Here are some sites online where you can scan your WordPress output for malware (not a vulnerability scan) to see if there is any malicious code mixed in with the HTML of your site.

Sucuri SiteCheck

https://sitecheck.sucuri.net/

Sucuri SiteCheck is a fairly old site that allows online malware scanning.
You can scan any page by entering its URL.
The site pretends to be accessed from Google and scans for malware, so it can detect malware that only appears in Google search results.

Quttera

https://quttera.com/website-malware-scanner

Like Sucuri SiteCheck, Quttera allows you to scan for malware by entering the URL of any page. However, free malware scans are queued and performed in order, so it may take some time for the scan to complete.

WP Doctor Online Malware Scanner

https://malware-scan.website-malware-removal.com/

WP Doctor Online Malware Scanner is an online malware scanning site with malware detection patterns we have collected from over 1 million malware files.
You can scan for malware by file code, file upload, or URL.

Limitations of Online Malware Scanning

Online malware scans can only scan HTML and JAVASCRIPT code that is output as a site page. However, more than 99% of the malware that infects WordPress resides on the server as PHP programs that run on the server.
It is therefore important to note that online malware scans can only scan the results of malicious code generated by such malware.

Disadvantages of Online Malware Scanning

Since the malware itself is not scanned, even if it is detected, it is often not known where the malware itself is located.

Malware detection is limited (spam-sending malware and backdoors, which are malware that hackers use to gain entry into your computer, cannot be detected).

・Malware with various malicious code expression conditions, such as only when accessing a smartphone, or when accessing a site via a search engine, or when a site is accessed by a browser, are often undetectable.

Because of the above disadvantages, we believe that the detection accuracy of online malware scanners is strong against redirect hacks, etc., but is quite poor in detecting malware that infects servers as a whole.

For more accurate malware scanning, we recommend using a plug-in type malware scanner that can scan the WordPress program itself comprehensively from the inside.

Free WordPress:Malware Scanning & Security Plug-in [Malware & Virus Detection and Removal].

Related Posts:

  1. Introduction of an online malware scanner that allows you to scan for malware online
    We are pleased to announce the release of our new free service “Online Malware Scanner” on WordPress Doctor....
  2. Redirect hack that takes you to another site when you click on a link on a WordPress site.
    A redirect hack is a type of tampering in which a hacker alters site data or theme files to force users to go to a page that the hacker wants them to go to instead of the page they originally wanted to see. The following is an explanation of a common example of a redirect hack, in which clicking on...
  3. 7 sites that can scan WordPress for malware from URLs
    WordPress is the most popular CMS (Content Management System), as it is said that 25% of websites are made with WordPress. Therefore, there is no end to the number of defacements that can be caused by login hacks (brute force attacks on IDs and passwords) through a common mechanism or by exploiting vulnerabilities in popular plug-ins and themes to gain...
  4. WordPress content injection case study, online casino site operating on its own server
    Here is a case study of a WordPress content injection that caused an online casino site to operate on its own server....
  5. What is a WordPress injection attack?
    There are various methods by which WordPress can be hacked, the most common of which is called an injection attack. This section describes these injection attacks....
  6. Five types of malware embedded in WordPress
    Here are some of the types of malware embedded in WordPress that are common these days. If similar code is included in the site’s program, we suspect that WordPress has been hacked and tampered with....