The external scanner views the site from the user's perspective. It runs on our servers and crawls the pages on your site for the following threat indications:
- Cross-Site Scripting (XSS) injection
- Obfuscated JavaScript injection
- SPAM
- Phishing
- Code injection
- Malicious iframes
- Malicious redirects
- Defacement
- Drive-by downloads
- Trojans
- Backdoors
- Worms
- Spyware
- Viruses
The content of a WordPress page as seen by a client is the product of the content stored in the database, modified by the theme and plugins. Any of these could introduce JavaScript through links to third-party servers. Often this is a legitimate practice, but the added code could be malicious.
Examination of the files alone won't detect all the ways an infection can introduce hostile elements. It requires an external scan to see what is ultimately delivered to the user.
To run the external scan on your site, go to
WordPress Admin Panel -> Dashboard
Click on "Quttera" in the left panel and select "External scanner." You should see the name of your website. Click on the "Scan Now" button.
Wait for the scan to finish, then click on "Full investigation report." Review the report for any threats indicated.