[How To] Easily use remote tools to scan your WordPress site for security issues, malware etc

YmpkerYmpker OGContent Writer

Basically, I just recently read about a WP site being hacked in the Divi FB group and I thought it can't hurt to share some ways how you can approach scanning your website (on a regulary basis) for malware, hacks, exploits, issues. Of course on a shared host your options are limited but this blog post by WPBeginner actually presents to you 14 WordPress Security Scanners for Detecting Malware and Hacks.

To speed things up a bit I am going to list my 3 favourites here (you have probably heard about Google Safe Browsing already):

1) Sucuri Site Check
Sucuri is well known in the scene and I think someone on the other forum also works/worked there?!
This is an easy way to scan your website remotely without having to install any extra plugin/tool on your WP site or do any other preparation: Sucuri SiteCheck scanner will check the website for known malware, viruses, blacklisting status, website errors, out-of-date software, and malicious code.
Sucuri scan also includes Google Safe Browsing results so I will not list it here.

2) WPSec also scans your website for exploits but also extendst to the scan of plugins, themes and robots.txt . I found a potential security risk for one of my plugins here which wasn't mentioned on Sucuri. So WPSec definitely makes for a good addition as it has another approach to scannning.

3) UpGuard also seems like a cool solution. It gives your Website a security score (from 0 to 950, 950 being best) and takes Website risks, such as Insecure SSL, HSTS enforcement and E-Mail Security
into account. My website just scored a score in the 500eds so I guess I have some work to do.

In the Blog post from WPBeginners I mentioned above you will find even more cool ways to scan your website with remote tools but these 3 are probably my personal favourites.

Honorable mention: Don't forget that your good pal from Linux.iso scanning Virustotal can also scan websites ;)

Hope this will be of help to some of you guys!

Kind regards,
Ympker

Thanked by (2)angstrom seriesn

Comments

  • mobilemobile Retired

    Every time i saw a "Wordpress Security", i'll post this link
    https://www.pluginvulnerabilities.com/blog/

    Used to work on shared-hosting company before. it's amazes me that most of people these days has really low reading interest or shorter attention span to read how to properly secure wordpress installations https://wordpress.org/support/article/hardening-wordpress/

    And then beg for Enterprise-grade Support (and MUST be FIXED RIGHT NOW AAAAAAAAAAAAA) while their shitty site got defaced by chinese bruteforce bot after paying you 7$ annually

    self-hosting even if it's just installing shit from softaculus is harder to comprehend, those corporations with muh decentralized "app" or "in da cloud" are winning. the end is nigh

  • YmpkerYmpker OGContent Writer

    @mobile said:
    Every time i saw a "Wordpress Security", i'll post this link
    https://www.pluginvulnerabilities.com/blog/

    Used to work on shared-hosting company before. it's amazes me that most of people these days has really low reading interest or shorter attention span to read how to properly secure wordpress installations https://wordpress.org/support/article/hardening-wordpress/

    And then beg for Enterprise-grade Support (and MUST be FIXED RIGHT NOW AAAAAAAAAAAAA) while their shitty site got defaced by chinese bruteforce bot after paying you 7$ annually

    self-hosting even if it's just installing shit from softaculus is harder to comprehend, those corporations with muh decentralized "app" or "in da cloud" are winning. the end is nigh

    This is also a pretty good "read": https://wpvulndb.com/

  • Great sources you would like to add sslabs or something like that for A+ of the lets encrypt . it is helpful , basic but helpful

    Thanked by (1)Ympker

    I believe in good luck. Harder that I work ,luckier i get.

  • vyasvyas OGSenpai
    edited May 2020

    Wordfence and WP Security Ninja can be added to the list.

    Also site lock

  • YmpkerYmpker OGContent Writer

    @vyas said:
    Wordfence and WP Security Ninja can be added to the list.

    Also site lock and wordfence

    I have heard of these tools and that they are good but are they remote tools that require no further plugin installation? Just asking because the OP is about remote tools (as to not derail the topic). Regardless, the tools you mentioned surely are worth mentioning in regard to WP security.

