WordPress Malware Scanner - Online Virus Scan Tools

A hacked website cannot always be easily identified from the outside. Here we present our top 5 security and WordPress malware scanners that we regularly use in advance to scan potentially hacked domains for viruses.

The first section of this article covers URL-based scanners, followed by the two best WordPress malware scan plugins that detect malware from within the site.

1. Sucuri SiteCheck
   General, system-independent scan
2. urlscan.io
   Scanner with User-Agent and referrer emulation
   
3. VirusTotal URL Scan
   Check of 65 blacklist databases
4. WP Sec - Online WordPress Security Scan
5. HackerTarget WordPress Scan

Benefits and limitations of URL-based malware scanners

The online scans listed here analyze the entered domain from the outside only. This means they can only assess the website output, the possible cause of the hack, and the symptoms that a hacker attack may produce.

They scan for known malware, viruses, blacklist entries, server errors, outdated software, and malicious code.

In summary, there are three areas that can be analyzed from the outside:

1. Website output - HTML/JavaScript malware & redirects

• Sucuri
• urlscan.io

The scanning tool from urlscan.io is especially helpful. One of the goals of hacks (apart from defacements) is to remain unnoticed for as long as possible. For this reason, malware is sometimes delivered only sporadically and under certain conditions. This includes specific user agents (browsers/devices) as well as referring pages (Google, Facebook, etc.).

SEO spam, for example, often targets only the Googlebot.

With urlscan.io, a wide range of referrer and user-agent combinations can be simulated. In the results, you should look out for suspicious code fragments or script sources.

2. Blacklist scan

• VirusTotal

After a virus infection, you should definitely scan the domain for blacklist entries. Since many smaller providers trust the major ones, this can quickly trigger a chain reaction. With VirusTotal, 65 databases can be queried at the same time. VirusTotal is also well suited for scanning individual files for viruses.

3. Outdated versions - vulnerable WordPress plugins/themes

• WP Sec
• Hackertarget

These two WordPress security scanners are useful when searching for the possible cause of a hack. Instead of scanning for malware, they look for security vulnerabilities in plugins and the theme.

Vulnerable plugins are highlighted in red, while outdated plugins are marked in yellow. Especially with premium extensions or themes, automatic updates often do not work or are not set up. That can quickly become a security risk.

WordPress virus scan plugins

If one of the URL scanners presented above finds malware, it is of course advisable to scan the file system from within for malware as well. There are several scan plugins for this purpose that completely analyze all files of a WordPress instance. The plugins 'NinjaScanner' and 'Wordfence' handle this task particularly well and offer a comparatively high detection rate.

Both malware scanners are able to compare the WordPress core files as well as the files of freely available plugins with the original versions. Malware is often heavily concealed ('obfuscated') to avoid detection. That is why file comparison is one of the most helpful features for checking the integrity of large parts of a WordPress instance.

Monitoring and scanning local computer security

Insecure/outdated operating systems with inadequate protection, combined with careless browsing behavior, can also create a risk. In this case, it is advisable to use additional third-party security software - for example Avira or similar.
On devices used by administrators to access the website, enhanced protection against email viruses, trojans (password theft), or malware of any kind is always advisable.

• Prev
• Next