Let’s talk!

How to Check a Website for Viruses: Signs of Infection and What to Do Next

Learn how to check a website for viruses, spot signs of infection, remove malicious code, protect SEO, and prevent future website security issues.

How to Check a Website for Viruses: Signs of Infection and What to Do Next

A website can look completely normal to its owner while already being infected. It may redirect some visitors to unknown pages, generate spam URLs, display hidden links, inject suspicious scripts, slow down the server, or damage SEO performance without any obvious visual changes on the homepage.

The most dangerous thing about website malware is that it does not always appear immediately. Sometimes a business notices the problem only after Google Search Console reports a security issue, browsers start showing warnings, advertising campaigns are blocked, or organic traffic suddenly drops.

Checking a website for viruses is not something you should do only when the site is completely broken. It should be part of regular website administration, especially if the website brings leads, sales, bookings, payments, or client requests.

In this guide, we will explain how to recognize the signs of website infection, what tools can help you check a site for malware, what to look for in Google Search Console, how viruses affect SEO and advertising, and what steps to take after detecting malicious code.


Why Website Malware Is Not Just a Technical Problem

Many business owners think of website viruses as a simple technical issue: “something broke, a developer will fix it.” In reality, malware can affect several business-critical areas at once: customer trust, SEO visibility, advertising performance, conversions, payment security, personal data, and brand reputation.

If a website is infected, visitors may see browser warnings, be redirected to unrelated pages, download unsafe files, or simply fail to submit a contact form or complete a purchase. For a business, this means lost leads, wasted ad spend, reduced trust, and possible long-term damage to search visibility.

From an SEO perspective, the consequences can also be serious. Search engines may detect hacked pages, hidden redirects, spam content, phishing attempts, or malicious downloads. As a result, the website may lose rankings, receive warnings in search results, or require a security review before returning to normal visibility.


Common Signs That a Website May Be Infected

Not every technical issue means that a website has a virus. A site can be slow because of poor hosting, heavy images, outdated code, plugin conflicts, or server overload. However, some symptoms should never be ignored.


Browser Warnings About a Dangerous Website

If Chrome, Safari, Firefox, or an antivirus system shows warnings such as “Deceptive site ahead,” “This site may harm your computer,” or “The website contains malware,” this is a critical signal.

In this case, simply waiting is not a solution. The site needs to be checked, cleaned, secured, and submitted for review if a search engine or browser has already flagged it.


Unexpected Redirects to Other Websites

One of the most common signs of infection is an unexpected redirect. A visitor opens your website but is suddenly sent to a casino, fake store, adult website, suspicious subscription page, or unknown domain.

This type of infection can be difficult to detect because the redirect may not appear for everyone. For example, the site owner may see the normal version of the website, while new visitors from Google or mobile users are redirected elsewhere.

Malicious redirects can be triggered only for:


  • mobile users;
  • visitors from search engines;
  • users from specific countries;
  • first-time visitors;
  • certain browsers;
  • specific landing pages.

That is why checking only from your own computer is not enough.


Unknown Pages Appearing in Google

Another common symptom is the appearance of spam pages that you never created. These pages may not be visible in the menu or admin panel, but they can still be indexed by Google.

You can do a quick check by searching:

site:yourdomain.com

If you see pages with strange titles, foreign-language spam, suspicious products, gambling content, fake brands, or unrelated keywords, your website may have been hacked.


Sudden Drop in Traffic or Rankings

A decrease in organic traffic does not always mean malware. It can happen because of Google algorithm updates, technical SEO issues, content problems, poor indexing, or stronger competition.

However, if the traffic drop happens together with browser warnings, strange URLs, redirects, Search Console alerts, or server errors, you should check the website for viruses immediately.

Website malware can affect SEO through:


  • spam pages;
  • hidden outgoing links;
  • cloaking;
  • malicious redirects;
  • slow loading speed;
  • server errors;
  • blocked pages;
  • damaged internal structure;
  • suspicious scripts.

Suspicious Files on the Server

If new unknown files appear on the server, especially PHP files with random names, strange JavaScript snippets, duplicated system files, or unknown archives, this may be a sign of infection.

