Security & SSL
4 min read
Running a malware scan on your WordPress site
Use Plesk Advisor and WordPress security plugins to detect and remove malware.
Malware scanning and removal
Plesk Advisor security scan
- Log in to Plesk
- Go to Websites & Domains → your domain → Security
- Click Scan for Malware
- Review results and follow recommendations
WordPress security plugins
Install one of these trusted security plugins in WordPress:
- Wordfence Security — Real-time firewall and malware scanner
- Sucuri Security — Malware scanning and activity auditing
- iThemes Security — Brute-force protection and file scanning
Signs your site may be compromised
- Google shows a "This site may be hacked" warning
- Unexpected admin users in WordPress
- Spam links in your site content
- Your site redirects visitors to other websites
- Server resource usage spikes unexpectedly
After malware removal
- Change all passwords (WordPress admin, FTP, database)
- Update all plugins, themes, and WordPress core
- Request a Google Safe Browsing review if flagged