A WordPress malware scanner checks your site for injected malicious code, suspicious external scripts, weak TLS, missing security headers and publicly exposed files. MageArgus runs this external scan free in seconds for any WordPress or PHP website — no signup and no plugin to install.
What the WordPress scan checks
MageArgus runs a passive, external scan — the same engine that checks Magento stores — against any WordPress site:
- Malware & skimmer indicators in your public pages and scripts.
- Suspicious external JavaScript loading on your site.
- TLS & certificate health.
- Security headers — HSTS, CSP, X-Frame-Options and more.
- Exposed files — leaked backups,
.git, config files and database dumps.
What it does — and doesn’t — do
We believe in being straight with you on a security product. MageArgus is built first for Magento, where it maps your exact version to specific CVEs. For WordPress it runs the platform-agnostic checks above — malware indicators, transport, headers and exposed files — which catch a large share of real-world compromises.
It does not currently map WordPress core/plugin versions to a WordPress-specific CVE database, and it can’t see inside your filesystem from outside. For deep, WordPress-internal scanning you’ll still want an on-server tool. Use MageArgus for a fast, honest external health check.
Found something? Clean it up
If the scan flags malware indicators or exposed files, act quickly — see WordPress malware removal and website malware removal. W3ctrl Services cleans up compromised WordPress and PHP sites as well as Magento.