You need to know that your site is free of malware and other hacked files. But can you trust a free scanner to get it right? See my test results of the top 6 popular malware scanners and what they detected on a known hacked site.
The Test Site
During a site migration, the HackAlert service found multiple files on the site being moved.
HackAlert is a paid service used by some hosts to verify sites are clean prior to placing them on their servers.
6Scan is another such service used by hosts.
Both services, and others, are usually made available to their hosting clients for free or at a significantly reduced cost.
Free Scanners Tested
I scanned the hacked site on the following free, online scanners:
How They Performed
Sucuri
The Sucuri scanner did not detect any problems. But, they did want to sell me a firewall service, which you can see at the bottom of the list.
Site Guarding
The SiteGuarding scanner also did not detect any issues. And, they also wanted to sell me site protection services, which you can see a link for at the bottom.
Web Inspector
The WebInspector scanner also did not detect any malicious files. But, it didn’t try to sell me any services either.
Quttera
The Quettera scan detected 5 malicious files. There were actually many more. The other tabs at the top only provided another filtering of the numbers shown on this first screen.
It did not display what files were infected. It did offer to sell me its clean up service.
My Opinion
This was an informal test. And it just used free, online scanners.
Some security or other scanning plugins may give different or better results. But, I’d want to test them on a known hacked site to be sure of that.
Also note that some security scanners only check for file changes, not for actual malware. Those are two different things. I hear that some plugins are way better than others at file monitoring. Some can give you a ton of false positives to wade through daily. That’s not very helpful.
And note that some online scanners only check for site reputation, meaning they check to see if a site has ever been blacklisted. That’s not the same thing as actively checking for malware either.
I’m 100% positive that many of the paid scanning services offered at the hosting level will detect, and list more than these free scanners. Note that I said “many” and not “all”. Some of those services aren’t worth a dime either. SiteLock is one that comes to mind.
And, those host-level scanners are not fool proof either. Most of them only check a limited number of random pages.
The point is, if all you rely on are free online scanners, then your site could be infected and you’ll never know it.
How to Protect Yourself
First, keep everything on your site up to date, especially plugins. And protect your login from brute force attacks. Those are the top two ways hackers install malicious code on your site.
Second, if your hosting service offers free or inexpensive scanning solutions, take advantage of them. It’s likely you’ll need to do this manually, so set up a quarterly schedule for it.
Third, scan your site using Quttera or scanner of your choice on a quarterly basis as well. All of the scanners are going to check for different things, and different pages. Don’t rely on just one scan.
Fourth, maybe consider a file monitoring plugin or service. I haven’t tested them myself, and I hear all manner of reports on whether they are effective or a time suck. So, I invite you to do your own tests and see what you think of the service yourself.
Get a Site Audit
A manual audit is going to find all manner of junk in your site and clean it out.
It’s not fool proof for detecting all malicious files, but it will find way more than most scanners.
And, it will definitely be better than scanners at detecting the sources of the security holes and in closing them.
Cyber Monday Special
Get 30% off all site audits
Cynthia Lay says
December 7, 2015 at 9:18 amHi MaAnna… thanks for such a great article. It seems like we’re experiencing more & more hacks these days — Don’t these people have ANYTHING else to do? LOL
Just thought I’d share… there’s a free plugin that I’ve had lots of success with, called “Anti-Malware from GOTMLS.NET.” I use several different tools for dealing with hacked sites, but this one is my favorite. It has detected (and fixed) several issues that were completely ignored by SiteCheck’s tools.
And… SiteLock… I totally agree with what (little) you said about them in your article. I know somebody whose whole server was compromised — about 15 different websites. They signed up for the service, mainly because of the promise to fix any reappearing issues of they happened within 30 days.
That guarantee SOUNDS great, right? We thought so, too, until 1.) the sites continued to get hacked at least twice a week, and 2.) we discovered that all they were doing was making a copy of the infected folders, cleaning the copied files and leaving the bad files on the server. (Hello?!? That’s crazy!) Not only were they wasting space on the server, but it became instantly clear why they continued to get hackedl
So, yeah, I’d recommend going elsewhere, as well.
Again, thanks for sharing your knowledge! I love reading your blog because I always walk away with ideas I can use immediately to improve my own WordPress experience, in addition to that of my clients! Bravo!
Cynthia
MaAnna Stephenson says
December 7, 2015 at 9:51 amCynthia, thank you so much for the plugin suggestion. I’m checking it out now. I had one client who kept getting hacked from within the server through some back door. After cleaning it 3 times, told them to move to another host, or have the host clean it. Some days, there is no protection when they come from inside like that!!!