As webmasters there is one thing we can all agree on that will drive us up the wall. I have dealt with this issue a number of times in the last 6 years. What is it? WordPress hacks that completely ruined websites I have developed. Anyone that has ever developed a website knows that WordPress is prone to attacks from time to time. Obviously, you should be updating to the latest WordPress version frequently and updating your WordPress framework. But, sometimes you just get hacked and you have to deal with it. Sometimes we can go weeks or even months with malware on our website and not even know it. This is why it’s essential to check WordPress for viruses from time to time. In this article I am going to show you some ways in which you can check to see if your site has a virus on it.
First and foremost, you need to make sure that you have a backup of your website. This is our life line for our website and can really help us whenever funky business does in fact happen on our website. It can and it will in a matter of time. If you want to read up on some common types of viruses for WordPress check out: https://www.smashingmagazine.com/2012/10/09/four-malware-infections-wordpress/ So, you might be wondering what are some plugins that we can install, which can scan our WordPress sites for viruses.
WordFence
The WordFence security plugin has a lot of useful features that prevent our website from being hacked. But, a lot of people don’t know about the backup system that this plugin has. It can check you core WordPress files with the core ones to see if they have been altered in any way. For instance, you could have a couple lines of code inserted in your WordPress theme. You simply, revert back to the core framework.
Secondly, WordFence can even run a scan of your website (either automated or manually) so that you can check to see if there is any malware on your website. It takes about 5-10 minutes to process, but it’s really a life saver in terms of WordPress security.
Sucuri Malware Scanning
It’s hard to talk about Malware scanning without mentioning Sucuri. They are one of the most reputable resources for detecting viruses that are often injected onto a WordPress site. You can visit their website at https://sitecheck.sucuri.net/ and their scanner will scan your site for issues and problems. Did I mention it’s free of charge?
Aside from their website you can always download their plugin at https://wordpress.org/plugins/sucuri-scanner/. This is a free version of the plugin but you can upgrade to a premium plan which does do a more comprehensive scans.
Anti-Malware
Another great option for those WordPress users looking for a virus scanning plugin is Anti-Malware. This is a plugin that protects you from known threats and back-doors. You can protect your WordPress site from brute force attacks by patching the wp-login file.
What I really like about his plugin is you can download a definition update which shows you exactly what the piece of malware that is detected is trying to do. Kind of like Norton Anti-Virus, but for your WordPress site exclusively. You can check out this plugin at https://wordpress.org/plugins/gotmls/.
The above resources are great for scanning your WordPress site for viruses, but it’s also a good idea to take preventive measures to patch up any vulnerabilities on your site. These vulnerabilities can leave your website wide open for hackers. I would highly recommend that you sign up for Google Webmaster Tools too. Google can actually alert you whenever they detect that malware is on your website.
Hopefully this article has shed some light on scanning your WordPress site for viruses and you now know what you can do about the problem. Has your website been hacked frequently or are you stuck with what to do to resolve the problem? Please leave your comments down below.
Marlon Andrew says
Hey Garen, this is quite a timely post as I just received a notification from Bing webmaster tools saying I have a malware. I just scanned my website using the sucuri.net website but it says I do not have a malware.
It is not showing up on Google’s webmaster tools either does that mean that was an error on Bing’s WMT and should I install a plugin like WordFence just in case?
Garen says
Hey Marlon,
Actually, the notifications from Google & Bing is delayed. They probably haven’t crawled it yet, but I would highly recommend installing WordFence or one of the other two plugins I wrote about in this article.
Depending what host you’re using, they can even run a scan on your server too. I will send you an email and see if I can help you out on this issue.
Tasos Perte Tzortzis says
Hello there
Thank you for your alerts as I never checked my site for any virus or malware but I always perform full back-ups every day and I am using both Google and Bing Webmasters tools with no alert so far.I will check my site on sucuri first.
Do you think that Word Fence will work smoothly with a back-up plugin I have installed – the BackWPUp?
And a second question… Does Avast and another one malware I have installed on my computer do any job in that matter?…Or these software only protect my computer and they have nothing to do with WordPress?
Thanks for your time
Garen says
I don’t believe there are any known conflicts with WordFence and other plugins:
https://support.wordfence.com/support/solutions/articles/1000011131-what-known-plugin-conflicts-are-there-with-wordfence-
(WordFence does have very good support, though, so you could always ask them too)
However, if you want to test it out, you could install it and always deactivate one plugin if there are conflicts.
I believe Avast is just for your computer. It’s not going to scan your files on your server. You could always download your files through you FTP and then run a scan on them. However, your web host should be able to run a scan on your files, as well.
debra says
I appreciate all the information you have provided here, I am especially going to check out wordfence security with that backup function. It may be just what I need right now. Thank you again.
siamjerry says
Hi Garen, is our WP site not also being protected by our WA host? What is the best way to back up the site? Cheers, Jerry
Garen says
No, I don’t believe so. You probably want to install Wordfence security for protection.
For backups I do like to use Dropbox for WordPress. It’s a great plugin for backing up your data. Dropbox allows you to use 5 GB of data for free 🙂
Zachary says
This is some great information I’ll use on my wordpress site. What viruses can wordpress get that you would need this for? I’ve never heard of wordpress viruses.
Garen says
There are a lot of WordPress viruses. There are many reasons there could be vulnerability issues with WordPress which will leave you wide open for attacks:
Outdated plugins, themes or WordPress version.
Using “admin” as the wp-admin login.
Poorly structured security settings.
Most commonly you will find these viruses that deface your index dot PHP file. You may also notice script on your website with a bunch of random code.
Hopefully, this helps you!
Martin says
Nice job. Complete and easy to follow. I’m really impressed with the videos as I know enough to know it’s not easy but not enough to do it. Seems well researched and formatted. There should be an audience for this site as I’ve heard (from a bias source) that WordPress is susceptible to bugs. I’ve made a shortcut to this site for my future reference.
How often should I check WordPress for viruses?
Thanks
Garen says
I would check your site weekly.
Dira says
Hi Garen,
Thanks for this post. I have learned a lot.
I am a beginner having a website hosted at Wealthy Affiliate. Reading your post got me thinking: I have a premium account and it includes enterprise security, bot net security and daily backups among other things. Do you still recommend to install Wordfence plugin?
Currently, I have already 5 plugins: All In One SEO Pack, Child Theme Configurator, Exclude Pages from Navigation, Open external links in a new window, Ultimate Social Media PLUS.
It is recommended to ‘keep your plugins below 5 to maximize the health of your site. What do you think of this?
Garen says
Enterprise security is great, but a lot of WordPress security plugins can do the same thing. Also, there are a lot of free and paid WordPress backup plugins, too.
I would go over the cost and see which one would be better. Not just the cheapest, but one that suits your needs. Price is always a factor, though.
As far as plugins there is no magic number of plugins you should have. 5 plugins isn’t really a lot to be installed on a single WordPress installation. Ideally, the lower the better, but this isn’t always the case. If it doesn’t affect your site’s performance I wouldn’t worry about how many you have installed. I have about 20 installed on tbwhs.com 🙂