Basically, I just recently read about a WP site being hacked in the Divi FB group and I thought it can’t hurt to share some ways how you can approach scanning your website (on a regulary basis) for malware, hacks, exploits, issues. Of course on a shared host your options are limited but this blog post by WPBeginner actually presents to you 14 WordPress Security Scanners for Detecting Malware and Hacks.
To speed things up a bit I am going to list my 3 favourites here (you have probably heard about Google Safe Browsing already):
Sucuri Site Check
Sucuri is well known in the scene and I think someone on the other forum also works/worked there?!
This is an easy way to scan your website remotely without having to install any extra plugin/tool on your WP site or do any other preparation: Sucuri SiteCheck scanner will check the website for known malware, viruses, blacklisting status, website errors, out-of-date software, and malicious code.
Sucuri scan also includes Google Safe Browsing results so I will not list it here.
WPSec also scans your website for exploits but also extendst to the scan of plugins, themes and robots.txt . I found a potential security risk for one of my plugins here which wasn’t mentioned on Sucuri. So WPSec definitely makes for a good addition as it has another approach to scannning.
UpGuard also seems like a cool solution. It gives your Website a security score (from 0 to 950, 950 being best) and takes Website risks, such as Insecure SSL, HSTS enforcement and E-Mail Security
into account. My website just scored a score in the 500eds so I guess I have some work to do.
In the Blog post from WPBeginners I mentioned above you will find even more cool ways to scan your website with remote tools but these 3 are probably my personal favourites.
Honorable mention: Don’t forget that your good pal from Linux.iso scanning Virustotal can also scan websites
Hope this will be of help to some of you guys!