WordPress is the most popular CMS (Content Management System), as it is said that 25% of websites are made with WordPress.
Therefore, there is no end to the number of defacements that can be caused by login hacks (brute force attacks on IDs and passwords) through a common mechanism or by exploiting vulnerabilities in popular plug-ins and themes to gain administrative privileges.
In this issue, we would like to introduce seven sites that can be used to scan WordPress sites for malware from the outside, which can be utilized when tampering damage is suspected.
If you suspect a malware infection, we recommend that you also scan your site with the WordPress Doctor Malware Scanner, a plugin created by WordPress Doctor that allows you to scan for malware in more detail from within WordPress!
1. Sucuri Site Check
Sucuri Site Check is a website that checks for WordPress malware infection and blacklisting (leaving an infected website unattended will result in it being blacklisted by security software and search engines as a dangerous site). This is a website that checks to see if your site is on the blacklist.
It is probably the most powerful external inspection site. The website scans for malware infections by simulating the general access and search engine access.
Although it may not be able to detect the latest malware, it is recommended as it is quite accurate.
2. Google Safe Browsing
Google Safe Browsing is a service that allows you to search by URL to see if your site is on Google’s independently determined list of malware-infected sites. If Google identifies your site as a malware-infected site, your search result ranking will be lowered and a warning message such as “You may have been hacked” will be displayed in the search results.
Reference page
What to do when “This site may damage your computer” is displayed in WordPress
What to do when “This site may have been hacked by a third party” is displayed by WordPress
3. IsItWP Security Scanner
IsItWP is an online service that allows you to very lightly and quickly check malware infection and blacklist status from a URL.
4. Norton Safe Web
Norton SafeWeb is essentially a site that searches Norton’s list of dangerous websites to determine if a particular site is safe to visit. It is recommended that you check the list.
It is very rare for a site to be detected, but if your site is registered on this list, you can assume that your site has been tampered with in a very dangerous way (virus hosting, spam stepping stone, cross-site scripting, etc.).
5. UpGuard Cloud Scanner
UpGuard Cloud Scanner is a very useful scanner that scans DNS, port scan, SENDMAIL status, etc. If you are running WordPress on a server VPS with root privileges, you can use this scanner to identify vulnerabilities in attacks on your server.
After scanning for server vulnerabilities, it also checks for infection with malware code, but the detection power is unknown.
6. Trend Micro Site Safety Center
Like Norton, the Trend Micro Site Safety Center is a site that determines whether or not it is acceptable to access a particular site. It is advisable to check the list even if your site has been damaged by malware tampering.
7. Web Inspector
Web Inspector first checks your site to see if it is on Google’s blacklist or Comodo’s blacklist.
It then performs a wide range of online tests, such as the presence of backdoors that allow malicious file downloads, website defacement, backdoors, embedded malicious Javascripts, and more.
Note: The sites we have mentioned scan files from the outside and may not be able to detect 100% malware. Also, they do not provide detailed information about the malware, such as which files are infected. If you suspect infection, we recommend that you consult a specialist.
