Are you experiencing any symptoms such as WordPress behaving strangely, server administrators notifying you that your site is infected with malware, or spam emails that redirect you to other sites without your permission?
We will explain how to check if WordPress is infected with malware (virus, tampering) and how to identify the location of the file.


Inspecting a WordPress site for malware infection from the outside

You can inspect your WordPress site for malware infection from the outside by simply entering the URL.
Use Sucuri SiteCheck, a free service in this genre.

Once you are on the site, enter the URL of the site you wish to check for malware, viruses, or tampering in the central form and click the “Scan Website” button.

After a short wait, the results of the malware infection status of the site and whether the site has been registered as a malware site by search engines (black list) will be displayed.

However, the detection rate of this method is not high because the site is checked from the external code. (In our experience, the detection rate is about 50%.)
For a more in-depth look into the site, please try the following method.

Inspect the WordPress site from the inside to see if it is infected with malware.

Install and activate the Malware Scanner plugin created by WordPress Doctor on your site.
This plugin is highly accurate because it scans your site’s code by retrieving the latest malware definition patterns in real-time via our server.

From the left menu of the administration screen, click > Malware Scan > Scan Now.

The scan will begin and any malware detected will be displayed in a list.
(If there are many files, it may take several minutes to complete the scan.)

You will also be able to check the detection location of each infected file directly from the management screen.

Click here to download the plug-in.