the hacked files. Here’s how to compare themes –

Make a note of all the themes (both active and inactive) present on your site and then download the exact themes from the WordPress repository. Remember to download the same versions.

Next, time to compare/match the themes. To view files of the themes present on your website, log in to your web host account, and navigate to public_html > wp-content > themes (you can do the same using Filezilla).


public html folder

In the File Manager, navigate to public_html > wp-content > themes


Now open the themes you downloaded from the repository and match it against the themes present on your website.

Notice any extra files/folders?

If you found an unknown file/folder, it’s probably part of a hack.

Cleaning: This is where we tell you to delete all unknown folders but that could have adverse consequences if the folder is not part of a hack. Sometimes the WordPress repository is unable to catch new modification in the theme which could lead to misunderstandings. An unknown folder could be a legitimate part of the theme, deleting it could cause the theme to break your website.

Searching for PHP Functions

Scanning: Another thing you can possibly do is to look for common malicious PHP functions like ‘base64’, ‘eval’, ‘stripslashes’, ‘move_uploaded_file,’ in the theme folder. You can look for the same functions in the Uploads folder too.

You can run simple commands like Find, Grep, and Stat on Linux to look up keywords on Linux desktop.

Cleaning: If you are able to detect malicious code, you should be able to delete them. But there’s a drawback – the PHP functions can also be a part of a non-malicious code. Some themes and plugins are known to use the said PHP functions and deleting them will cause the theme to crash unnecessarily.

Checking Recently Modified Files

Scanning: There’s a good chance of finding malware by looking into files that were recently modified. If you don’t visit the backend of your site to make changes frequently, recently modified files could be part of a hack. Open the files/folders and look for PHP functions we mentioned in the previous section.


recently modified files

File that are recently modified


Cleaning: Once you identify the malware, you should be able to delete it. This, however, is not a fool-proof way of cleaning malware because hackers change timestamps to cover up their tracks.

Cleaning and scanning is not enough. You will need protect your website from corrupt themes.


3. Protecting Website Against Corrupt Themes

If you don’t want to go through the hassel of scanning and cleaning hacked themes, take these measures –

Avoid Pirated Themes: 

Just like any other software, WordPress plugins and themes can be pirated. Who wouldn’t want to get a premium theme for free right? Besides the obvious ethical downside, think of the harm it could do to your website. Pirated themes are not secure because they leave hidden backdoors (recommended read – WP-VCD malware) on your website.

Instead of pirated themes, look for free alternatives. For instance, Genesis themes are very popular because of their simplicity and lightweight. GeneratePress is a good free alternative for Genesis.

Purchase Themes From Reputed Marketplace:

A general rule of thumb is to buy products from trusted sources like MyThemeShop, Themeforest, Evanto, AThemes, ElegantThemes, etc. You can rest assured that the quality of the product is high which means the software is less likely to develop vulnerabilities. And even when they do, the themes are quickly updated before it’s exploited by hackers and bots. Moreover, good marketplaces offer support forums to help customers facing problems.

Take Security Measures:

Another thing you could do is take some basic security measures like:

  • Keep your site updated (including themes)
  • Set up a firewall
  • Implement two-factor authentication
  • Employ least privileged principles
  • You can disable file editing and PHP file execution
  • Scan your site on a regular basis, etc

Here’s a detailed WordPress security guide to help you learn more about these security measures.


Final Thoughts

We sincerely hope that you found our WordPress theme hack removal guide easy to follow and were able to repair your hacked website. We know, this was a long guide, but before you leave hold on for a second and read the following:

  1. Bookmark this article. Seriously. Bookmark it.
  2. Help out a colleague or a friend by sharing this article.
  3. Then install a WordPress security plugin to protect your website against hack attacks (recommended read – brute force attacks). If you have the right tools, you can fix your hacked WordPress theme in a jiffy. Instant malware removal can clean your hacked site quickly, thereby preventing any of the harmful effects of getting hacked.
  4. All set? Now you can focus on growing your business and worry less about your website being hacked.

Be hack-free and stay that way!

Save your site from Corrupted Themes
Auto-Clean with MalCare

Steps to clean wordpress hacked themes
Share via
Copy link