June 2026 promo! Join our Discord free of charge.

Slick­Stack
Lightning-fast WordPress on Nginx

best ways to scan WordPress websites for malware and exploits?

  • This topic is empty.
Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • March 2, 2024 at 7:30 am #12566
    Larry
    Guest

    I like that SlickStack is trying to discourage very heavy security plugins for sites that don’t really need it, but what is the alternative? I found WPScan.com before but I couldn’t understand how to use the free plan. And, I want to avoid Wordfence and heavy plugins.

    March 2, 2024 at 7:31 am #12567
    Jason
    Guest

    WPScan sucks now because Jetpack (Automattic) acquired it and immediately turned it into a pile of crap, that’s why none of the information you find online makes sense

    March 2, 2024 at 7:32 am #12568
    Joyce
    Guest

    https://wordpress.org/support/topic/jetpack-protect-is-not-an-alternative/

    March 2, 2024 at 7:33 am #12569
    Madison
    Guest

    WPScan is now called Jetpack Protect and requires Jetpack.

    March 2, 2024 at 7:34 am #12570
    Martha
    Guest

    why not just use Wordfence?

    March 2, 2024 at 7:37 am #12574
    Nathan
    Guest

    WPScan changed to Jetpack Protect, what are your thoughts?

    March 2, 2024 at 7:41 am #12578
    Billy
    Guest

    I have never understood WPScan, and how it’s different from WPSec.

    March 2, 2024 at 7:42 am #12579
    Frank
    Guest

    >> not installing page builders
    >>> not installing Envato premium themes
    >>>>> not installing crap extensions released by shady Indian agencies

    that’s 90% of WordPress security right there, imo

    March 2, 2024 at 7:54 am #12587
    Abigail
    Guest

    https://github.com/10up/wpcli-vulnerability-scanner

    March 2, 2024 at 7:58 am #12588
    Amy
    Guest

    quick and dirty is just compare checksums via WP-CLI to see if any suspicious files exist, not perfect but often is enough:

    Howto detect malware’s with WP-CLI

    March 5, 2024 at 10:06 am #12690
    Maria
    Guest

    wordfence and manual review,

    March 5, 2024 at 8:04 pm #12736
    Emma
    Guest

    why not just use Wordfence?

    WordFence is blacklisted on SlickStack, because it hacks wp-config.php and other core files and can cause your server to crash. They also banned innocent Russian customers for leftist virtue signaling during the Ukraine war for no reason. AVOID.

    March 5, 2024 at 8:06 pm #12738
    Abigail
    Guest

    Wordfence CEO is probably vaxxed 7 times with Pfizer, u know it

  • Author
    Posts
Viewing 13 posts - 1 through 13 (of 13 total)
Reply To: best ways to scan WordPress websites for malware and exploits?

Thanks to our generous sponsors for their support!