Pay special attention to:


  • the root website folder;
  • theme or template files;
  • plugin or module folders;
  • uploads directories;
  • .htaccess;
  • index.php;
  • configuration files;
  • recently modified files.

Do not delete everything immediately. Some malicious code is injected into working website files, and careless removal can break the site completely.


How to Check a Website for Viruses Online

Online scanners are a good first step. They do not replace a full technical audit, but they can help detect obvious issues such as blacklisting, suspicious redirects, injected scripts, phishing warnings, or known malware signatures.


Google Safe Browsing

Google Safe Browsing helps you understand whether Google considers a URL unsafe. It is useful when browsers show warnings or when you suspect that your website may already be listed as dangerous.

It can help detect:


  • malware warnings;
  • phishing risks;
  • unsafe pages;
  • suspicious downloads;
  • security flags connected to the domain.

However, a clean result does not always mean that the website is completely safe. Some infections are hidden and activate only under specific conditions.


Google Search Console

If your site is connected to Google Search Console, check the security section. This is one of the most important places to look when you suspect malware.

Search Console may show:


  • hacked content;
  • phishing issues;
  • malware;
  • harmful downloads;
  • suspicious pages;
  • examples of affected URLs.

This information is valuable because it helps you understand what Google detected and where the problem may be located.


VirusTotal

VirusTotal allows you to check a URL or file using multiple security engines. It is useful for quick diagnostics when you want to see whether different systems detect the same page as suspicious.

You can use it to check:


  • the homepage;
  • important landing pages;
  • suspicious URLs;
  • downloadable files;
  • scripts or archives before uploading them to the site.

Still, VirusTotal is not a full replacement for checking website files, database records, access logs, and server configuration.


Sucuri SiteCheck

Sucuri SiteCheck is often used for quick website malware scans. It can help detect known malicious scripts, suspicious redirects, blacklist status, and some visible security problems.

It is a good tool for the first stage of checking, especially when you need a quick overview of what may be wrong with the site.


Other Website Security Scanners

Tools such as Quttera, SiteGuarding, Dr.Web URL Checker, and similar services can be used as additional checks. It is better not to rely on only one scanner. If one tool shows nothing but another detects a suspicious script or redirect, this is a reason to investigate deeper.


Why Online Scanners Are Not Enough

Online scanners see the website from the outside. That is helpful, but they usually do not have access to the full file system, database, server logs, cron jobs, hosting configuration, admin users, or source code.

Because of this, online scanners may miss:


  • backdoors hidden in folders;
  • malicious code inside database records;
  • infected files that are not publicly loaded yet;
  • cron jobs created by attackers;
  • unknown admin users;
  • changed file permissions;
  • malware that appears only for specific visitors;
  • cloaking that shows different content to Googlebot;
  • server-level security problems.

A proper website virus check should include both external scanning and internal technical diagnostics.


How to Check a Website Manually

If online tools show a problem, or if there are suspicious symptoms, you need to inspect the website from the inside. This should be done carefully: create backups, document changes, and avoid deleting files randomly.


Check Recently Modified Files

One of the first steps is to check which files were modified recently. If you did not update the website but many PHP, JavaScript, or configuration files changed, this may indicate a compromise.

Suspicious signs include:


  • files with random names;
  • PHP files inside uploads folders;
  • duplicated system files;
  • files with very long unreadable lines of code;
  • functions such as eval, base64_decode, gzinflate, str_rot13;
  • unknown iframe or script injections;
  • hidden links to external domains.

These functions are not always malicious by themselves, but they are important markers for deeper review.


Check .htaccess and Redirect Rules

The .htaccess file is often used for redirects, HTTPS rules, caching, and access settings. Attackers may also use it to add hidden redirects.

Be careful with rules that:


  • redirect only mobile users;
  • redirect visitors from Google;
  • point to unknown domains;
  • contain unclear conditions;
  • appeared without your knowledge.

Before editing .htaccess, always save a copy of the original file.


Check the Database

Malware can be stored not only in files but also in the database. This is especially common in CMS-based websites where content, widgets, theme settings, and custom HTML blocks are stored in database tables.

Look for:


  • unknown <script> tags;
  • iframe injections;
  • hidden external links;
  • suspicious domains;
  • strange HTML blocks;
  • spam content;
  • unknown admin users;
  • modified settings.

