Sucuri
This company has a solid reputation when it comes to security measures and malware scans. Sucuri SiteCheck can be used to scan your site for known issues with their free trial version.
SiteCheck malware scanning checks not only for malicious software, but defacements and injection attacks. It can also detect whether compromised email accounts have led to your website server getting blacklisted by spam recipients.
The main drawback to the free version is that you have to scan your site manually on your own. Upgrading to the paid premium plan includes automatic alerts via email about any suspicious issues. The full version will remove the malware and remove your IP address from remote server spam lists.
Sucuri also offers a plugin called Sucuri Securiy that offers firewall protection along with malware scans. It also works to provide additional security to known WordPress vulnerabilities, and provides you with a list of logins so you can see exactly who has been using your site. It also has some useful features for recovering in the event you are hacked, such as a utility for resetting passwords.
Virustotal
This is a free web service that identifies and analyzes suspicious files and associated URLs on your site, helping you to detect viruses, worms, and other kinds of malware.
VirusTotal Scanner is a desktop tool which helps you to quickly scan a file for viruses using VirusTotal.com without actually uploading the file.
It performs a direct Hash-based scan on VirusTotal thus reducing the time taken to upload the file.
It is a free online scan service that analyzes suspicious files using 40+ Anti-virus applications. It facilitates the quick detection of viruses, worms, trojans, all kinds of malware and provides reliable results preventing any False Positive cases.
It comes with attractive & user-friendly interface making the VirusTotal scanning process simpler and quicker. You can simply right-click on your file and start the scan.
VirusTotal Scanner is a fully portable tool but also comes with an installer for local installation & un-installation.
WordPress Malware Security Plugins
If you have a lot of image files, you might want an option that lets you exclude them from scans, otherwise the process might be slowed considerably.
Theme Authenticity Checker
This plugin tool can scan your WordPress theme files for malicious content, including illicit footer links and Base64 code injection issues. It will return details on any links that are hard-coded into the template, and while this may not be actually malware, it’s worth checking now and then to see that nothing potentially harmful has been passed in.
WP Antivirus
One security plugin from SiteGuarding engineered for WordPress is WP Antivirus Site Protection, which scans your site for the usual hacker attacks: backdoors, worms, adware, spyware, rootkits, and so on. This plugin will also scan other plugins and media files that have been uploaded to your site. Their free plan will scan your site weekly, but upgrading to paid versions can provide daily monitoring, antivirus protection, and removal of malware, along with automatic notification of uncovered threats.
AntiVirus
This is a simply named, free plugin that scans theme files for spam and malicious code. One of its best features is a convenient alert message that shows up right on your WordPress admin bar. Other options regarding malware detection include email alerts. However, AntiVirus only scans your current themes; other installed themes are not scanned. Unless you’re one of those who like changing themes from time to time, unused themes represent an additional level of risk and should be removed.
Anti-Malware
This is another excellent security plugin that scans and automatically removes malware, viruses, and other identified threats from your WordPress site. It can also beef up your wp-login code to prevent any brute-force login attempts.
Quttera
This plugin, named Quttera Web Malware Scanner, scans your site and generates an easy-to-follow report showing possible threats such as backdoors, malicious iframes, code injection, and much more. It also notifies you if your site has been blacklisted for spam by ISPs.
Wemahu
This is a fairly new plugin that will regularly scan your WordPress site for malicious code and email you a report of detected threats.
so Next step is Remove the Malware Infection
