Website Malware Scan: Check If Your Site Is Hacked

Website Malware Scan

What is a Malware Scanner?

There are essentially two main ways to perform a website malware scan; external and internal to the website server.

External scanners visit your website like any site visitor does. These remote scanners scan through the pages of your site. Some may go an extra step of checking for general server vulnerabilities like open ports and SSL.

Internal scanners run on the server. Typically it is something your host runs or an external scanner is given direct access to your server, usually through FTP/sFTP.

There is a significant difference between external and internal scanners. Without direct access to your site, external scanner results are not reliable and typically incomplete or inaccurate. There are levels of infection that cannot be determined externally and in some cases your hosting provider may block the external scan altogether as a perceived attack.

Website Malware Scan Options

Website Malware Scan Tools

  1. Run Google’s Safe Browsing Transparency Report

    As Google indexes the web, it also spots malware and reports the site as unsafe. They provide a tool that allows you to check if your domain has been listed as dangerous. Go to Google’s Transparency Report and enter your site to see if your listed. You will also see the last time Google checked.

  2. Check VirusTotal

    I love this surprisingly little known site! VirusTotal taps into 70 antivirus scanners and domain blacklisting services. This free service is so good, it was bought by Google in 2012. Go to VirusTotal and enter your URL. But don’t stop there! Most likely your site may not have been scanned today, so you should click the “Reanalyze URL” button (upper right). You’ll get results within a few moments.

  3. Check Norton Safe Web (and claim your site!)

    Norton Safe Web is a reputation service through Symantec, the world’s largest civilian threat intelligence network. If you’re listed here, they will provide you a list of files on your site which tried to infect Norton visitors. It even will tell you what malware and when. IMPORTANT TIP! Even if you are not listed here you should take a moment and claim your site as a site owner. It is free and will help legitimize your site with all visitors who use Norton products on their computers.

  4. Search

    Although primarily for security and malware researchers, you can use’s search to check your domain or IP. Note, you will have to enter a code to get virtual credits to allow you to complete a search. If you’re listed with them, you will get location and malware information. One word of caution. They also provide a way to download the malware package. You do not want to do that. Leave that for the researchers. Just use their tool to check if you are listed.

  5. Check MalwareURL

    We mentioned VirusTotal earlier but MalwareURL also checks a few other sources including Wepawet, Anubis and Threat Expert. Their down and dirty check is quick and easy. Go to their Verify Website Security Status page and enter your domain or IP.

  6. Realtime Blackhole List (RBL) Check at

    Your site, or a site on your shared server, could be spewing spam which will get your IP listed on an RBL. Check if you’re on the RBL at Although it won’t tell you what or where the malware is, it is an indication of malware or a compromise of some sort.

  7. Use A Free Website Malware Scanner

    There are several free website malware scanners available online. What they scan for and their accuracy varies. Some may force you to provide contact information to get your results. Our scanner is completely free, no signup required. So give ours a try.

What Next?

All the tools listed above perform website malware scans or provide information based upon community reports. Their accuracy will vary since they are external scanners. So you may end up with some solid information to go on, or you might be left scratching your head.

Did the external scanner fail you? Are you adventurous and looking to try some manual, do-it-yourself tips? Do you need expert tips on trying to remove and clean malware on your own?

Check out our post on How To Remove Website Malware: Tips for Doing It Yourself.

As always, we’re available via chat, phone or contact form should you have any questions.

©2019 Developer Squad. All rights reserved.

About Us | FAQ | Free Tools | Blog | Partner with Us | Contact

How We Scan and Remove Malware

You will be given secure access to our portal where you enter the FTP credentials to the main directory of your site (typically the public_html). Our scanners will then do a deep scan of all files. Once found, you can request a cleaning (if purchased) and we will immediately begin the cleaning process.

We start as soon as you set things up and the length of time it takes to scan and remove malware will vary depending on the level of infection and number of files. Typically it takes several hours. Our portal updates you on progress and has 24x7x365 chat support so you are never left alone!

US Based Family Business  •  Money Back Guarantee

US Based Family Business

Cousins Jon and Mike Brennan (bios here) were always close like brothers and so, many years ago, they decided to start a business together. It wasn’t long before Jon’s brother Jeff and their mother Judy (the first programmer in the family!) joined the company. We’ve never looked back!

We pride ourselves on our fanatical customer service and would welcome the opportunity to earn your trust.

Who's Developer Squad?

A quick message from one of our founders.

Thanks for stopping bye! Please hit us up in chat with any questions.

Have Questions?

Give us a shout via chat, phone or email.

Researching Options?

Get FREE professional advice and information from a member of our squad.

We can help you navigate your next steps,
even if it isn’t with us today.

Log in with your credentials

Forgot your details?