  • vyasvyas OGSenpai
    edited May 2020

    Site lock is not a plugin IIRC.

    Other two are. In that light I limit my comment to site lock which is also what you have mentioned.

    Cheers

    Edit:
    Nice read:

    https://wordpress.org/support/article/hardening-wordpress/

    They mention Cloudflare, Sucuri and Incapsula but did not understand the connection (except CDN).

    Last line is interesting

    And..

    Here is a screenshot from sitelock weekly scans on a test site. I think you can change frequency, weekly is too slow in hindsight

    Thanked by (1)Ympker
  • bikegremlinbikegremlin ModeratorOGContent Writer
    Thanked by (2)Ympker Chievo

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • YmpkerYmpker OGContent Writer

    @vyas said:
    Site lock is not a plugin IIRC.

    Other two are. In that light I limit my comment to site lock which is also what you have mentioned.

    Cheers

    Edit:
    Nice read:

    https://wordpress.org/support/article/hardening-wordpress/

    They mention Cloudflare, Sucuri and Incapsula but did not understand the connection (except CDN).

    Last line is interesting

    And..

    Here is a screenshot from sitelock weekly scans on a test site. I think you can change frequency, weekly is too slow in hindsight

    Looks nice :) Not free though, right? :P

  • vyasvyas OGSenpai
    edited May 2020

    @Ympker said:

    Looks nice :) Not free though, right? :P

    Now that you mention it, probably it came with shared hosting plan. Was a CPanel based host. Do not recall which one. I want to say Hostgator ( I know... pre LE "X" days) but I could be wrong.

    Thanked by (1)Ympker
  • have you achieved the 950 mark @ympker on upguard ? I am in it and after achieving 751 i am not able to check it . Always shows 751 even i have solved some issues . It seems that the page is in their cache and shows always the same .

    Thanked by (1)Ympker

    I believe in good luck. Harder that I work ,luckier i get.

  • YmpkerYmpker OGContent Writer

    @Chievo said:
    have you achieved the 950 mark @ympker on upguard ? I am in it and after achieving 751 i am not able to check it . Always shows 751 even i have solved some issues . It seems that the page is in their cache and shows always the same .

    I think I cant manage to go higher than 700 lol

    Thanked by (1)Chievo
  • @Ympker said:

    @Chievo said:
    have you achieved the 950 mark @ympker on upguard ? I am in it and after achieving 751 i am not able to check it . Always shows 751 even i have solved some issues . It seems that the page is in their cache and shows always the same .

    I think I cant manage to go higher than 700 lol

    Which ¨problems ¨appears in the yours ?

    789 here .
    not using HSTS- I do not plan to use it
    Wordpress version appears in the website well .... i would not change everything so i guess i could live with it
    But i have no idea about this one :

    1) Domain registrar deletion protection not enabled
    Domain is not protected from unsolicited deletion requests with the registrar. The domain should have clientDeleteProhibited set.
    2)Domain registrar update protection not enabled
    Domain is not protected from unsolicited update requests with the registrar. The domain should have clientUpdateProhibited set.

    I have checked all the options of namesilo but i have not found anything similar in any area . I have checked lowendspirit and seems that this was done properly . @AnthonySmith , would you mind to give us some information about what could be ? Sorry about this question probably it is a dumb question .

    I believe in good luck. Harder that I work ,luckier i get.

  • Wordfence is real good, on going deep to analyze the site not only for malicious code or viruses, but for potential threats and suspicious code or activity. I have found plenty of times malicious code and have the opportunity either to automatic delete it or go further with investigation on what it is, how it got there and what I should remove to make the wp safe again.

    • If a program actually fits in memory and has enough disk space, it is guaranteed to crash.
    • If such a program has not crashed yet, it is waiting for a critical moment before it crashes.

