How to Detect Malware on Your Website and What to Do Next

The average website is attacked over 55 times every day — and almost half of all sites on the web have high security vulnerabilities. With this, it’s no surprise that website malware is becoming more and more common.

So how to detect malware on your site can be slightly complicated as the signs of an attack aren’t always clear, and many victims don’t even know they’ve been targeted. It’s crucial to know the signs and to stop malware in its tracks as early as you can. In this post, we’ll share insight on how to detect malware on your website and what steps to take after confirming an attack.

How to Detect Malware

As many different types of malware can be used to target websites, there aren’t necessarily universal signs of a malware attack. That said, be prepared to learn how to detect malware and to take action if you notice any of the following general signs that malware could be present on your site:

Search engine blacklisting. Chances are you’ve already been infected if you’re scouring the web for tips on how to remove a domain from a blacklist.

Here’s why: Google and other popular search engines will send out bots to crawl your site so that it appears in search results. This process is generally referred to as indexing. These bots can also detect malware infections. If malware is found, the search engine will blacklist your site, placing a “THIS SITE MIGHT BE HACKED” warning in the search results next to your URL (unfortunately, blacklisting doesn’t protect site owners). Blacklisting is a reliable sign because it occurs only when a search engine finds definitive evidence of malware on a website.

If you’ve been blacklisted, you can find pointers on how to remove malware in the content below.

Web hosting suspension. If your website is suspended, it means your hosting provider has temporarily taken it offline. Website hosts might suspend a site for myriad reasons, but one of the most popular is to protect their servers from malware or spam.

You can think of hosting providers as owners of an apartment building and websites as the individual units within that building: from cheap shared web hosting providers to expensive dedicated server providers, they are responsible for ensuring the security of the entire server, but you’re responsible for the maintenance of your website. Your provider will run regular scans on your site and alert you if it’s infected. Website redirect malware, SEO spam, and phishing can all harm visitors to your site — so your provider will take it offline as a precaution.

Website defacement. A website defacement attack is when cybercriminals replace your website content with their own message. It should be easy to spot on your site because a defacement is like digital graffiti. The message might be shocking and used to promote the attacker’s political or religious viewpoints. In other cases, website defacements are meant to achieve some notoriety and generate publicity around a particular “hacker name.”

Redirects. Malware redirecting website visitors from one domain to another is pretty common, and most web users have experienced one of these redirect attacks. If you type in your own URL and end up on a completely different site, that’s all the evidence you need that you’ve been infected.

SEO spam. Spam works by flooding your site with hundreds of thousands of files, and these usually contain irrelevant keywords and malicious backlinks that could cause your search rankings to plummet. If you notice unusual links on pages of your site, lots of suspicious commenters, or a sudden loss of traffic, SEO spam could be the culprit.

Malvertising. If you’re curious about how malvertising works, consider the name itself. Malvertising is a portmanteau of “malicious advertising,” and it’s a growing problem on the web that’s not always easy to spot. However, these malicious ads often contain spelling errors or promote miracle cures, ridiculous scandals, and products that you’ve never searched for — unprofessional things you definitely don’t want to show up on your site.

What to Do Next

If you have a technical background, you might be able to manually remove malware from your website. Start by reviewing your website’s source code as well as its database and files. Starting with the databases, your web host should be able to give you access to a tool, such as phpMyAdmin, used for database administration. With this tool, you will be able to scan for syntax that cybercriminals commonly put into the database.

When it comes to reviewing source code, keep your eyes out for script and iframe attributes. Any lines that begin with “<script src= >” are your script attributes. Also check for URLs or file names following this code that you don’t recognize. Unrecognized URLs following the code “<iframe src= >” should raise concern as well. Anything that looks unfamiliar or like it doesn’t belong is a possible sign that a cybercriminal has been messing with your site.

To manually check your website’s files for malware, you have a few options. Website owners should become familiar with their website files and, using FTP or the file manager the host provides, searching through those files for malicious content. Look for injections that are common on CMS-driven sites such as WordPress. When you are able to recognize changes that cybercriminals have made to these files or to your database or source code as outlined above, you should repeat the search regularly to keep a proper eye out for malware.

Equip Your Site Properly

Cyberattacks will only become more sophisticated as technology evolves. As long as your site remains online, it’s a guarantee that you’ll be targeted as all websites are at risk. Even if you don’t have the technical expertise to handle an attack by yourself, simply knowing how to detect malware on your website could allow you to discover an infection faster and enlist help from someone who does.

Regardless, some strains of malware can be difficult to detect, and this is true even if you’re diligent about inspecting website files and consistently monitoring server resources for unusual spikes. The best course of action for most website owners is to install an automated malware scanner that will continuously monitor and test your site.

SiteLock offers powerful website scanning tools that will save you time and money while ensuring your site enjoys round-the-clock protection. Check out our plans and pricing today and see what other people say about SiteLock. If you’re serious about doing business online, we’ll help keep you protected.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.