How to scan your WordPress site for Malware with Wordfence

As we continue our series on the Wordfence plugin, we will now show you how to scan your WordPress site for malware with Wordfence. With Wordfence you can easily scan your site for malicious URLs, weak passwords, unauthorized DNS changes, trojans, and out-of-date plugins/themes among many other things. Keep in mind some of the options in Wordfence require a premium license.

Scanning with Wordfence

  1. Log into your WordPress Dashboard.
  2. Click Wordfence then Scan in the navigation menu.

  3. Click the Scan Options and Scheduling link to view or change your scan settings.

  4. You can then make changes to your WordFence scan and scheduling settings. Below is an description of the available scan options.
    Scan Options
    Scan Scheduling Choose if you want to let Wordfence choose when to scan, or manually set the scan schedule if you have a premium license.
    Basic Scan Type Options Set if you want to perform a Limited, Standard, High, or Custom scan.
    General Options Choose what you want Wordfence to specifically scan for here.
    Performance Options Set if you want to use low resource scanning, or manually limit the scan options.
    Advanced Scan Options Exclude files from being scanned here, or add specific scan signatures.
  5. Click the Save Changes button on the top-right once you have chosen your settings.

  6. Click the Back to Scan link.

  7. Click the Start New Scan button.

    Wordfence will begin scanning your website. Since this may take a long time to complete, we recommend checking the Wordfence Scan in several hours.

  8. When the Wordfence scan finishes you will see a “Scan Complete” message with your results below. You can click the Show Log link to see details about the scan.

Congratulations, now you know how to scan your WordPress site for malware with Wordfence!

Leave a Reply