WordPress is a popular target for hackers and spammers, particularly websites that are using an older version of WordPress. You simply cannot afford to use WordPress for building a website and then forget about it. The default version of WordPress is too susceptible to hackers.
Earlier this year I suffered two different attacks on small content websites I own that had not been updated to the latest version of WordPress. One website had an email collector uploaded to the plugins directory that was using my server to send spam emails. I am not 100% sure what was inserted into the other website; however most browsers blocked the website and reported that it had malware.
Today I would like to show you three WordPress plugins that you can use to scan your website. I hope you find them useful :)
Anti-Malware (Get Off Malicious Scripts)
Anti-Malware (Get Off Malicious Scripts) is a security plugin that was developed by Get Off Those Maliciously Loaded Scripts. It can scan your plugins folder, wp-content folder and the root of your domain, for threats and vulnerabilities. Known threats are automatically removed and the script can make your wp-login.php file more secure.
Detectify for WP
Detectify for WP is a security plugin from the security company Detectify. You need to sign up to the Detectify service in order to receive a verification key and activate the plugin.
The plugin simulates an attack on your website and then provides you with a report that shows the number of exploits, warnings and notices that they found. It checks lots of known techniques and exploits such as open redirect bugs, SQL injection flaws and possible remote code execution.
Quttera Web Malware Scanner
Quttera Web Malware Scanner is a plugin that will scan your website using the Quttera malware scanning service. It looks for hidden files and threats in all your files; whether they be in HTML, PHP, Javascript or flash.
If I had to describe malware in one word, it would be: SNEAKY. You rarely find out about malware on your website until it has already done some damage. The goal of hackers is rarely to do damage to your website. Their scripts tend to be parasitic in form, using your website as a way to send emails to others or infect all of your visitors websites.
One of the best way to tackle malware is to ensure that you are always using the latest version of WordPress. It is good practice to keep all your plugins up to date too and be cautious about plugins that have not been updated in a few years.
If you have never checked your website for malware, I encourage you to do so right away. It is also prudent to do a scan every month or so to check for any new malware injections.
Good luck,
Kevin
