Do you know you can try any of our premium WordPress themes for free?Show me the themes
WordPress Theme security checklist – how to know you picked the right one?

WordPress Theme security checklist – how to know you picked the right one?


We’re not talking about the list of most secure WordPress themes, no. This article is about how to check all the WordPress Theme security issues to be sure you’ve picked the right one. Or, before you decide on buying the one you like that much, to know whether or not is secure enough.

So, without further due, here’s all you need to know about WordPress theme security before you get or buy your next theme.

WordPress Theme security checklist


Whether it’s a free or premium theme you’re looking for, always – ALWAYS – get it from reputable and trustable sources. If it’s free you’re out for – download it from the Theme Directory.  You want to do that because all the themes go through a very strict review process and you can be sure they are safe to use.

Top WP Hosting recommended by Meks

WordPress theme security checklist screenshot

If you are looking for a premium quality theme, then ThemeForest is the kind of place you go to. It is the largest depository of Premium WordPress themes, and they too have a strict review process before listing themes out.

And, of course, can’t go without mentioning our collection of premium quality WordPress themes. With 12 of them so far, both free and premium themes, we guarantee that they are both secure and regularly updated.

Meks portfolio on ThemeForest

All that’s left for you is to choose the one that best suits your needs.

Plugins and Widgets

As stated in the Handbook, plugins and widgets /beside themes/ are the key points of weakness. No matter if you choose a free or a premium one, each theme usually comes with the set of integrated plugins. That’s why it’s important to follow these guidelines when checking if they’re safe enough to keep and/or download.


Always check out reviews, what people are saying about plugins. That will give whether it’s reliable or not – apart from what it does and how.

Update date

This will show you whether the plugin is aligned with the WordPress’s latest changes and updates. Those who are not up to date most likely are the ones you should skip.

Code security

WordPress is an open source meaning everyone is free to contribute in making it what it is today. And because of it, the WordPress development team takes security seriously to maintain the integrity of the platform we all use and love. Still, if it isn’t a theme you got from a trusted source or coded yourself, you can’t be 100% sure it’s safe. More then often, malicious code is added to themes and/or plugins you find online. And this is very dangerous because if you use unsecured theme and plugin, people can get access to your site, get it down or use it in all sorts of bad ways.

Luckily, there are ways to check whether the theme you want is safely coded or not. One of them is to check the theme through VirusTotal.

wordpress theme security checklist virustotal

A free online tool which checks themes for suspicious files and URLs. Not only that, but VirusTotal also detects any virus, trojans, worms and similar kinds of malware. So, whether you already have a theme or are in the process of getting one, simply check it through this tool and scan to see if it’s safe enough to install.

Another great way is to use Just type the URL of the WordPress site and you will instantly get results on how good and safe the theme is. This free online tool checks the theme code and presence of malware as well.

wordpress theme security checker theme check

WordPress Theme security check tools

Apart from the ones we already mentioned, here are few more you can use to check how safe and secure your theme is.

Sucuri Security Plugin

sucuri security plugin

A free and very handy tool to keep your site well maintained and secure. This plugin offers a mix of security features like:

  • Security Activity Auditing
  • File Integrity Monitoring
  • Remote Malware Scanning
  • Blacklist Monitoring
  • Effective Security Hardening
  • Post-Hack Security Actions
  • Security Notifications

By installing it, you’ll get your own security guy who watches over the safety of your site.

WP Scans

WP Scans

This tool is good to use as a checkup of already owned WordPress blog or website. What it does is scan your site to get info if you are protected. You’ll get the simple yes or no on whether your site is safe and for the detailed report, you need to sign up (it’s free).

Exploit Scanner Plugin

exploit scanner plugin

A free plugin that scans the files on your website and makes a database for anything suspicious. Once it’s finished, you’ll get a list of any suspected codes and resolve them to maintain the safety of your site.

Final tip? Always keep your site up to date, whether it’s WordPress software, a theme, plugins or user credentials. Be sure to have a regular backup, too. Doing that, you are minimizing any potential threat. You’d be surprised how easy is for hackers to attack your website if you don’t keep everything in order. Just take a look at the 2017 Hacked Website report from Sucuri, and you’ll get the idea.

Hope you find the article both useful and informational. Feel free to share it on Social and connect with us on Facebook, Twitter or Instagram – let’s chat some more!



Ivana Cirkovic

Ivana is a Digital Marketing, PR and Social Media consultant with over nine years experience in the field. She is also a WordPress enthusiast and an active member of WordPress community who lives online almost 24/7. In love with Twitter, WP, photography and NYC.

Try theme now for free!
  • Access to a copy of the demo website
  • Full access to the theme options
  • No credit card required

* We will send you an occasional newsletter with special offers, news & theme updates but you can unsubscribe at any time.