Check your WordPress site for viruses and malware

time to be free to do what I wantBlogging is supposed to be fun but it isn't always like that. If you are hosting your own blog there is a great chance that one day a hacker may decide to target your site.

I recently wrote how my WordPress blog was hacked and seriously compromised. This is a very important topic, so I am giving it extra attention.

As good as it is, WordPress still has security issues. Upgrading to the latest version is a must if you want to lower the risk of getting your site hacked. Version 2.6 WordPress came out few days ago and if you haven't yet - upgrade. Upgrading is not hard today with excellent plugins like Instant upgrade.

I also found today a useful plugin for WordPress that I am going to recommend. It helps find potential viruses, javascript and iframe injections. The plugin is called WordPress Exploit Scanner.

It's output is fairly advanced. It scans through all files in your WordPress installation and searches for malicious looking code. Basically you want to check if any of the warnings contain links to  sites you are not familiar with. If they do you might want to ask an expert about it.

If you are the only registered user of you WordPress blog, turning off "Anyone can register" option in your General settings of the Admin panel is a nice precaution as this was the source of biggest troubles in the past.

Should he trouble still happen, be sure you have at least weekly backups of your blog. WordPress Database Backup plugin will automate this work for you, so no reason not to use it.


More like this:


Posted in: WordPress
TAGS:, , , , , , , , , , , , , , , , ,
Both comments and trackbacks are currently closed.

18 Comments

  1. Aug 3rd, 2012 4:06 PM

    Backing Up is highly important ... because viruses go into your web file in server ... this is big danger.

  2. Jun 6th, 2012 4:03 AM

    This is a good plugin to my site. I hope aside from scanning and detecting viruses and malicious script from the site, it would instantly delete them..Yesterday my site was attacked by hackers and left some script which hard for me to identify. I would try this plugin..

  3. Apr 28th, 2012 2:22 PM

    Thanks for the info. I have a similar problem on a wordpress site.

  4. Sep 17th, 2011 12:21 AM

    i never thougth wordpress viruses were possible, thanks for the heads up.

  5. Sep 11th, 2011 3:57 PM

    My wordpress blog is now infected with iframe exploit code... I found some online scanners to track the code.
    Just now fixed those infected .php codes ;)

  6. Apr 17th, 2010 7:24 PM

    Seem Word press would address this problem more directly .I download a theme from their site virus in it !!

  7. Apr 1st, 2010 11:41 AM

    how i can check it? i don't really understand about it

  8. Jan 29th, 2010 6:23 PM

    We just released a plugin called WP-MalWatch who's goal is not to be overly scientific but rather to look for the obvious signs. The first version v1.0.2 looks for PHP files in your uploads directory. We've also found an incredible hack blocking technology that we are using.

    Help us test and evolve this with your feedback. Yes, we got hacked too and this plugin was inspired by that experience. http://how-to-blog.tv/security/wp-malwatch . Only known issue right now is that it eroneoulsy reports on subdomain installations of WordPress. we'll get this fixed. PHP5 is required.

  9. Nov 14th, 2009 7:21 AM

    Great post! Although I strongly believe the word "hacked" is an over statement.

    • Dec 30th, 2009 10:19 AM

      Really... I think it's understatement...

      I think people really need to start considering that not all hacks will reveal themselves to the website owner... some of them just destroy your search engine rankings and harvest user data all day long...

  10. Jun 24th, 2009 9:43 AM

    Nice post........ my blog is efftected with malware...it seems like i have to work from scrach.. i hope the plugins will help me

  11. Jun 20th, 2009 12:24 PM

    Nice Write-up. Thanks.

  12. Jun 18th, 2009 1:09 PM

    I always have a problem with my wordpress blog for having malicious content... and sometimes it has a problem connecting to the database!!!

    i installed exploit scanner today. hope i can resolve this problem.

    thankx for the post... i searched thru google and found this post...

  13. Jun 2nd, 2009 10:16 PM

    I ran into a problem similar to this one the other day. Firefox asked me to install Adobe Flash Player, even though I already had it installed. I did it and ended up with this XP Antivirus all over my computer. Someone needs to fix this junk.

  14. Nov 29th, 2008 4:53 AM

    The bottom of my web pages has links to webhost answers and cash load alongside the wordpress link. Can i eliminate the first 2 and are they a danger to my site?

  15. Oct 15th, 2008 9:31 AM

    Wonderful post, just what i was looking for.

  16. Jul 17th, 2008 11:05 AM

    And remember: Backup, backup, backup - your site and database.

  17. Jul 17th, 2008 1:24 AM

    Excellent find - I forgot to upgrade one of my old blogs and when I checked it yesterday it had been hacked :(