WordPress.org

Sucuri SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.

You can also scan your site at SiteCheck.Sucuri.net.

Sucuri SiteCheck detects various types of malware, SPAM injections, website errors, disabled sites, database connection issues and code anomalies that require special attention to include:

• Obfuscated JavaScript injections
• Cross Site Scripting (XSS)
• Website Defacements
• Hidden & Malicious iFrames
• PHP Mailers
• Phishing Attempts
• Malicious Redirects
• Backdoors (e.g., C99, R57, Webshells)
• Anomalies
• Drive-by-Downloads
• IP Cloaking
• Social Engineering Attacks

There are a number of blacklisting authorities that monitor for malware, SPAM, and phishing attempts. Sucuri SiteCheck leverages the APIs for these authorities to check your website blacklisting status:

• Sucuri
• Google Safe Browsing
• Norton
• AVG
• Phish Tank (Phishing Specifically)
• McAfee SiteAdvisor
• Yandex

We augment the SiteCheck Malware Scanner with various. 1-click hardening options. Some of these options do not provide a high level of security, but collectively these options do lower your risk floor:

• Verify WordPress Version
• Protect Uploads Directory
• Restrict wp-content Access
• Restrict wp-includes Access
• Verify PHP Version