Since WordPress has become one of the most popular content management systems it has also become prone to abuse. At our company we have to deal with infected WordPress pages on a daily basis. Unfortunately cleaning the hosting package sometimes does not cut it. The site can be listed as potentially dangerous or otherwise compromised on google or any of the many other security websites. To ease your pain of searching for these sites a list has been compiled and posted bellow:
- AVG Website Safety Reports: Provides historical reputation data about the site
- BrightCloud URL/IP Lookup: Presents historical reputation data about the website
- Comodo Web Inspector: Examines the URL in real-time
- Cisco SenderBase: Presents historical reputation data about the website
- Cymon: Presents data from various threat intel feeds
- Deepviz: Offers historical threat intel data about IPs, domains, etc.
- Desenmascara.me: Flags websites suspected of selling counterfeit products
- FortiGuard lookup: Displays the URL’s history and category
- IBM X-Force Exchange: Provides historical data about IPs, URLs, etc.
- Joe Sandbox URL Analyzer: Examines the URL in real time
- Is It Hacked: Performs several checks in real time and consults some blacklists
- IsItPhishing: Assesses the specified URL in real-time
- KnownSec: Presents historical reputation data about the website; Chinese language only
- Norton Safe Web: Presents historical reputation data about the website
- PhishTank: Looks up the URL in its database of known phishing websites
- Malware Domain List: Looks up recently-reported malicious websites
- MalwareURL: Looks up the URL in its historical list of malicious websites
- McAfee Site Advisor: Presents historical reputation data about the website
- McAfee TrustedSource: Presents historical reputation data about the website
- MxToolbox: Queries multiple reputational sources for information about the IP or domain
- Open Threat Exchange: Presents diverse threat intelligence data from AlienVault
- PassiveTotal: Presents passive DNS and other threat intelligence data
- Quttera ThreatSign: Scans the specified URL for the presence of malware
- Reputation Authority: Shows reputational data on specified domain or IP address
- Sucuri SiteCheck: Scans the URL for malware in real time and looks it up in several blacklists
- Trend Micro Web Reputation: Presents historical reputation data about the website
- Unmask Parasites: Looks up the URL in the Google Safe Browsing database
- URL Blacklist: Looks up the URL in its database of suspicious sites
- URL Query: Looks up the URL in its database of suspicious sites and examines the site’s content
- urlscan.io: Examines the URL in real time and displays the requests it issues to render the page
- URLVoid and IPVoid: Looks up the URL or IP in several blacklisting services
- VirusTotal: Looks up the URL in several databases of malicious sites
- vURL: Retrieves and displays the source code of the page; looks up its status in several blocklists
- ThreatMiner: Presents diverse threat intelligence data
- WebPulse Site Review: Looks up the website in BlueCoat’s database
- Zscaler Zulu URL Risk Analyzer: Examines the URL using real-time and historical techniques
Best thing to do in order to keep your (WordPress) site safe is to use security plugins (like WordFence) and regularly update your WordPress installation (with plugins and themes as well).
I will cover more about how to clean up your website (and keeping it secure as possible) in one of my next posts.
A few quick tips include using only the plugins that are available thought WordPress’s official database. All the plugins are checked for malware before they are posted.
Buy your themes from well known websites and try not to install any “free” or “nulled” versions of them. Nulled versions are a recipe for disaster. They almost always include malicious code that then costs you more to clean up than it would to actually buy the theme.
Till next time I hope your website stays safe!