When you run a WordPress website, it can be distressing and even annoying when visitors suggest that you might be hacked, based on their PC’s antivirus notifications. Here is why and how this happens.

One of the most harrowing experiences for any WordPress website owner, is that of getting hacked, especially when they don’t even know that they had been harboring malicious code. This is why it’s helpful to be aware beforehand, of the signs that your WordPress site has been hacked.

A very common sign of a hack nowadays, is that of visitors’ antivirus software (like Avast, Avira, Kaspersky, or Norton) flagging websites.

When this happens, it can be confusing to new website owners on WordPress because of the general idea that PC antiviruses can’t scan WordPress websites, and vice versa.

What most people don’t know, though, is that there are a number of PC antivirus softwares that also scan URLs of websites that users visit.

Most of the time this feature comes with the premium versions of antivirus software though.

Why do computer antivirus products scan websites?

First of all, these products don’t effectively scan the entirety of a WordPress website.

However, some antivirus solutions for personal computers have a feature called ‘URL Scanners’, to make sure that the user of the computer doesn’t get affected by malicious websites. These scanner check if URLs entered have been reported in the past for malicious code that could affect computers.

Even innocent-looking websites could infect computers by an exploit called ‘drive-by-downloads’. These are malicious files that websites scam their visitors into downloading, such as a free game .exe file.

How do computer antivirus products scan websites for malware?

URL scanners examine web pages against a repository of reports of threats to see if they have had any instances of malware reported in the past.

Since companies producing antivirus softwares and security solutions need to keep updating their collection of malware signatures, their list is up to date. Resources like VirusTotal (a subsidiary of Google dedicated to scanning files and URLs), collaborate with these companies and aggregate the signatures to help keep the dataset relevant.

Signatures of antivirus solutions present on VirusTotal are updated every 15 minutes, so the latest datasets are always used. Since VirusTotal is also a free, online, public offering that helps scan files and URLs, every file and URL sent to VirusTotal is sent to antivirus and security companies to help them keep up to date. When a signature is detected by one of the PC antivirus solutions that collaborate with VirusTotal, it is, by default, sent to all the collaborators (67 in total for URL scanners), that do not detect the resource. These signatures are also stored in a database, that all premium collaborators are given access to.

What to do once a PC antivirus flags your website

Once your website has been flagged, it is best to take the following steps:

Step 1: Update your WordPress website

Outdated versions of WordPress core, themes, or plugins could all have vulnerabilities, one of which the hacker might have exploited. However, there are chances that updating these elements might break your site. This takes us to our next step.

Step 2: Invest in an intelligent WordPress malware scanner and cleaner

This step is crucial. Selecting a solution in this regard that works to efficiently scans for hacks and removes malicious code would save you a lot of trouble. However, it’s important to make sure that this solution doesn’t report false positives, and yet doesn’t miss any malware.

Step 3: Invest in a reliable WordPress backup solution

It is important that you invest in a robust, dependable WordPress backup solution. This way, once your site is clean, you can back your site up, before experimenting with updated versions of WordPress core, themes, or plugins that have lesser vulnerabilities.

It can be distressing to hear from visitors to your site that you might be hacked. However, hacks and malicious code cause more damage with time. It is important to act on this information as quickly as possible.