This is especially important for WordPress, OpenCart, Joomla, Drupal, WooCommerce, and other CMS-based websites.


Check Admin Users and Access Rights

After hacking a website, attackers often create a hidden admin user or leave another way to return later. This is why cleaning files is not enough.

You need to review:


  • CMS admin users;
  • FTP/SFTP accounts;
  • SSH users;
  • hosting panel access;
  • database users;
  • API keys;
  • CRM integrations;
  • email accounts;
  • payment system access;
  • old contractor accounts.

Remove unknown users and reset passwords for all important accounts.


What to Do If Your Website Is Infected

The biggest mistake is to panic and start deleting random files. This can make the situation worse, remove useful evidence, or break the website completely.

It is better to follow a clear process.


Step 1. Create a Backup of the Current State

Even if the website is infected, create a backup before cleaning. This backup is not for restoring the infected version. It is needed for analysis: to understand which files were modified, where the malicious code was injected, and how the attacker may have entered the system.

Save:


  • website files;
  • database copy;
  • server logs;
  • examples of infected URLs;
  • Search Console messages;
  • results from online scanners;
  • dates when the issue was first noticed.

Step 2. Reduce the Risk for Visitors

If the website is actively redirecting users, showing dangerous content, or spreading malware, it may be better to temporarily limit access or enable maintenance mode.

For an online store or service website, this is unpleasant. But a short technical pause is better than exposing users to danger and damaging brand trust further.


Step 3. Find the Source of Infection

Removing visible malicious code is not enough. You need to understand how it appeared. Otherwise, the website can be infected again in a few days.

Common causes include:


  • outdated CMS;
  • outdated plugins or modules;
  • weak passwords;
  • missing two-factor authentication;
  • infected administrator computer;
  • unsafe file permissions;
  • poor hosting security;
  • old FTP access;
  • nulled themes or pirated plugins;
  • vulnerable custom code;
  • insecure forms;
  • unprotected API endpoints.

If you only remove the visible malware but leave the vulnerability, the problem may return.


Step 4. Clean Files, Database, and Accesses

Depending on the situation, cleaning may include:


  • removing malicious files;
  • restoring clean system files;
  • cleaning infected database records;
  • updating CMS, themes, plugins, and modules;
  • changing all passwords;
  • removing unknown users;
  • checking file permissions;
  • clearing website cache;
  • checking cron jobs;
  • updating API keys and tokens;
  • reviewing server configuration.

If the website has custom functionality, checkout, personal accounts, payment logic, CRM integrations, or APIs, it is better to involve a specialist. In such cases, simple plugin-based cleaning is often not enough. You may need programmer services to review the code, server logic, database, forms, and integrations properly.


Step 5. Check the Website Again

After cleaning, scan the website again.

Check:


  • Google Safe Browsing;
  • Google Search Console;
  • VirusTotal;
  • Sucuri SiteCheck;
  • important landing pages;
  • mobile version;
  • incognito mode;
  • checkout or lead forms;
  • pages that were previously infected;
  • indexed URLs in Google.

Also search again with:

site:yourdomain.com

This helps you see whether spam pages are still indexed.


Step 6. Request a Review in Google Search Console

If Google Search Console reported a security issue, you need to request a review after cleaning the website.

In the request, briefly explain what was fixed. For example: malicious files removed, CMS updated, database cleaned, passwords changed, unknown users deleted, vulnerability closed.

Google may not remove warnings instantly, but if the issue is properly fixed, the warning should disappear after review.


How Website Malware Affects SEO

Website viruses can damage SEO in several ways. Some issues are visible immediately, while others may affect the site slowly over time.


Spam Pages in the Index

Attackers may create thousands of spam pages under your domain. These pages can target gambling, fake products, adult content, pharmaceuticals, or other unrelated topics.

This damages website quality signals and can reduce trust in the domain.


Hidden Links

Malware may inject hidden links into your pages. These links can point to low-quality, hacked, or suspicious websites. Even if users do not see them, search engines may detect them.


Cloaking

Cloaking means showing one version of the page to users and another version to search engines. For example, visitors see your normal website, while Googlebot sees spam content or hidden links.

This is a serious SEO problem and can lead to security or quality issues.


