Better safe than sorry!
To make sure you are running a safe version of the theme or plugin you download from NulledForums, we advise you to install Wordfence plugin from WP store.
The plugin above includes real-time malware scanning and it finds the most common obfuscated codes. The free version of the plugin covers just about everything you need. Of course, this plugin is not something you can be 100% sure is always accurate. Web devs are finding nasty ways to inject codes and manual inspection is highly recommended. Don’t trust anyone or any site which offers nulling content, not even this site as the content here is provided by site users.
Wordfence in action
After doing a scan, it shows that there are no file changes nor malware and/or spoofed codes, the vulnerability part means that plugins are outdated as shown on the image below.
More advanced code inspection
The more advanced way of checking for spoofed codes would be manually searching through files.
You can use Notepad++ and then Find-In-Files option which you can find on search part.
What to search for?
- wp_vcd is a common WordPress malware backdoor which sends information to attackers server. if you find this, either remove the complete function or DO NOT install it.
- base64 a very nasty way of obfuscating scripts which sends back information to attackers server.
There are more cases, but those two are the most common one.
Additional security steps
- Change /wp-admin location and don’t include it as a visible link which can be seen through inspect element or page source.
- Include reCaptcha protection on every login / register / password reset pages to stop common brute-force attacks.
- Encrypt origin server with SSL (for example Let’s encrypt and if you are using Cloudflare use full-strict crypto mode).
- Use page rules from cloudflare to protect your admin login page with whitelisted IPs.
There are many more steps you can utilize, but if you need all of this you are already an experienced web dev that already knows more than enough to do it alone.