The WordPress theme or plugin you have downloaded might contain malicious codes, hidden affiliate links, link to other websites etc. Problem is that, you can not find out this codes, url by manual checking in to the php codes. They are encrypted. So, in order to identify them, you have to do two things:
- Finding out the bad codes in encrypted format
- Decrypt the encrypted codes in order to remove them
Finding out the bad codes in encrypted format
For this, there is a plugin. It is called Exploit Scanner. Simply install it and run it to detect the codes from your WordPress themes or plugins. They officially says: This script searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. It does NOT remove anything, this is left for the user to do. Keep in mind, not all codes detected are malicious. There are false positive detection too. If you have bought a premium wordpress theme, it might had an evaluation copy; in that case, this plugin will catch “eval” as suspicious code. However, you must go to next step to check them manually. Decrypt the encrypted codes in order to remove them Now, you need to decrypt the suspected malicious codes. For this, go this webpage and simply paste the code in the upper text / code entry area and hit “Decode this mess”. You will get the decoded in human readable form.