Theme Authenticity Checker (TAC) allows you to easily scan all of your theme files for potentially malicious or unwanted code. The plugin searches source files of every installed theme for any signs of hidden malicious code or injection etc.
And if such code is present on your WordPress theme, the plugin will display you the path to that specific theme file, the line number, and snippet of the suspected code to be removed.
Start by installing Theme Authenticity Checker (TAC) plugin in your WordPress site. Upon activation, visit your admin area dashboard Appearance -> TAC page.
The plugin will display you the results of the scan with filename and line number of threats. You simply click on the path to the theme file and it will open up for editing in WordPress native theme editor where you can remove the suspected code then re-scan your website.
As of version 1.3, it also searches for and displays static links. So keep in mind that just because the code is there doesn’t mean it’s not supposed to be there or even qualifies as a threat. At the same time you should also know that most theme authors don’t include code outside of the WordPress scope as there is no reason to obfuscate the code they make freely available under GPL.
In such condition you should contact the theme author with the suspected code or switch to some other WordPress theme. The point of this plugin is to help you quickly determine what bad code you need to cleanup in order to safely enjoy your website’s theme.