Monday, December 10, 2018
Tips

How to detect malicious code in your plugins or themes

When we search for plugins or themes that can help us with different functions of our WordPress, it’s possible that even in the official WordPress directory we’ll find plugins that have not been updated with to the latest WordPress versions and therefore it’s not recommended to install them. Sometimes, these plugins or themes are already installed and it’s important to check the code they use on our website to be sure that their functions are still useful for our projects, that they don’t use unsafe functions or that they don’t endanger our page web with “holes” that can give opportunity to hackers.

For this, the best way is to use plugins that inspect the code and help us detect these irregularities.

Plugin Inspector

This plugin offers the function to detect within the code of all the plugins of your WordPress (whether they are active or not) the non-secure functions and the vulnerabilities that they may have. You just have to create a submenu in Plugins and when you access it you can see a list of all your plugins with their description and on the right a button that says Check it.

When you click on the button the plugin will make a revision and at the end, you’ll see a window with the results so that you can make a decision if there’s a problem. Inside this window will show what is good, what is insecure and the option to open the file in question to see the lines of code that can be harmful. Along with these results, you will see the obsolete functions that may exist and a recommendation for change. You must not have it installed permanently.

Exploit Scanner

Another famous plugin that can be very useful is Exploit Scanner, it can be downloaded from the WordPress directory and after scanning all the plugins you have installed, it will show you a window in which you will see the codes that are suspicious. With the search function, you can see the plugins that were not downloaded directly from WordPress and analyze them as well. When installing this plugin, you will find it in the Tools or Tools tab of your WordPress desktop.

Theme Authenticity Checker (TAC)

When installed, this plugin is available in the Appearance tab of your WordPress desktop and helps you verify the backlinks that may exist within the code of the theme you installed and verify the authenticity of it. The plugin mentioned above, Exploit Scanner, also serves to scan the code of the themes.

Which plugin do you like to use to do this security check? Tell us!

Jefferson Maldonado
the authorJefferson Maldonado
UX WordPress Designer
Ux & Web Designer. Portafolio: http://maldonadoz.com/portafolio/ Divi Blogger, WordPress Expert, UX Designer, Business Consultant.

Leave a Reply