• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
BlogAid Logo

BlogAid

Help for DIY Site Owners and Webmasters - WordPress, SEO, HTTPS, Security, and Performance

  • Home
  • Blog
    • Current Posts
    • Helpful Posts
    • Hobby to Money Making Blog Series
  • Tips Tuesday
  • Site Services
    • Happy Clients
    • Setup, Backups, Fixes
    • Site Service Requests
    • Site Audits
      • What’s In the Audit
      • Audit Request Form
    • HTTPS Conversion
      • About the Service
      • HTTPS Request Form
  • Resources
    • Plugins
    • Helpful Posts
    • Site Resources
    • Start Here with BlogAid
  • Classes
    • Happy Clients
    • All Classes
    • Gutenberg Ninja
    • DIY SEO Course
    • Webmaster Training
  • About
    • About MaAnna
    • Happy Clients
    • Privacy Policy and Terms of Use
    • Affiliate Disclosure Policy
    • Disclaimer
  • Contact
    • General Contact
    • Site Service Requests

Do Free Website Malware Scanners Really Work?

November 30, 2015 by MaAnna Stephenson

TwitterFacebookPinterestLinkedinRedditWhatsApp

Do Free Website Malware Scanners Really Work

You need to know that your site is free of malware and other hacked files. But can you trust a free scanner to get it right? See my test results of the top 6 popular malware scanners and what they detected on a known hacked site.

The Test Site

During a site migration, the HackAlert service found multiple files on the site being moved.

HackAlert is a paid service used by some hosts to verify sites are clean prior to placing them on their servers.

6Scan is another such service used by hosts.

Both services, and others, are usually made available to their hosting clients for free or at a significantly reduced cost.

Free Scanners Tested

I scanned the hacked site on the following free, online scanners:

  • Sucuri SiteCheck
  • SiteGuarding
  • Web Inspector
  • Quttera

How They Performed

Sucuri

The Sucuri scanner did not detect any problems. But, they did want to sell me a firewall service, which you can see at the bottom of the list.

Sucuri Hacked Site Test

Site Guarding

The SiteGuarding scanner also did not detect any issues. And, they also wanted to sell me site protection services, which you can see a link for at the bottom.

SiteGuarding Hacked Site Test

Web Inspector

The WebInspector scanner also did not detect any malicious files. But, it didn’t try to sell me any services either.

Web Inspector Site Hack Test

Quttera

The Quettera scan detected 5 malicious files. There were actually many more. The other tabs at the top only provided another filtering of the numbers shown on this first screen.

It did not display what files were infected. It did offer to sell me its clean up service.

Quttera Hacked Site Test

My Opinion

This was an informal test. And it just used free, online scanners.

Some security or other scanning plugins may give different or better results. But, I’d want to test them on a known hacked site to be sure of that.

Also note that some security scanners only check for file changes, not for actual malware. Those are two different things. I hear that some plugins are way better than others at file monitoring. Some can give you a ton of false positives to wade through daily. That’s not very helpful.

And note that some online scanners only check for site reputation, meaning they check to see if a site has ever been blacklisted. That’s not the same thing as actively checking for malware either.

I’m 100% positive that many of the paid scanning services offered at the hosting level will detect, and list more than these free scanners. Note that I said “many” and not “all”. Some of those services aren’t worth a dime either. SiteLock is one that comes to mind.

And, those host-level scanners are not fool proof either. Most of them only check a limited number of random pages.

The point is, if all you rely on are free online scanners, then your site could be infected and you’ll never know it.

How to Protect Yourself

First, keep everything on your site up to date, especially plugins. And protect your login from brute force attacks. Those are the top two ways hackers install malicious code on your site.

Second, if your hosting service offers free or inexpensive scanning solutions, take advantage of them. It’s likely you’ll need to do this manually, so set up a quarterly schedule for it.

Third, scan your site using Quttera or scanner of your choice on a quarterly basis as well. All of the scanners are going to check for different things, and different pages. Don’t rely on just one scan.

Fourth, maybe consider a file monitoring plugin or service. I haven’t tested them myself, and I hear all manner of reports on whether they are effective or a time suck. So, I invite you to do your own tests and see what you think of the service yourself.