Redirects from Organic Traffic

Some malware redirects only visitors from Google. This means the owner may not notice the issue during a normal check, but search users are sent to dangerous pages.


Loss of Trust

If Google flags a website as unsafe, users may avoid clicking it. Even after cleaning, recovery may take time because the site needs to rebuild trust and technical stability.


How Malware Affects Advertising and Sales

Website malware can also affect paid advertising. Google Ads, Meta Ads, and other platforms may reject ads, block destination URLs, or restrict campaigns if the website is considered unsafe.

For e-commerce and service businesses, this is especially harmful. A user may click an ad, land on an infected page, see a browser warning, or fail to complete a purchase.

After cleaning, you should check the full conversion path:


  • ad landing pages;
  • contact forms;
  • checkout;
  • payment page;
  • thank-you page;
  • email notifications;
  • CRM integration;
  • analytics events;
  • tracking scripts.

It is not enough to clean only the homepage. The entire business funnel should be checked.


How to Protect a Website from Future Infections

Cleaning an infected website is only part of the job. If you do not improve security, the site may be hacked again.


Keep CMS, Plugins, and Modules Updated

Outdated components are one of the most common reasons websites get hacked. If your website runs on WordPress, OpenCart, Joomla, Drupal, WooCommerce, or another CMS, updates should be part of regular maintenance.

However, do not update everything blindly on a live website. Before updating, create a backup and test important functions: forms, checkout, filters, mobile version, payments, and integrations.


Set Up Regular Backups

Backups should be automatic and stored outside the main server. If attackers gain access to the hosting account, they may damage both the website and local backups.

A good backup system should include:


  • website file backups;
  • database backups;
  • several restore points;
  • off-server storage;
  • regular restore testing.

A backup that cannot be restored is not a real backup.


Limit User Permissions

Not every user needs administrator access. A content manager can have editor permissions. An SEO specialist may need access only to certain sections. A contractor can receive temporary access for a specific task.

Basic access rules:


  • do not use admin as a username;
  • do not share one account between several people;
  • remove access after the work is finished;
  • use strong unique passwords;
  • enable two-factor authentication;
  • avoid sending passwords through open chats;
  • review users regularly.

Avoid Pirated Themes and Plugins

Nulled themes, cracked premium plugins, and “free” modules from unknown sources are high-risk. They may already contain backdoors, hidden links, or malicious scripts.

Saving money on a license can lead to higher costs later: malware removal, SEO recovery, lost sales, and reputational damage.


Monitor Website Changes

If the website is regularly updated, you should know what changes were made, who made them, and when. This applies to content, plugins, code, server settings, redirects, and user access.

This is where professional technical website support becomes important. It is not just about fixing bugs. It is about keeping the website stable, secure, fast, and ready for SEO and advertising.


When Online Checking Is Enough and When You Need a Specialist

Online checking may be enough for a quick basic scan, especially if you simply want to make sure that the website is not obviously blacklisted before launching ads or publishing new pages.

But you need deeper technical help if:


  • browsers show security warnings;
  • Search Console reports security problems;
  • the website redirects to unknown domains;
  • spam pages appear in Google;
  • suspicious files appear on the server;
  • malware returns after cleaning;
  • forms or checkout stop working;
  • the website has payments or user accounts;
  • the website has custom code or API integrations;
  • you cannot identify the source of infection.

In these cases, the goal is not only to delete malicious code. The real goal is to close the vulnerability that allowed the infection to happen.


Website Virus Check Checklist

Use this checklist for the first stage of diagnostics.


  1. Check the website in Google Safe Browsing.
  2. Review the security section in Google Search Console.
  3. Scan important URLs with VirusTotal, Sucuri, or similar tools.
  4. Open the website from desktop, mobile, and incognito mode.
  5. Check whether unexpected redirects appear.
  6. Search site:yourdomain.com in Google and look for unknown pages.
  7. Check recently modified files on the server.
  8. Review .htaccess, index.php, theme files, plugin folders, and uploads.
  9. Search the database for unknown scripts, iframes, and external links.
  10. Review CMS users, FTP/SFTP access, SSH access, hosting users, and database users.
  11. Remove unknown users and change all important passwords.
  12. Update CMS, plugins, modules, and server components.
  13. Clear cache and check the site again.
  14. Submit a review in Google Search Console if the site was flagged.

