1. wpscans.com
Checks your site with their intelligent scanning algorithms and scans for known bugs that have been indexed in the WPScan Vulnerability Database, which contains over 4000 reported vulnerabilities. Also tries to identify the plugins you run and compare their versions against the bug database. In addition, wpscan scans for several well-known mistakes that people make when setting up their WordPress installation, A decent (one of the many WordPress online scanners) place to begin with.

Note – wpscans doesn’t scan server for server for security and also doesn’t scan your password for that matter.

2. sitecheck.sucuri
Sucuri is known for their timely vulnerability reports on WordPress ecosystem on both plugins and themes. Sucuri also has a site scanner for vulnerabilities. Scans Malware, Website Blacklisting, Injected Spam, Defacements, Website Firewall also scans through your scripts and links. Checks to see whether your site has been blacklisted any other popular services like –

Google Safe Browsing
Norton Safe Browin
Phish Tank
Opera Browser
SiteAdvisor
Sucuri Malware Labs Blacklist
SpamHaus DBL
Yandex (via Sophos)
ESET

3. WordPress Security Scan
Checks for application security, WordPress plugins, hosting environment and web server. The security scanner downloads a handful of pages from your website and performs analysis on the raw HTML code. Also scans for user enumeration, directory indexing, linked websites, linked JavaScripts and linked iFrames. With membership you can gain more advance scan for your site.

4. wploop.com
Checks your site for WordPress meta tags, readme.html, response headers contain detailed PHP version info, list of usernames, Check for display of unnecessary information on failed login attempts, accessible install.php file via HTTP, accessbile upgrade.php file via HTTP, browsable uploads folder, EditURI link present in page header, deliverable admin interface via HTTPS and Windos Live Writer link in page’s header.

5. scanwp.com
Performs a basic scan checking whether all your WordPress files up to date or not, scores your website out of 100. Also suggests you to tighten security and hide your WordPress version. The scanner visits your homepage and checks for the generator tag. Note – The WordPress core team has decided that displaying your WordPress version to the public is not a security concern.

6. wprecon.com
Checks your site against Google safe browsing, active plugins, theme, user enumeration, directory indexing, Google malware scan, external link, linked iFrame and linked JS files.

7. quttera.com
Checks for iFrame, Malicious files, Suspicious files, External links and blacklist status of the site.

8. virustotal.com
Checks your site on 68 reputed online site inspector and some of them are – AegisLab WebGuard, Avira, BitDefender, Comodo Site Inspector, K7AntiVirus, Malware Domain Blocklist, MalwareDomainList, SecureBrain, Spam404, Sucuri SiteCheck, Web Security Guard, Yandex Safebrowsing, ZeusTracker, Kaspersky and ZCloudsec.

9. Google Safe Browsing
Unlike everybody if you want to directly check your site on Google Safe Browsing without relying any other third party scanners, You can check your site’s safe browsing status directly from this URL.

10. Ghost Scanner
Shows you a simple plain result whether your server is vulnerable or not. You can also check out other scan services such as TCP Port scan, UDP Port scan, SSL Hearbleed scan, SSL Poodle scan, SSL DROWN scan, Bash Shellshock scan and Ghost Glibc scan.

11. asafaweb.com
Checks your site for Tracing, Custom Errors, Stack Trace, Request Validation, HTTP to HTTPS, Hash Dos Patch, ELMAH Log, Excessive Headers, HTTP Only Cookies, Secure Cookies, Clickjacking and Mac State. You can also schedule a scan by signing up.

12. app.upguard.com/webscan
Performs pretty decent scan of a website, checks Communication DNS, Communication Services, Sub Domain, Scripts, SSL, Meta tags, Info, Header, Google Safe Browsing Check. In addition to these also checks against 27 factors they are –
SSL Enabled, SSL Expiry, SSL Strength, Suspected Phishing Page, Suspected Malware Provider, Suspected of Unwanted Software, X-Powered-By Header, HTTP Strict Transport Security, ASP Net Version Header, Server Information Header, SPF Enabled, DMARC Enabled, Mail, App, User Auth, File Sharing, Voice, Administration, Database, DNSSEC Enabled, Domain Expiry, HttpOnly Cookies, Secure Cookies, Exposed Emails, Breaches.
Combining all these factors give your site a score out of 950.

13. zerocert.org
Performs simple scan, also shows your Google Page Rank and Whois information. There’s a setting panel as well you can tweak check depth, user agent.

14. scanurl.net
Checks your site on Google Safe Browsing, Phish Tank and Web of Trust.

15. urlvoid.com
Checks for vulnerability on 26 reputed online scan software, shows your IP information and Alexa traffic.

16. app.webinspector.com
Gives you complete scan that includes Blacklist Checking, Phishing, Malware Downloads, Drive-by Download, Worms, Backdoors, Trojans, Suspicious iFrames, Heuristic Virus, Suspicious Codes, Suspicious Connections and Suspicious Activities. On top of that shows you E-Commerce Safety Information.

17. urlquery.net
Performs Intrusion Detection Systems, Blacklists, JavaScript Scripts and HTTP Transactions

18. scanner.pcrisk.com
Site scan report includes – External links, iFrames, Blacklist status, Clean files and Suspicious files.

19. siteguarding.com/en/sitecheck
Scans for Malware, Website Blacklisting, Injected Spam, Defacements, Website Firewall, links, scripts and links analyze.

20. https://hackercombat.com/website-malware-scanner/
Scans your site for – malicious activity, malware detection, phishing, blacklist checking, worms, back doors, trojans, transaction protection and also shows basic who.is information to send the report to your email address.

Security Checklists/Resources

Prevention is better than cure and that is why I have prepared these security checklist for you. These are by no mean a complete list rather than a short overview for you of how to tighten up the security for your website.
Always use latest version of WordPress
Don’t tweak/mess code in core WordPress files
Keep your plugins’ versions up to date
Install plugins from trusted sources
Use Limit Login plugins to limit brute force attack
Use strong password
Don’t use Admin for username
Always use backups ( With UpdraftPlus plugin you can have free backups to Google Drive)
Use 2 factor authentication if possible
Use a trusted hosting

For more detailed security measures you can check out these cool resources –

1. Hardening WordPress
2. WordPress Security
3. Brute Force Attacks
4. wpsecuritychecklist.org
5. wprecon.com/wordpress-security-tips
6. WordPress Security Implementation Guideline
7.  wpvulndb.com( Cataloging 5251 WordPress Core, Plugin and Theme vulnerabilities, It is a WPScan vulnerability database )

In case you find anything suspicious, follow this checklist to protect your website – 7 Ways to Fix WordPress Hacked sites + 17 Ways to Protect it from happening (again) from – CollectiveRay

Now that you have hand full of online WordPress online vulnerability scanners. Give these tools a try before it gets too late. Did I miss out any other websites you follow ? What security measures you take for your site ? Leave a comment if you want to share your resources.

https://asphaltthemes.com/wordpress-online-vulnerability-scanners/

ลง plugin แล้ว scan ดีกว่า scan online

https://asphaltthemes.com/wordpress-online-vulnerability-scanners/
https://cwatch.comodo.com
http://web-malware-removal.com