Malware lurks on 17.6 million of the world’s websites—and many users have no idea their site is infected.

Among the most obvious signs of malware infections are hosting suspensions, website blacklisting, and redirects to malicious websites. While these examples are simple to spot, other attacks go largely unnoticed—because it’s easy for malware to hide among lines of legitimate code.

Four Must-Know Signs Of Malware

Can malware go undetected? The answer is yes—and it often does.  Watch out for these four signs of malware on your site:

  • Unrecognized admin users in CMSs like WordPress. Often, malware payloads create backdoors enabling bad actors to re-enter a site after it was cleaned. One popular backdoor attack involves creating an admin account using access gained through a vulnerability. Even if the vulnerability is patched, the attacker retains access to the bad user account.
  • Strange or misspelled file names. It doesn’t take much experience to spot a file called “zbdG7dcL2DDdC.php” and question its legitimacy. However, many attackers strategically name files to appear legitimate. For example, the login file for WordPress is called “wp-login.php,” but it’s not uncommon to find malware in a file called “wp-logon.php.” Since this looks legitimate, malware can sit in plain sight beside normal files.
  • Bad search engine results for your site. Here, attackers use an infected site’s traffic to boost another site’s rankings in Google. If you have unrelated information or foreign characters in your domain’s Google search results, malware may be negatively impacting—or even harming—your organic search results and online reputation.
  • Website errors. Malware is foreign code added to existing code. With that in mind, it only takes a single character in the wrong location to cause an entire site to fail. Fortunately, website errors can help you spot malware more easily.

Tools For Spotting Malware

Spotting malware can be tricky, but SiteLock has a host of tools to help site owners get started. Still wondering: How can malware go undetected on my site—and what can I do to stop it? Contact our team today.