7 WordPress Plugins to Detect Malicious Codes - Hongkiat https://www.hongkiat.

com/blog/wordpress-plugins-detect-malicious-codes/

7 WordPress Plugins to Detect Malicious Codes

By Fahad Khan in WordPress. Updated on November 13, 2018.

WordPress is one of the most popular content management systems (CMS) used by
people either for simple blogging or other purposes like setting up an e-commerce store.
There are plugins and themes to choose from as well. Some of them are free while
other are not. Often, a few of these themes are actually uploaded by people who have
tweaked them for their own gain.

They could possibly lled with malicious code that can easily hack your blog. Sometimes,
backlinks to their sites are also added into these themes and a normal user has no idea
how to cope with these backlinks. In this post, we’ve gathered 9 effective tools to deal
with malicious code in a WordPress theme or website.

1. Theme Authenticity Checker (TAC)

Theme Authenticity Checker (TAC) is a WordPress plugin which scans the source le of
each installed WordPress theme for malicious code such as hidden footer links and
Base64 codes.

Once detected, it then shows the path to the particular theme, the line number and
a small piece of the distrusted code which makes it easy for a WordPress
administrator to directly analyze a particular piece of suspicious code.

2. Exploit Scanner
Exploit Scanner can scan the les and database of your website and is able to
detect if something dubious is present.

When using Exploit Scanner, remember that it will not prevent your site from a hacker’s

1 of 3 4/24/2019 9:12 PM
7 WordPress Plugins to Detect Malicious Codes - Hongkiat https://www.hongkiat.com/blog/wordpress-plugins-detect-malicious-codes/

attack and it won’t remove any suspicious les from your WordPress website. It is there
to help detect any suspicious les uploaded by the hacker. If you want it removed, you
have to do it manually.

3. Sucuri Security
Sucuri is a well reputed security and malware scanning WordPress plugin. The main
features offered by Sucuri are monitoring les uploaded onto the WordPress
website, blacklist monitoring, security noti cations and much more

There’s even remote malware scanning with the free Sucuri SiteCheck Scanner. The
plugin also offers a powerful website rewall add-on which can be purchased and
activated to make your website even more secure .

4. Anti-Malware
Anti-Malware is a WordPress plugin that can be used to scan and remove viruses,
threats and other malicious things that may be present in your WordPress website.

Some of its important features include customized scan, complete scan, quick scan,
removal of known threats automatically among many others. You can register the
plugin for free at gotmls. If you are not into “phone home” scripts, avoid this plugin as it
uses the “phone home” feature to check for updates.

5. WP Antivirus Site Protection

WP Antivirus Site Protection is a security plugin for scanning WordPress themes as
well as all the other les uploaded on your WordPress website.

2 of 3 4/24/2019 9:12 PM
7 WordPress Plugins to Detect Malicious Codes - Hongkiat https://www.hongkiat.com/blog/wordpress-plugins-detect-malicious-codes/

Main features of WP Antivirus Site Protection includes scanning of each le uploaded

on your website, updating their virus database on a regular basis, the removal of
malware, sending alerts and noti cations via email and lots more. There are also
certain features that you can pay for if you want even tighter security.

6. Quttera Web Malware Scanner

The Quttera Web Malware Scanner helps to scan a website for protection against
malicious code injection, viruses, worms, malware, Trojan horses, etc.

It offers some nice features such as scanning and detection for unknown malware,
blacklisting status, a scan engine with arti cial intelligence, detection for external links
and much more. You can scan your website to detect malware for free while other
services cost $60/Year.

7. Wordfence
If you’re looking to defend your website against cyber threats, you could try the
Wordfence plugin. It provides real-time protection against known attackers,
two-factor authentication, blocks an entire malicious network (if detected), scans
for known backdoors and does plenty of other things.

The services mentioned are free but there are also some advanced features which you
can get with payment.

3 of 3 4/24/2019 9:12 PM