mySites.guru
12 years of threat data. 1,000,000+ sites scanned.

Free WordPress Malware
Scanner That Checks
Every File

Most scanners only check known plugin files. We scan every single file in your webspace — including hidden backdoors, obfuscated code, and files that don't belong.

Scan Your Site Free →
No credit card Results in minutes Remediation steps included

80,000+

Sites protected

1,000,000+

Audits completed

Since 2012

12 years of threat data

Surface-level scanners miss the threats that matter

Most WordPress malware scanners visit your homepage, check for Google blacklist warnings, and call it done. That catches maybe 5% of real threats. The rest are buried in files your visitors never see — deactivated plugins, uploaded scripts, modified core files, and backdoors sitting quietly in your /wp-content/ directory.

Our scanner connects directly to your server through a lightweight plugin and takes a full snapshot of every file in your webspace. Each file is analysed against our threat intelligence database, built over 12 years and refined across more than a million audits.

  • Scans every file — not just WordPress core or active plugins
  • Detects obfuscated code designed to evade signature-based scanners
  • AI-powered heuristic analysis catches zero-day and novel threats
  • Understands WordPress file structure — flags files that do not belong
  • Instant results with specific file paths and remediation steps

Typical online scanner

  • Checks homepage URL against blacklists
  • Scans public HTML output only
  • Cannot see server-side files
  • Misses 95% of real infections

mySites.guru deep scanner

  • Scans every file on your server
  • Finds threats in inactive plugins and uploads
  • Detects obfuscated and encoded malware
  • Real-time alerts when new threats appear

How the scanner works

Three steps from sign-up to knowing exactly what threats are on your site.

1

Connect your site

Sign up and install our lightweight connector plugin. It takes about two minutes and requires no server access or technical knowledge.

2

Automated deep scan

Our engine takes a complete snapshot of every file in your webspace and runs it through 12 years of threat intelligence and AI-powered analysis.

3

Instant results

Get a full breakdown of every threat found, the exact file path, what it does, and step-by-step remediation instructions to clean it up.

What we detect

We look for every threat category attackers use against WordPress sites — not just the obvious ones.

Malware & Viruses

Known malicious code injections, obfuscated PHP, encoded payloads, and web shells that attackers use to maintain access long after the initial breach.

Backdoors

Hidden file uploaders, remote code execution scripts, and authentication bypasses buried in inactive plugins or renamed files your visitors never see.

Phishing Pages

Fake login pages, bank clones, and credential harvesting forms injected into your webspace to target your visitors without your knowledge.

Spam Injections

Hidden links, pharma hacks, Japanese SEO spam, and keyword stuffing buried in your content or templates that damage your search rankings.

Cryptominers

Cryptocurrency mining scripts silently using your server resources and your visitors' browsers to mine coins for attackers.

SEO Spam

Thousands of hidden doorway pages, cloaked content, and redirect chains designed to steal your domain authority and send your visitors elsewhere.

Built differently from the start

Every design decision we made was to find threats that other scanners miss.

File-level scanning

We inspect every file on your server — core files, plugins, themes, uploads, and anything else that does not belong. No file is off-limits.

12 years of threat data

Our threat intelligence database has been refined since 2012 across more than a million scans. We know what real WordPress malware looks like in the wild.

AI-powered analysis

Heuristic analysis catches obfuscated and encoded malware that bypasses signature-based detection. We find threats that have never been seen before.

Real-time alerts

Get notified the moment a new threat is detected, a file changes unexpectedly, or a suspicious login occurs. You know before your visitors do.

Common questions

How deep does the WordPress malware scan go?
We scan every single file in your webspace — not just your WordPress core or active plugins. That includes inactive plugins, themes, uploaded media directories, and any files that were left behind by previous attacks. Most scanners only check known plugin files against a signature database. We check everything.
How often does the malware scanner run?
The first scan runs immediately after you connect your site, typically completing within a few minutes. After that, automated scans run on a regular schedule so new threats are detected as soon as they appear. You get alerted in real time when something changes.
Will the scanner slow down my WordPress site?
No. The scanner runs server-side through a lightweight connector plugin. It reads files — it does not modify anything on your site, and it does not run in your visitors' browsers. Your site performance is completely unaffected during and after the scan.
Is it really free?
Yes. The malware scanner, file-level audit, and full diagnostic toolset are included at no cost. No credit card is required and there is no time-limited trial. If you want ongoing monitoring across multiple sites, paid plans are available from £19.99/month.
Does it work with WordPress only, or other CMS too?
mySites.guru fully supports both WordPress and Joomla from a single dashboard. The scan engine understands both CMS architectures — it knows what files should and should not exist in each, which makes it significantly more accurate than a generic file scanner.

More ways mySites.guru protects your sites

WordPress Site Hacked?

Free security scan for compromised WordPress sites

Joomla Site Hacked?

Free security scan for compromised Joomla sites

Vulnerability Scanner

Automatic CVE alerts for plugins and themes

Bulk Updates

Update all plugins across every site at once

Manage Multiple Sites

One dashboard for all your WordPress sites

Find out what is hiding in your WordPress site

Over a million scans completed since 2012. Yours takes about two minutes to set up and is completely free.

Scan Your Site Free →
No credit card Results in minutes Remediation steps included

Also supports Joomla. Run a full site security audit →

Out of your depth? Need Help?

Phil Taylor

The Original Joomla Expert – Since 2004

Found issues with your Joomla or WordPress site? Get same-day expert help fixing errors, security issues, and performance problems. Flat-rate pricing, no hourly billing surprises.

  • ● Fix hacked or compromised sites
  • ● Resolve PHP errors & White Screen of Death
  • ● System upgrades & PHP 8 compatibility
  • ● Performance optimization & hosting issues
  • ● £120 flat rate per incident
Get Expert Help TODAY! →

If we can't add value, you don't pay • Same-day turnaround

20+ Years – Fixing Websites

Need Help Addressing Health Check Issues?

Phil Taylor has been fixing Joomla sites since 2004. If it were simple, you would have done it yourself by now. Get professional help from someone who's seen it all.

  • 20+ years of Joomla & PHP expertise
  • Same-day turnaround on most issues
  • No charge if we can't add value or fix the problem