Think Your WordPress
Site Has Been Hacked?
Our free scanner checks every single file in your webspace against 12 years of real-world attack data. Find out exactly what's wrong — and where — in minutes.
80,000+
sites monitored
Since 2012
building threat data
1,000,000+
audits completed
Warning signs your WordPress site is hacked
Attackers work hard to stay hidden. Many hacked sites look and work perfectly for the owner while doing damage in the background.
Visitors are being redirected
Your site opens fine when you visit it, but visitors report being sent to spam, pharma, or porn sites. Hackers detect admin cookies and only redirect logged-out visitors.
Google shows a warning page
"This site may be hacked" or "Deceptive site ahead" — Google has flagged your site in Search Console or Safe Browsing. This alone can wipe out your organic traffic overnight.
Unknown admin accounts appeared
You find WordPress admin users you did not create. Attackers add their own admin accounts to maintain persistent access even after you update passwords.
Your site is sending spam
Your hosting company suspended your account, or contacts are receiving spam emails that appear to come from your domain. A backdoor script is using your server to send bulk mail.
Strange content in search results
Google Search results show Japanese keywords, pharmacy links, or casino text on pages you never created. This is a classic SEO spam injection — very damaging to rankings.
Your host suspended your account
Your hosting provider detected malware and took your site offline. They may have sent a list of infected files — but cleaning them yourself without knowing the entry point means you'll be reinfected within days.
Recognise any of these? Don't wait — the longer malware sits on your server, the more damage it does to your SEO, reputation, and users.
Scan Your Site Now →How mySites.guru detects hacks other scanners miss
Most online "malware scanners" visit your homepage and check public-facing pages for obvious signs. That catches a fraction of real threats. Attackers don't leave malware on your homepage — they hide it in inactive plugin directories, uploaded files, and modified core files deep inside your /wp-content/ folder.
Our scanner connects directly to your server through a lightweight plugin and reads every single file — not just what visitors see. Each file is checked against a threat database refined over 12 years and more than a million real-world audits.
- File-level scanning of your entire webspace, including hidden and inactive directories
- Signature matching against known malware families, webshells, and backdoors
- Heuristic detection of obfuscated PHP designed to evade simple scanners
- WordPress-aware: knows exactly which files should and shouldn't exist
- 12 years of threat intelligence from monitoring real sites under attack
Surface scanners
Check your homepage URL for Google blocklist status and obvious malware snippets in HTML. Miss everything hidden in files.
mySites.guru
Reads every file on your server — including files in inactive plugins, uploaded media, and obscure temp directories attackers rely on for hiding backdoors.
"I'd run two other scanners that found nothing. mySites.guru found a backdoor sitting in a directory from a plugin I'd deleted three years ago."
— Agency owner, UK
How it works
From sign-up to scan results in under five minutes — no technical knowledge needed.
Connect your site
Sign up free and install the lightweight connector plugin on your WordPress site. No FTP, no server access, no configuration — just install and click Connect.
We scan every file
Our engine reads every file in your webspace and checks each one against our threat database — malware signatures, known backdoor patterns, obfuscated code, and file integrity checks.
See what was found
Results appear in your dashboard in real time. Every infected or suspicious file is listed with an explanation of the threat, the file path, and tools to investigate further.
Free. No credit card. Takes about 2 minutes to set up.
What the scan looks for
A full picture of your site's security — not just the obvious stuff.
Malware & backdoors
Webshells, file uploaders, remote-execution scripts, and obfuscated PHP that give attackers persistent server access.
SEO spam injections
Hidden links, Japanese keyword attacks, pharma hacks, and casino spam buried in your pages — destroying your search rankings silently.
Modified core files
WordPress core files that have been altered to add malicious code. These pass a visual inspection but contain injections that run on every page load.
Redirect scripts
Scripts that send visitors to malicious sites based on referrer, user agent, or login status — invisible to you, harmful to everyone else.
Vulnerable plugins & themes
Outdated software with known CVEs is how most WordPress sites get hacked. We check every plugin and theme version against the vulnerability database.
Unauthorised files
Files that have no business being on your server — uploaded PHP scripts in your media directory, leftover attack tools, and files placed by attackers between visits.
Why cleaned sites keep getting reinfected
The single biggest mistake after a WordPress hack: removing the files your host flagged and assuming the problem is solved. It isn't.
Attackers don't just leave one backdoor. They leave several — in different locations, with different names, often encoded to evade basic scanners. And the vulnerability that let them in (an outdated plugin, a weak password, an exposed configuration file) is still sitting there waiting to be used again.
A proper recovery means finding every infected file, identifying the entry point, and closing it. That's what mySites.guru helps you do — starting with a complete file-level scan that shows you the full picture, not just the obvious infections.
Common reasons sites get reinfected
- Entry point (vulnerable plugin or theme) was never patched
- Secondary backdoors left in place after partial clean
- Compromised hosting account password not changed
- Malware in a backup restored during the clean
- Another site on the same hosting account left infected
What a full scan gives you
- Every infected file listed with the exact threat detected
- Vulnerable software versions flagged with CVE references
- File integrity check across all WordPress core files
- Unexpected files in sensitive directories highlighted
- Configuration issues that leave your site exposed
Ready to find out what's actually on your server?
Free scan. No credit card. Takes about 2 minutes to connect.
Scan Your Site Now →Common questions
How long does the security scan take?
What happens if a hack is found?
Do I need technical knowledge to use mySites.guru?
Is the scan really free? What's the catch?
My host already cleaned the site. Do I still need a scan?
Will the scan affect my live site or slow it down?
More ways mySites.guru protects your sites
Joomla Site Hacked?
Free security scan for compromised Joomla sites
Malware Scanner
Deep file-level malware scanning for WordPress
Vulnerability Scanner
Automatic CVE alerts for plugins and themes
Bulk Updates
Update all plugins across every site at once
Manage Multiple Sites
One dashboard for all your WordPress sites
Don't guess. Find out for certain.
Over a million audits since 2012. Connect your site in two minutes and see exactly what's there — for free.
Scan Your Site Now →