Truth: Any public website can be hacked. WordPress sites aren’t immune. No matter how proactive you are in securing your site, at some point you may wonder if your site has been infiltrated. Let’s look at a few ways to scan your WordPress site for malware.
Video Overview: How to Scan a WordPress Site for Malware
Remote Malware Scan
A remote scanner analyzes the front end of your website (the web pages your customers see). It can’t see inside WordPress or into your server. Therefore, its detection abilities are limited.
Remote scanners will detect obvious malware on your site. They also can tell you if your domain has been blacklisted, meaning search engines and security companies marked it as infected. At OptimWise, our favorite remote scanner is Sucuri SiteCheck. Sucuri is probably the best-known name in WordPress security.
We also like Gravityscan, a relatively new remote scanner. It’s from the creators of the Wordfence plugin, which is one of the top three most popular security plugins. Gravityscan performs a deeper analysis than Sucuri SiteCheck, but it takes a little bit longer.
WordPress Malware Scan Plugins
Many plugins will scan your WordPress site for malware. Because they run inside your WordPress site, they can scan your site’s files and database. Such malware scans are more thorough than the remote scans. Let’s look at a few of our favorite WordPress security scanning plugins.
Wordfence scans core files, themes and plugins against WordPress.org repository versions to check their integrity. It scans for malware, including backdoors and trojans. It also scans for phishing URLs.
My WordPress Health Check checks if your server is running outdated software, if your WordPress site is running outdated software, if your site has vulnerabilities, and if your site follows other WordPress security best practices.
Anti-Malware and Brute-Force Firewall scans for known security threats and backdoor scripts.
AntiVirus scans database tables and theme templates for malware.
Theme Check is an advanced plugin that tests your theme and makes sure it’s up to spec with the latest WordPress theme review standards. It’s not intended to be a security scanner, but it can detect malicious code that has been added to a theme.
Exploit Scanner is an advanced plugin that searches the files and database for anything suspicious. It also examines your list of active plugins for unusual filenames.
WordPress security plugins use a lot of resources, and they can slow down your site. After you finish malware scanning, make sure to delete any plugins that you don’t intend to keep on your site.
Interested in Internet Security?
If you’re interested in Internet security, check out the educational resource Defending Digital!
Leave WordPress Security to the Experts. Sign Up Today!
If website security has you worriedly wringing your hands, get one of our WordPress Maintenance Plans and enjoy some peace of mind. We can set up your plan to include security scans and malware removal. Rest easy. We’re watching your site.