Choosing a Free WordPress theme can be a tough job. Especially if you’re a beginner. When searching the Web for free themes outside the WordPress directory, be aware that the popularity, open code, and ease of use in making WordPress themes are attractive to others who can make your web server could become part of a zombie army of machines participating in a Distributed Denial of Service (DDoS) attack on some other website, but some may contain malicious code in there. Especially if you download from random websites and not from WordPress.org, or It can be used in a phishing scheme to mine passwords and other personal information from your visitors—unbeknown to them.
So always select themes which are available through the WordPress Free Themes Directory. at least they follow the community’s rules. Although themes are collections of programming code and, thus, can have bugs.
Don’t be afraid to ask the developer questions before installing a theme that comes from outside the traditional channels.
Visit the developer’s site, and check on the WordPress.org forums to know the developer’s reputation.
Once you’ve got your theme installed, use the WordPress Exploit Scanner plug-in that
searches through your website’s files and database tables and notifies you of any suspicious code.
This plugin searches the files on your website and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.
TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
Download | Plug-in Detail
This plug-in is another very useful plug-in and it scans your theme directory. It specifically detects WordPress permalink back door which is a very malicious malware for WordPress and used in to access the database.This plug-in show green color if your file is out of danger and red if your file may be in danger.