Typical Mistakes After a Website Infection

Deleting a Few Suspicious Files and Stopping There

Visible malware is often only a symptom. If you do not find the source of infection, the same problem may return.


Restoring an Old Backup Without Checking It

The backup may already contain malware. Restoring it blindly can bring the infection back.


Not Changing Passwords

After cleaning, you should change passwords for CMS, hosting, FTP/SFTP, SSH, database, email, and connected services. Otherwise, the attacker may return through the same access point.


Ignoring Google Search Console

Even if the website looks normal again, Search Console may still contain security warnings or examples of infected URLs. Always check it after cleanup.


Forgetting About SEO Recovery

After malware removal, check indexing, sitemap, robots.txt, canonical tags, redirects, spam URLs, and external links. A website can be technically clean but still have SEO problems left behind.


FAQ

How do I know if my website has a virus?

Common signs include browser warnings, unexpected redirects, unknown pages in Google, sudden traffic drops, suspicious server files, unknown admin users, user complaints, or security alerts in Google Search Console.


Can I check a website for viruses for free?

Yes. You can use tools like Google Safe Browsing, Google Search Console, VirusTotal, Sucuri SiteCheck, and other online scanners. However, free tools may not detect hidden malware in files, database records, server settings, or cron jobs.


If an online scanner finds nothing, is my website safe?

Not necessarily. Some malware appears only for mobile users, visitors from Google, users from specific countries, or first-time visitors. A full check should include files, database, access logs, users, and server settings.


What should I do first if my website is infected?

Create a backup of the current state, document the symptoms, check Search Console, scan important URLs, and then investigate the source of infection. Do not delete files randomly without understanding what caused the issue.


Can website malware affect SEO?

Yes. Malware can create spam pages, hidden links, redirects, cloaking, slow loading, server errors, and security warnings. All of this can harm rankings, indexing, and user trust.


Should I close the website while cleaning it?

If the website redirects users, displays dangerous content, or may harm visitors, it is better to temporarily limit access or enable maintenance mode until the problem is fixed.


How often should I check my website for viruses?

For a small business website, a basic monthly check is a good minimum. For e-commerce, paid advertising websites, booking platforms, or sites with user accounts, security checks should be more frequent and part of ongoing maintenance.


Can I remove website malware myself?

If the infection is simple and you have technical experience, it may be possible. But if the site has CMS plugins, custom code, payments, CRM integrations, or repeated infections, it is better to involve a specialist. The key is not only to remove the malware but also to close the vulnerability.


Conclusion

Checking a website for viruses is not just a technical task. It is part of protecting your business, SEO, advertising budget, customer trust, and online reputation.

Online scanners can help you detect obvious problems, but they are only the first step. A serious website security check should also include server files, database records, admin users, access rights, logs, redirects, and Search Console data.

If the website is already infected, do not panic and do not delete files randomly. Create a backup, identify the source of infection, clean the website, change access credentials, update vulnerable components, and check the site again. If Google has flagged the website, request a review only after the issue is fully fixed.

The best approach is prevention: regular updates, backups, access control, monitoring, and proper website administration. This reduces the risk of infection and helps keep the website stable, secure, and ready for SEO, advertising, and sales.

Також може зацікавити

When Does a Business Need a Website Redesign? 9 Signs You’re Already Losing Leads

When Does a Business Need a Website Redesign? 9 Signs You’re Already Losing Leads

When does a business need a website redesign? Discover 9 signs your site is losing leads due to weak UX, outdated visuals, poor mobile experience, and low trust.

How to Prepare Before You Order a Landing Page for Your Business

How to Prepare Before You Order a Landing Page for Your Business

What you need to prepare before ordering a landing page: your offer, structure, CTA, traffic sources, content, trust elements, and analytics. A practical guide for businesses that want real leads, not just a nice-looking page.

Landing Page Structure for Business: How to Build a Page That Sells

Landing Page Structure for Business: How to Build a Page That Sells

Learn how to build a landing page structure for business: key sections, CTA logic, trust elements, cases, FAQ, and how structure changes by niche, traffic source, and price point.