Get a Site Audit

A manual audit is going to find all manner of junk in your site and clean it out.

It’s not fool proof for detecting all malicious files, but it will find way more than most scanners.

And, it will definitely be better than scanners at detecting the sources of the security holes and in closing them.

Cyber Monday Special
Get 30% off all site audits

TwitterFacebookPinterestLinkedinRedditWhatsApp

Filed Under: Security

About MaAnna Stephenson

MaAnna is a geek who can still speak in plain English. She helps DIY site owners plus webmasters and designers create sites that are secure, perform well, and get noticed by search engines and readers.

  • Facebook
  • LinkedIn
  • Pinterest
  • RSS
  • Twitter
  • YouTube

This book could save you hundreds of dollars and months of frustration. Get it free with your subscription to BlogAid News plus my blog posts.
Privacy Policy



Reader Interactions

Comments

  1. Cynthia Lay says

    December 7, 2015 at 9:18 am

    Hi MaAnna… thanks for such a great article. It seems like we’re experiencing more & more hacks these days — Don’t these people have ANYTHING else to do? LOL

    Just thought I’d share… there’s a free plugin that I’ve had lots of success with, called “Anti-Malware from GOTMLS.NET.” I use several different tools for dealing with hacked sites, but this one is my favorite. It has detected (and fixed) several issues that were completely ignored by SiteCheck’s tools.

    And… SiteLock… I totally agree with what (little) you said about them in your article. I know somebody whose whole server was compromised — about 15 different websites. They signed up for the service, mainly because of the promise to fix any reappearing issues of they happened within 30 days.

    That guarantee SOUNDS great, right? We thought so, too, until 1.) the sites continued to get hacked at least twice a week, and 2.) we discovered that all they were doing was making a copy of the infected folders, cleaning the copied files and leaving the bad files on the server. (Hello?!? That’s crazy!) Not only were they wasting space on the server, but it became instantly clear why they continued to get hackedl

    So, yeah, I’d recommend going elsewhere, as well.

    Again, thanks for sharing your knowledge! I love reading your blog because I always walk away with ideas I can use immediately to improve my own WordPress experience, in addition to that of my clients! Bravo!

    Cynthia

    • MaAnna Stephenson says

      December 7, 2015 at 9:51 am

      Cynthia, thank you so much for the plugin suggestion. I’m checking it out now. I had one client who kept getting hacked from within the server through some back door. After cleaning it 3 times, told them to move to another host, or have the host clean it. Some days, there is no protection when they come from inside like that!!!

Primary Sidebar

This book could save you hundreds of dollars and months of frustration. Get it free with your subscription to BlogAid News plus my blog posts.
Privacy Policy

Hi! I'm MaAnna, and a geek who can still speak in plain English. I help DIY site owners plus webmasters and designers create sites that are secure, perform well, and get noticed by search engines and readers. How May I Help You?

Let’s Connect

  • Facebook
  • LinkedIn
  • Pinterest
  • Twitter
  • YouTube

Looking for Something?

Search by Category

Footer

BlogAid News

This book could save you hundreds of dollars and months of frustration.

Get it free with your subscription to BlogAid News plus my blog posts. Privacy Policy

From the Blog

  • Tips Tuesday – Update WP 5.3, Gutenberg and Page Builders, NameHero is #1
  • How to Update to WordPress 5.3
  • Tips Tuesday – Easy Gutenberg, PHP 7.3, Site Speed, Personalized SEO
  • How Gutenberg Made it Easy to Monetize My Site
  • WordPress Database Table Prefixes
  • Tips Tuesday – Site Speed, Holiday Deals, WP 5.3, Genesis, Gutenberg
  • BlogAid Holiday Deals 2019
  • Tips Tuesday – Updates for WordPress, Genesis, PHP, Plugins, and More

© 2019   Blog Aid · WordPress for Non-Geeks · All Rights Reserved

Disclosure: Some of the links on this website may be affiliate links. When you make a purchase from these links, I earn a small commission.
While commissions allow me to keep this site 100% free, I only endorse products I trust and use for myself and clients.