[How To] Easily use remote tools to scan your WordPress site for security issues, malware etc

Basically, I just recently read about a WP site being hacked in the Divi FB group and I thought it can’t hurt to share some ways how you can approach scanning your website (on a regulary basis) for malware, hacks, exploits, issues. Of course on a shared host your options are limited but this blog post by WPBeginner actually presents to you 14 WordPress Security Scanners for Detecting Malware and Hacks.

To speed things up a bit I am going to list my 3 favourites here (you have probably heard about Google Safe Browsing already):

  1. Sucuri Site Check
    Sucuri is well known in the scene and I think someone on the other forum also works/worked there?!
    This is an easy way to scan your website remotely without having to install any extra plugin/tool on your WP site or do any other preparation: Sucuri SiteCheck scanner will check the website for known malware, viruses, blacklisting status, website errors, out-of-date software, and malicious code.
    Sucuri scan also includes Google Safe Browsing results so I will not list it here.

  2. WPSec also scans your website for exploits but also extendst to the scan of plugins, themes and robots.txt . I found a potential security risk for one of my plugins here which wasn’t mentioned on Sucuri. So WPSec definitely makes for a good addition as it has another approach to scannning.

  3. UpGuard also seems like a cool solution. It gives your Website a security score (from 0 to 950, 950 being best) and takes Website risks, such as Insecure SSL, HSTS enforcement and E-Mail Security
    into account. My website just scored a score in the 500eds so I guess I have some work to do.

In the Blog post from WPBeginners I mentioned above you will find even more cool ways to scan your website with remote tools but these 3 are probably my personal favourites.

Honorable mention: Don’t forget that your good pal from Linux.iso scanning Virustotal can also scan websites :wink:

Hope this will be of help to some of you guys!

Kind regards,
Ympker

3 Likes

Great share :wink:

1 Like

Thanks :slight_smile: Glad I could be of help.

My favourite tool for scanning WordPress sites is definitely wpscan.
It’s a tool for people working in the cybersec industry so it is naturally lacking any GUI, but as a bonus, it can be easily automated and integrated with other tools. You can put this in cron and scan your site periodically for security issues.
Features include stuff like detecting vulnerable plugins or themes.

3 Likes

Awesome share, man! I used wpsec and it worked great. Thanks for that!

1 Like

You’re welcome, man! Glad I could help :slight_smile: