Exploits of vulnerabilities in WordPress' architecture have led to mass compromises of servers through cross-site contamination but also cause by plenty of other reasons like weak password configured, outdated Wordpress version, plugins, themes and etc.


Usually, malware and malicious code can go unnoticed for a long time unless you regularly scan your website. By scanning your site, you can ensure you stay safe and that your website is always protected.

In this article, we’ll show you how to easily scan your WordPress site for potentially malicious code. 


As within cPanel environment, you can initiate malicious scan using ImunifyAV which is free and able to be use from WHM. ImunifyAV is limited to malware scanner ability. For deletion of those malicious code, you might need to clean/remove it manually via File Manager or FTP.


* You might consider to upgrade to the paid version Imunify360 which allow auto malicious scanning, server wide WAF protection and auto malicious removal and etc.



Alternatively, you could utilise the URL Sucuri Sitecheck to knew whether the Wordpress website is compromised. The Sucuri sitecheck scanner automatically scans your website to ensure it is clean of malware, suspicious redirects, iframes, link injections etc. But this as well limited to scanner ability only as well.


* You might consider to Sucuri for your website which provide WAF and malware cleanup service.



Also, you may consider to download any kind of Wordpress plugin as suggested on post in below to scan your site and remove the malware at earliest as possible.

MalCare – WordPress Malware Removal Plugin

WordFence Malware Cleaner

Sucuri Malware Scanner and Cleaner

Astra Security Suite

CleanTalk Security

BulletProof Security

Cerber Security

Anti Malware Security and Brute Force Firewall


As with above approaches, you should able to identify if your Wordpress instance is infected or not and further arrange for the malicious file removal, backup restoration or reinstate the Wordpress core file installation using Wordpress-Toolkit. Taking steps to help reduce the risk of reinfection. While no one can promise you the risk will ever be zero, we can work together to ensure that it's as low as possible.