Often we get asked by our users, is there a way to scan your WordPress site for potentially malicious code? The answer to that question is YES, YES, and YES. There are both free and paid tools available to scan your WordPress site for potentially malicious or unwanted code. It is always good to do a regular checkup of your site by scanning it for potentially malicious code. In this article, we will show you a few ways on how to scan your WordPress site for potentially malicious code.
Theme Authenticity Checker (TAC)
Theme Authenticity Checker is a free plugin that scans all of your WordPress theme files for potentially malicious or unwanted code.
Often hackers target themes to inject links, so this plugin is a good way of checking for that.
Exploit Scanner is another free WordPress plugin that is much more robust than the Theme Authenticity Checker because it search all files and database of your WordPress install. It checks for signs that may indicate if your installation has fallen victim to malicious hackers.
Note: this does return a lot of false positives, so you have to know what you are doing to see if the error is really malicious or if it is ok.
Sucuri is by far the BEST WordPress security scanner out there. They have a very basic free site scanner, which checks your site to see if your site is doing ok. But the real value is in their paid version. See our article: 5 reasons why we use Sucuri to improve our WordPress security for detailed overview. In short, once you install Sucuri, it automatically monitors your website 24×7 against all threats. It audits all the activities that happen on your site to keep track of where things went wrong. If something looks fishy, Sucuri blocks the IP. They also send you alerts if they notice something going on with your site. Last but not least, they offer a malware cleanup service which is included in the price of their service (no matter how big or small your site is).
We have their 5 site plan which comes out to be about $3 per site monthly. It makes sense to pay $3 per month to keep our websites safe.
By the way, this service is not just for beginners. Major publications like CNN, USAToday, PC World, TechCrunch, TheNextWeb, and others are recommending these guys. These guys know what they are doing, and we trust them with our website.