Apart from Official WordPress repository there are hundreds and thousands of websites which provides free WordPress themes and nulled codecanyon plugins but the problem is you can not trust them always. Yes, Most of them add a malicious code to themes and plugins which is not too easy for you to find out. Before learning about the cure lets discuss about the cause. Here is why they add their custom codes To get backlink from your blog unknowingly To get access to your blog To redirect your blog to spam links To add their advertisements and banners. or to simply get your website down Not only free themes and plugins also the premium nulled plugins and themes that you have download from Warez and torrents may also infected by these malicious codes. Thanks for your time, have a nice day.