WordPress Malware Scanner - Online Virus Scan Tools

A hacked website is not always easy to identify from the outside. Here we present our top 5 security and WordPress malware scanners, which we regularly use in advance to scan potentially hacked domains for viruses.

The first section of the article covers URL-based scanners - afterwards, the two best WordPress malware scan plugins are introduced, which detect malware from the inside out.

1. Sucuri SiteCheck
   General, system-independent scan
2. urlscan.io
   Scanner with User-Agent and referrer (referring pages) emulation
   
3. VirusTotal URL Scan
   Check of 65 blacklist databases
4. WP Sec - Online WordPress Security Scan
5. HackerTarget WordPress Scan

Benefits and limitations of URL-based malware scanners

The online scans listed here analyze the entered domain only from the outside. This means that only the website output, the possible cause of the hack, and the symptoms that a hacker attack may bring are analyzed.

The scan looks for known malware, viruses, blacklist entries, server errors, outdated software, and malicious code.

In summary, there are three areas that can be analyzed from the outside:

1. The website output - HTML/JavaScript malware & redirects

• Sucuri
• urlscan.io

The urlscan.io scanning tool is particularly helpful. One of the goals of hacks is to remain unnoticed for as long as possible, apart from defacements. Malware is therefore sometimes delivered only sporadically and under certain circumstances. This refers to specific user agents (browsers/devices) and referrer pages (Google, Facebook & co.).

For example, SEO spam often targets only the Googlebot.

With urlscan.io, a wide variety of referrer and user-agent combinations can be simulated. In the results, you should look for suspicious code elements or script sources.

2. Blacklist scan

• VirusTotal

After a virus infection, you should definitely scan the domain for blacklist entries. Since many smaller ones trust the larger ones, a chain reaction can quickly occur. With VirusTotal, 65 databases can be queried at the same time. By the way, VirusTotal is also well suited for virus scans in individual files.

3. Outdated versions - vulnerable WordPress plugins/themes

• WP Sec
• Hackertarget

When looking for the possible cause of a hack, these two WordPress security scanners are useful. Instead of searching for malware, they scan for security vulnerabilities in the plugins and in the theme.

Vulnerable plugins are highlighted in red, and outdated plugins are marked in yellow. Especially with premium extensions or themes, it often happens that automatic updates do not work or have not been set up. This can quickly become a security risk.

WordPress virus scan plugins

If one of the URL scanners presented above finds malware, it is of course advisable to scan the file system for malware from the inside. There are several scan plugins for this that fully analyze all files of a WordPress installation. The plugins "NinjaScanner" and "Wordfence" handle this task best and deliver a comparatively high detection rate.

Both malware scanners are able to compare both the WordPress core files and the files of freely available plugins with the original. Malware is often highly obscured (English: "obfuscated") to avoid detection. Therefore, file comparison is one of the most helpful features for checking large parts of a WordPress installation for integrity.

Monitoring and scanning local computer security

Unsafe/outdated operating systems with inadequate protection, combined with careless browsing behavior, can also pose a risk. In this case, it is advisable to use additional third-party security software - for example Avira or similar.
On devices used for admin access to the website, enhanced protection against email viruses, trojans (password theft), or malware of any kind is always sensible.

• Previous
• Next