Website Security Scanning Guide
Regular security scans help detect malware, vulnerabilities, and suspicious files before they cause damage. This guide explains how to scan your website hosted on Faciotech.
Why Scan Your Website?
- Detect malware before it spreads or causes damage
- Identify security vulnerabilities
- Protect your visitors from malicious content
- Maintain your reputation and SEO rankings
- Comply with security requirements
Method 1: ImunifyAV in cPanel
Faciotech hosting includes ImunifyAV security scanning:
- Log into cPanel
- Go to Security → ImunifyAV
- Click Start Scan to scan your account
- Review results for detected threats
- For each threat, choose to Clean, Delete, or Ignore
Note: Regular scanning is recommended weekly for active sites.
Method 2: WordPress Security Plugins
Wordfence Security (Recommended)
- Install and activate Wordfence
- Go to Wordfence → Scan
- Click Start New Scan
- Review results for:
- Modified core files
- Malware signatures
- Outdated plugins/themes
- Known vulnerabilities
Sucuri Security
- Install and activate Sucuri Security
- Go to Sucuri Security → Dashboard
- Check the Core Integrity section
- Review Audit Logs for suspicious activity
Method 3: Online Scanners
External scanners check your site from outside:
- Sucuri SiteCheck - Free malware and blacklist scan
- VirusTotal - Scans URL with multiple antivirus engines
- Google Safe Browsing - Check if Google has flagged your site
What to Look For
Signs of Malware:
- Unknown files in your directories
- Modified core files (WordPress, plugins, themes)
- Suspicious code (base64_decode, eval, etc.)
- Unexpected admin users
- Strange outgoing links in your content
- Redirects to unknown sites
Vulnerability Indicators:
- Outdated software (WordPress, plugins, PHP)
- Weak file permissions
- Exposed configuration files
- Missing security headers
If Malware is Found
- Don't panic - Most infections are cleanable
- Backup current state - For investigation purposes
- Identify infection scope - Check all sites on the account
- Clean or restore:
- Use security plugin's cleaning feature
- Manually remove malicious code
- Restore from clean backup
- Change all passwords - WordPress, FTP, cPanel, database
- Update everything - WordPress, themes, plugins
- Harden security - Add security plugins, enable 2FA
- Request review - If blacklisted, submit reconsideration requests
Preventing Future Infections
- Keep all software updated
- Use strong, unique passwords
- Enable two-factor authentication
- Only use trusted plugins and themes
- Remove unused plugins and themes
- Regular backups
- Schedule automatic scans
- Monitor file changes
Professional Malware Removal
If you need help removing malware, contact our support team. We can assist with scanning, cleaning, and securing your website.
