Skip to content

How to check if WordPress is infected with malware (virus) or how to identify the location of the malware files

Are there any symptoms such as a server hosting company notifying you that your site are infected with malware, being redirected to another site, or sending spam emails?
We will explain how to check whether WordPress is infected with malware (virus, tampering) or how to specify the location of the file.


Inspect malware infection from url

You can inspect the WordPress site for malware infection simply by entering the URL.
Sucuri SiteCheck will be used.

After moving to the site, enter the URL of the site you want to check for malware, viruses, and tampering status in the form in the center, and click the “Scan Website” button.

After waiting for a while, the malware infection status of the site and the result of whether the site is infected with malware (whether it shows blacklisted by search engine.) are displayed.

However, the detection rate of this method is not high because the site is examined from outside your site code. (Our experience shows that the detection rate is about 50%.)
Try the following to find out more about your site:

Check the WordPress site from inside to see if it is infected with malware

Install WordPress Doctor Malware Scan & Security Plug-in and enable it.
This plug-in takes the latest malware definition patterns in real time via the server and inspects the site code, so it has very high detection rate.

Click> Malware Scan> Scan Now from the menu on the left of the management screen.

A scan will start and if malware is detected, it will be displayed in a list.

You can also check the location of each infected file directly from the management screen.