How to remove malicious codes from WordPress Theme

How to remove malicious codes from WordPress Theme

Do you know that WordPress is one of the most vulnerable web applications that malware? Almost 70% of a WordPress site is vulnerable to it. According to Wordfence, 9 million sites are affected by hackers and malware. Also, removing malicious codes from a professional developer will cost you a lot. Another important thing is that malware spreads and affects other files too. So, the question arises on how to protect your website from it for free or how to remove malicious codes from the null version theme and what to do when it is affected. So, today I will some of the easiest ways to remove bad codes from your WordPress Theme site

But, first of all, we should know, how sites are affected by malicious codes & how can we know that malicious codes is affecting our site. Malicious codes mostly attack your site when you download any themes or plugins from an authenticated or unknown source(Such as null versions). So, it is recommended to keep away yourself from null versions. Also, you can know the presence of malicious in the following ways:

  • Your sites will very slow although you might have high-speed internet.
  • The functions of the sites(backend) may not work smoothly.
  • There will be an error while updating your site (post, media)

Now, let us move on & learn how to find malicious codes:

  • The first method is to, Run a virus scanner into your Cpanel panel which is present in most of the hosting C panel. They will definitely help you to show malicious files such as commonly wp-vcd.php. Mostly malicious files/codes are present in theme function.php[As it is the brain of a script/theme/plugin which controls/functions the other files] files & wp-includes. {Note: Don’t delete the malicious files[function.php] as it will crash the site totally, remember that you have to remove the codes only}
  • The second method is an alternative method for the first one which installing the Wordfence plugin directly to your file manager. This method is useful to those users who don’t have a virus scanner in hosting Cpanel. For installing it directly to your site follow the following steps.

Free from malicious code/malware
Free from malicious code/malware

Login to Cpanel -> Go to file manage -> Download Wordfence plugin from the button given below -> unzip it  & upload it in public_html[your directory]/wp content/plugins -> Activate the plugin your site backend[Normal plugin activation] . As you haven’t deleted the malicious files you will still be able to activate. Then run the scan though it will be a slow process. Wait for a few secs and you will be able to see which files are affected by it.

  • After that, get a fresh theme{purchased from an authorized seller}.
  • I recommend buying if you don’t know about codes. After that compare or see if there are any extra codes{malicious} just like the image given above. The next step is to remove the codes and your site bad codes is removed.

Now, what to do if it affects your WordPress backend[wp-includes/wp-content/wp-admin] files.

The following steps are:

  • Download the latest version of WordPress from this link given below -> unzip it -> go to your hosting file manager -> go to the directory which is affected by it[ Paths/files shown by virus scanner/wordfence].
  • Next, see whether there are any extra files such as wp-VCD.php files or malicious codes by comparing them with the original downloaded.
  • Lastly, remove the unwanted files and codes. And, it’s done you have successfully remove malicious codes from your WordPress backend.😉



Malware is notorious and multiplies in numbers. They are capable to damage your site completely or erase all your data. So, it is wise to have a precaution beforehand. Precautions to prevent malware such as not using any nulled version themes/plugins, installing wordfence[Not doing for a promotion]. I personally use and suggest wordfence as its totally free and apart from scanning malware it also prevents brute force attacks. Also, keep your site updated with the latest version[themes, plugins, wordpress]. Lastly, don’t forget to subscribe, share & comment if you have any queries. Thank you 😁

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.