don't touch!

Detecting and cleaning malware on WordPress

5 Recommended for malware in WordPress pluginsWe talked earlier about how secure or fortifying WordPress in different ways, but not always addressed the issue of how to fix or clean infected websites mainly with malware in WordPress and what we want to talk to you .

It is important to be documented and understand the different vulnerabilities that may affect your WordPress installations. There is no radical and fast rule that eradicates vulnerabilities, but a set of procedures and precautions to be taken as auser or administrator of websites will lead to a safer system .

Although WordPress is good enough, if you come earlier then in some cases you will see a message saying that “there is a version available” and it’s good to update.Always make sure your WordPress works with the latest version because it will deliver a 0-day . However, if at any time obviaste security WordPress, you may be already infected and do not even know would you check? .

To analyze the health of our WordPress installations we will use the plugin Anti-Malware and Brute-Force Security by ELI developed by Eli Scheetz and focused on a thorough analysis of the installation files where this is installed and detect threats recognized or potential threat patterns are not officially recognized.

This plugin has been created to help administrators WordPress to clean infections on your website. It was inspired by the need to clean the author of your accounts in BlueHost. The plugin is currently offered at no cost, though you can get some “extra” making a donation to support the project.

In this article we introduce 5 good plugins to analyze malicious code infection or malware sites created with WordPress . This list is not intended to be a“Top-ten” Anti-Malware for WordPress, it can serve to have an idea that extensions used for this work in difficult times.

Sucuri Security – Auditing, Malware Scanner and Security Hardening



Sucuri is a guarantee of good reputation and malware analysis in WordPress. The main features are Sucuri provides control files loaded in the WordPress website, blacklist management control, security notifications, etc. There analysis of malware, even remotely with the scanner Sucuri SiteCheck . The plugin also offers a powerful tool for the website obtainable (commercial) and activate it to make you much safer web Firewall website.


Sucuri Security plugin – Auditing, Security and Hardening Malware Scanner is a set of security tools for comprehensive security control, detection of malware and strengthening.

Current Version: 1.7.7

Anti-Malware and Brute-Force Security by ELI



This plugin has been created to help administrators WordPress to clean infections on your website. It was inspired by the need to clean the author of your accounts in BlueHost. The plugin is currently offered at no cost, though you can get some “extra” making a donation to support the project.

Some of its salient features are:

  • Automatic WordPress malware removal
  • If you make a donation to the author you can download definitions of new threats as they are discovered.
  • Automatically update vulnerable versions of TimThumb script.
  • Wp-login.php patches automatically blocking brute force attacks.
  • Run a quick scan from the administration menu.
  • You can customize scanner settings.
  • You can perform a complete analysis from the configuration page.


This plugin searches malware and other threats such as viruses and vulnerabilities in WordPress installation and helps you to remove them.

Current version: 04/14/65

WP Antivirus Protection Site



It is a safety plug for the analysis of issues and all other files uploaded to your WordPress website. The main features of WP Antivirus Site Protection are exploring each upload to your web site image, updating the database of virus signatures regularly, removing malware, sending alerts and notifications by email and Other options.

It has a commercial version with additional functionality.

Add more security to your site with this plugin that performs server-side analysis. Performs deep scans all files on your website. Virus detects and removes both as Malware that is documented in their signatures.

Current Version: 4.8.2

Theme Authenticity Checker (TAC)



While this plugin takes one year without updating, we have included it because their behavior in WordPress 4.1.x is correct, and presents features when analyzing theme files that make use interesting.

This plugin scans files each WordPress theme installed to detect malicious code hidden links in the footer and Base64 code.Once detected shows the path to the particular subject, the line number and a small piece of malicious code course to make it easy for an administrator WordPress directly analyze and take decisions.

Scan all your files installed to detect potentially malicious code or unwanted issues.

Current Version: 1.5.2

Quttera Web Malware Scanner



This plugin helps you scan a website to verify if protected from injecting malicious code, viruses, worms, malware, Trojans, etc.

Prtopias offers some antivirus features but offers interesting features such as scanning and detection of unknown malware, the state of blacklists, and has a scanning engine based on artificial intelligence language.

It is able to detect external links backlinks and more.

This is a plugin that analyzes your WordPress site to detect known and unknown malware and other suspicious activity.

Current Version: 2.0.7


Whatever the plugin that you end up using for these tasks, our recommendations are :

  1. Always install plugins and themes from reliable sources or downloaded from Plugin Directory official or known developers (read the user reviews before use).
  2. If you can, always you work in a “sandbox” to test before enabling definitively UYN theme or plugin in WordPress.
  3. Do not overload your installation WordPres with plugins which then will not use, besides slowing down your web, you’ll end up creating security holes because d eplugins or topics “abandoned” and outdated.
  4. Do not use more than one plugin for the same purpose, some may acanbar coming into conflict with others or creating false positives.