  • @Ympker said: I think I cant manage to go higher than 700 lol

    B 732 / 950 here :)
    But in reality, they are things I'm OK with it.
    "Insecure SSL/TLS versions available" (it's not used in reality) and "HTTP Strict Transport Security (HSTS) not enforced" (I don;t want to), "DMARC policy is p=none" (the mail server is completely disabled as so the ports), "Domain registrar deletion - update protection not enabled" (also I don't use this).
    So, the score is more than good in aspects that really affects a wp installation

    • If a program actually fits in memory and has enough disk space, it is guaranteed to crash.
    • If such a program has not crashed yet, it is waiting for a critical moment before it crashes.

  • And this is te best tool to scan for virus/malware all the plugins or the uploads to a WP site: https://www.virustotal.com/gui/home/upload

    Thanked by (1)Ympker

    • If a program actually fits in memory and has enough disk space, it is guaranteed to crash.
    • If such a program has not crashed yet, it is waiting for a critical moment before it crashes.

  • YmpkerYmpker OGContent Writer
    edited May 2020

    @jvnadr said:
    Wordfence is real good, on going deep to analyze the site not only for malicious code or viruses, but for potential threats and suspicious code or activity. I have found plenty of times malicious code and have the opportunity either to automatic delete it or go further with investigation on what it is, how it got there and what I should remove to make the wp safe again.

    How much does wordfence charge?

    @jvnadr said:

    @Ympker said: I think I cant manage to go higher than 700 lol

    B 732 / 950 here :)
    But in reality, they are things I'm OK with it.
    "Insecure SSL/TLS versions available" (it's not used in reality) and "HTTP Strict Transport Security (HSTS) not enforced" (I don;t want to), "DMARC policy is p=none" (the mail server is completely disabled as so the ports), "Domain registrar deletion - update protection not enabled" (also I don't use this).
    So, the score is more than good in aspects that really affects a wp installation

    I also think I'll stick with 700ish score @Chievo . Anything else seems kinda unrealistic tbh.

    Thanked by (1)jvnadr
  • YmpkerYmpker OGContent Writer

    @jvnadr said:
    And this is te best tool to scan for virus/malware all the plugins or the uploads to a WP site: https://www.virustotal.com/gui/home/upload

    I think I already mentioned it in OP but yeah, it's great :D

    Thanked by (1)jvnadr
  • mikhomikho AdministratorOG

    Thanked by (3)Chievo Ympker bugrakoc

    “Technology is best when it brings people together.” – Matt Mullenweg

  • @mikho said:

    Durexsky

    Thanked by (1)Ympker

    I believe in good luck. Harder that I work ,luckier i get.

  • @Ympker said: How much does wordfence charge?

    The free version works

    Thanked by (1)Ympker

    • If a program actually fits in memory and has enough disk space, it is guaranteed to crash.
    • If such a program has not crashed yet, it is waiting for a critical moment before it crashes.

  • YmpkerYmpker OGContent Writer

    @jvnadr said:

    @Ympker said: How much does wordfence charge?

    The free version works

    Good to know, so no paywall for essential features? :)

    Thanked by (1)jvnadr
  • @Ympker The paid version do have a massive addon functionality, real time scanner...

    Thanked by (1)Ympker

    • If a program actually fits in memory and has enough disk space, it is guaranteed to crash.
    • If such a program has not crashed yet, it is waiting for a critical moment before it crashes.

  • Folks i have found this page that would be interesting to be included :
    https://securityheaders.com/
    I must work on it , D here

    Thanked by (2)Ympker jvnadr

    I believe in good luck. Harder that I work ,luckier i get.

  • YmpkerYmpker OGContent Writer

    @Chievo said:
    Folks i have found this page that would be interesting to be included :
    https://securityheaders.com/
    I must work on it , D here

    Thanks for sharing @Chievo :)

  • @Ympker said:

    @Chievo said:
    Folks i have found this page that would be interesting to be included :
    https://securityheaders.com/
    I must work on it , D here

    Thanks for sharing @Chievo :)

    You are welcome

    I believe in good luck. Harder that I work ,luckier i get.

  • @mikho said:

    Use wifi

    Action and Reaction in history

Sign In or Register to comment.