WordPress Theme Hacked? Scan and Clean Infected theme Successfully

Are you here because your website is acting up? Maybe it is too slow or you can see that your social media is performing well but site visits are still low. Or the worst has happened and you have been locked out of your own website.

In any case, it sounds like you are dealing with a WordPress theme hack.

A good 11% of the attacks on WordPress websites are caused by vulnerable themes. And if you are a website owner or administrator, ignoring this glaring security concern can turn into a massive headache.

Attackers can exploit vulnerabilities in your WordPress theme to take over your website, expose your database, redirect your traffic, or even shut you out of your own website.

Once your website is under attack, restoring it can take time and effort, which can result in loss of visitors and business. So how do you ensure that your WordPress theme is secured both now and into the future?

TL;DR: Proactive security is the only answer. You must scan your website for vulnerabilities and malware regularly so that pesky malware and dangerous code can’t hide in your WordPress theme.

WordPress Theme Hacked: What does it mean?

A WordPress theme is basically a bunch of files that include stylesheets, templates, Javascript, and even images. These files, together, create the unique display of your website and offer a structure to the design and display of any content that you put up on your website.

Is it possible to hack a WordPress theme? Yes. But is it likely? Also, yes. 

A WordPress theme is an integral part of the website because it dictates how it looks. So website owners are often keen on trying out new themes to update the look of the website.

There are several free WordPress themes out there, along with nulled premium themes that are available on almost every torrent website. So most people try to save on the cost of these themes by opting for the less secure options.

Now, you may not realize that, like any other files, a theme can also be corrupted or infused with malicious elements. So the themes downloaded from untrusted sources can have malicious links or IP that allow attackers on the internet to exploit the vulnerability of the theme and hack your website.

What are the Symptoms of a Hacked WordPress Theme?

A WordPress theme hack usually leads to symptoms like redirects or site defacement, which is not only embarrassing but a huge security concern. But sometimes, the symptoms are less obvious and difficult to identify. So how do you know if your WordPress theme is hacked?

There are various ways to identify a WordPress theme hack, but some signs are a lot more evident than others. Signs like Google warning messages and WordPress screen of death are obvious signs of malware on your website.

But if you want accurate results and a detailed understanding of what portion of your website has been hacked, only a thorough scan can help. 

There are a few indicators that you should know of in order to identify a WordPress theme hack. But more importantly, you should know how much of a security concern a theme hack can be. If you find your WordPress themes hacked, you can experience serious, unpleasant consequences.

Website crash

One of the most common consequences of a WordPress theme hack is a crash. When vulnerable themes are uploaded to your website, they may contain malicious code that eats up your website resources and forces your website to crash.

Frequent theme updates or using themes from untrusted sources can cause a website crash.

Extended loading time

You already know the cost of a slow-loading website. Nobody has the attention or patience to waste on a website that takes forever to load. If your website is one of those, you will undoubtedly lose customers over a slow-loading website. 

Hackers often use a WordPress theme hack to store freeware or pirated content on your website. And when there are additional files on your website, your website resources are redirected to these files—slowing down your website.

If you think that’s the end of it, you’re in for a surprise. Slow websites do not perform well on search engines and may often change or delete your files which in turn triggers a ‘Page Not Found’ error. This is nothing short of an SEO horror tale and can affect your website’s traffic in a big way.

Website defacement

The most well-known consequence of a WordPress theme hack has to be website defacement. As a theme hack grants access to your website display directly to the hackers, they can choose to change the appearance anyhow. Many hacking groups choose to change the home page and leave a message—cue Mr. Robot.

In other cases, hackers can place ads on your website or steal your private information. No matter what kind of defacement occurs, it affects your credibility and business.

Unauthorized redirects

Hackers attack your website for a particular reason. And most often, the reason is to redirect your traffic to other sources. This is a well-known black-hat SEO technique that boosts the traffic of a certain website by redirecting it from another source.

Redirects are bad by themselves, but they also increase the bounce rate of your website and hamper your SEO efforts.

Website blacklisting

When your website is infected with malware, it is flagged as unsecured by search engines. And given that most search engines promote a safe browsing experience, they can blacklist your website. This will cause your website to not show up in the search results at all. 

The WordPress theme hack will eventually hamper your organic traffic in one way or the other. It is best to stay ahead of the curve and prevent the hacks from occurring at all.

How to Scan and Clean the WordPress Theme Hack?

Scanning your WordPress theme is an effortless task if you use a plugin. There are several WordPress security plugins that will scan your entire website for malware and clean it up as well. But just like there is a quality gap between free and premium themes, the same applies to security plugins.

Website security is not the place to save costs. And investing in the right security solution can help you stay on top of any vulnerabilities that your website may have. So choose a complete security solution like MalCare to scan your website and protect it with active defenses against future attacks.

And if you are someone who needs to look at all the available options, you can refer to this list of the best WordPress security plugins.

Security plugins are built by experts after months of research, programming, and testing. Therefore, not only is it a faster way to scan your website, but it is also almost always more thorough and efficient. Your installed plugin will auto-scan your website and notify you if there are any security concerns.

You can look for the plugins in the WordPress repository and download the one you like best. Once downloaded, all you do is install the plugin, and it will be ready to go. 

Scanning WordPress theme hack using MalCare WordPress malware scanner
MalCare Scan

MalCare’s WordPress Malware Scanner will alert you of hacks and vulnerabilities like shown in the image. A great thing about this plugin is that the scan runs on its own servers.

This means that your website does not experience any downtime or speed-related issues while the scan is taking place. The plugin also scans both the files and the database tables, so it is extremely unlikely to miss a hack.

If you find your WordPress theme hacked, you want to make sure that the website is cleaned up at the earliest. But there is no need to panic.

Most security plugins also offer the option to conduct a clean-up promptly. This is a premium function in MalCare, as it ensures a thorough and quick clean-up of your website theme.

If you were to do the same manually, you would have to delete the theme and reupload it, which may cause a lot of disruption and take up a lot of time.

Clean your WordPress Theme with a Plugin

The timeline of cleanup through a plugin can range from a few minutes to a few days. Some plugins employ security experts who thoroughly assess your website and clean it up themselves. However, this approach takes a long time, and most website owners with a hacked WordPress theme do not have time to spare. 

MalCare is the only plugin that allows you to conduct an auto-clean yourself. The algorithm is designed to sweep your entire website and clean it up in a matter of minutes. All you need to do is press the ‘Auto-clean’ button, and the plugin will take care of the rest for you.

Cleaning hacked WordPress theme using MalCare auto-clean feature
MalCare Auto-Clean

More importantly, the intelligent algorithm employed by MalCare does not delete anything that isn’t malware for sure. In case of doubts, the plugin notifies you, and the MalCare team works with you to identify files and clean up the malware.

Scan and Clean Hacked WordPress Theme Manually

If for some reason, you feel the need to scan and clean a WordPress theme hack by yourself, you can follow the instructions given below. However, manual scans can be time-consuming and tricky. If you aren’t an expert, we highly recommend against doing this manually.

In order to manually scan and clean your website, you will have to access the backend of your website and assess all the files manually. 

Identify Unknown Files

The most common way to scan your website is to identify unknown files and folders in the backend system. Any files that are not a part of the original theme can be malware. To identify malware, you will have to compare the files with that of the WordPress theme in the WordPress repository. Here’s how you can do that.

Step 1: Note all the themes on your website, both active and inactive.

Step 2: Download the exact version of the noted themes from the WordPress repository.

Step 3: Log in to your web host account and view the files on your website. Filezilla is a handy tool to do this.

Step 4: Go to public_html > wp-content > themes

Manual cleaning of malware in WordPress theme files through Filezilla

Step 5: Open the themes you downloaded from the repository in Filezilla and compare them with the ones on your website.

Step 6: If you notice any extra files, it’s probably malware.

Step 7: Delete all the unknown files and folders from your website. 

Caution: If the unknown files are not a part of the hack, deleting files could cause your website to break.

PHP functions

Another easy way to scan and clean your website manually is to search for common malicious PHP functions. Functions like ‘base64’, ‘eval’, ‘stripslashes’, and ‘move_uploaded_file’ can often indicate infected files. 

However, these functions are sometimes used as a part of custom themes and code, and deleting them could cause the theme to stop functioning.

How to Prevent a WordPress Theme Hack in the Future?

There are three major steps to preventing WordPress theme hacks in the future. It is essential to follow best practices in terms of security. But some core vulnerabilities need to be removed to ensure that your site is safe.

Invest in security

The first step to take is, of course, investing in pre-emptive security. You don’t need to worry about hacks if hackers can’t get at your code. Set up powerful firewalls with extensive security protocols, such as installing SSL and using HTTPS on your website.

Use and monitor activity logs to make sure that unauthorized activity is seen and caught as soon as possible. Finally, conduct security audits on a regular basis.

By keeping an eye on any potential vulnerabilities, you will be able to head off hackers before they can attack your site. While it may seem like a lot of work, a powerful plugin can do this on a regular basis without you having to overlook the security. You can install MalCare on your website in a matter of minutes.

Use trusted themes

The next step is to make sure that there are no backdoors to your website. Backdoors often come pre-installed if you pirate your WordPress theme. So make sure to buy your WordPress themes from a reputable vendor.

Another point of vulnerability could be a lack of updates. Updating your website regularly can be time-consuming, but updates are essential. Whenever a vulnerability is found, it is patched and made public through an update.

Even the weakest hackers can get through the unpatched security hole if the patch is not downloaded and installed. Having nulled themes can cause similar problems since they do not get updated and thus cannot be patched.

Train your team

The third step is to make sure that no hacker can use social engineering methods to get in. By training employees on the backend, you can rest assured that attacks like calls asking for passwords (yes, this has worked) or phishing don’t work.

Employing proper training will reduce the chances of in-person hacks as well. Implementing security policies, developing a culture of security, and training will make your site almost impossible to hack!


If you find this WordPress theme hacked guide useful, share it with your team, friends, or colleagues who may need it. Not many people realize how important it is to secure your WordPress theme. And bringing this to others’ attention will definitely get you some brownie points!

Install a plugin to overlook your website security, and learn more about how hackers can attack your website. We recommend starting with this article on brute force attacks

And lastly, pat yourself on the back for upgrading your site security. You deserve it!


Can a WordPress theme get hacked?

Yes, if you download a WordPress theme from an untrusted source or use a free or nulled theme, it can get hacked.

How do I know if my website theme is hacked?

A WordPress theme hack can cause various symptoms such as unauthorized redirects, website defacement, or slow-loading web pages. But the best way to confirm is by scanning your website.

Why should I avoid nulled themes?

Nulled themes often carry malicious code or malware that can grant attackers access to your website. It is best to use themes from trusted sources.

Can I clean the malware on my website myself?

Yes. However, if you are not an expert, you might break the website. We highly recommend using a security plugin to clean your website.

Why do I need a security plugin?

Security plugins are developed by experts after a lot of R&D. Plugins can do a more thorough and faster job than cleaning up your website manually.


Preeti is a WordPress enthusiast, and enjoys sharing their experience with fellow enthusiasts. On the MalCare blog, Preeti distils the wisdom gained from building plugins to solve security issues that admins face.

Copy link
Powered by Social Snap