Tools, techniques and tutorials

Thumbnail for video explaining how to check website for malware

Is Your Website Infected with Malware? Free Tools to Help You Check.

And You Don’t Even Need to Be “Techy” to Use Them!

Scroll down to watch the video (audio transcript is below that)

Do you know that “bad actors” on the internet will try to infect your site with malware and spam in ways so subtle that you don’t even know they’ve done it? And often they aren’t after your secrets, they just need your website to help them blast spam emails, practice negative SEO, or host hundreds of advertising pages you don’t even know about.

In they process they can hog your website resources and earn you or other websites a bad reputation with Google. For that reasons you need to be able to quickly check your website for unwelcome intruders. Of course there are lots of more technical tools for doing this (if your site is running WordPress our favorite tool for checking and protecting is Wordfence).

In this video we take a look at a number of other tools that require no technical expertise to use, and we find that they are not all created equal.

(Interested in more in depth SEO training? We offer live SEO workshops like this.)

By the way, if you discover that malware is infecting your website, you will need technical help, so be prepared. But whatever you do, don’t ignore this issue. It’s one of the first things we do when we’re doing an SEO Audit.

Audio Transcript

Hi, everyone. I’m Ross with Horizon Web Marketing, and I’m here with another SEO Audit How-To. So, we’ve been working our way through the SEO audit checklist that we use internally when we do an SEO audit on a site and giving you little tips on how you can clear items from your audit checklist. Let’s take a look at the checklist. As we scroll down under the technical factor section of the checklist, you’ll see that one of the sections is security issues, and I’ve done another video that talks about how we can clear these two items. Is the site using https, and is that being served consistently?

detail image of seo audit checklist with the security issues highlighted

Today, we’re going to talk about this question, is the domain clean of hidden malicious code? Now, you may think that your domain is as clean as a whistle, but on the other hand, the people that are out there planting malicious code on websites often do a pretty good job of not letting you know that they’re around. And don’t be going according to the assumption that every time someone hacks into your website, they want to steal something from you. Often they’re hacking into your website so they can do things like blast out spammy emails or put up advertising pages that you don’t know about using your domain, and now also they might use your domain for something called negative SEO, where they plant a whole bunch of really lousy links to other websites to try to take them down, and you’re just the unwitting host of this.

So, here’s how we go about checking a site, and before I do that I’m going to show you this article here and I’ll put a link to this article. It’s a pretty good one, “11 Awesome Tools for Website Malware Scanning.” So I went through there, and I actually saw some tools that I didn’t know about before. They’ve got a list of some. Now, many of these tools are ones you have to install on the backend of your site. What we’re going to focus on today, with the exception of Google Search Console, we’re going to show you tools where you don’t have to have login privileges in order to check out a site.

So, if you do have, when it comes to your own site that you own, probably the first place you’re going to go is to Google Search Console. Now, if you’re not familiar with Google Search Console, you need to change that, and we’ve got some videos that show you how to get set up with it.

When you’re within Google Search Console, on the left you’ll see that there’s a choice called Security Issues, and when we click on that, if Google has picked up on any malware, any malicious code on your site, they’re going to give you a notification here. So typically, they’ll push a notification to you if you have your email entered into Google Search Console, but as a matter of course for sites that we maintain, we make it a practice to check this at least once a month, make sure that Google hasn’t picked up on something that we’ve missed. However, this is a cursory check. It doesn’t catch a lot of stuff. I have had it catch security breaches before, but I don’t think it always does that.

The security issues screen in Google Search Console

Now, some of the checkers that are listed on that page that I showed you are not that great at catching code, so what I did is I decided to go to a website that I know has malware infection because I’ve been following this website for years because they’re a host for what we call negative SEO and have actually been used to launch attacks on at least one of my clients. So, I’m going to go to this website, and here it is. It’s called It’s still up and online. You can see that it’s like an abandoned site. If you dig down into this domain, you’ll see pages like this where basically the pages have been hacked, and then all sorts of images have been placed. And if you dig down into the code, you can find all sorts of shady stuff going on. So, I decided to take this and do a little test on some of the malware checkers that are listed in the article I showed you.

The first one that I went to is this one here called I ran that site through it, came back pretty clean. This is basically a meta check, so it goes and it goes through a lot of different checks. Notice it shows Quttera’s listing this as suspicious. Quttera is another one of the sites that we’re going to take a look at.

Web Inspector, another one here we go to, and boy, it looks like it’s pretty clean so far. And then I’ve gone to Rescan.Pro, which is another resource. We’ve scanned the site and once again, looking good. Alright. Now we’re going to go to the site that we always use when we do a check like this on a client’s website or on a prospect that we’re looking, for example, for a link partnership arrangement. We’re going to go to Sucuri, and a lot of developers know Sucuri. They really know their stuff pretty well. Plugged in the website. Notice, not so clean. “Warning: malware detected. Critical Security Risk. Known Spam detected. Your site is hacked and needs immediate attention. Malicious code was detected on your site.” Notice down here, “Malware detected by the scan and injected spam detected.” So, obviously this site is not as clean as some of these tools would have made it out to be.

picture of results page of check on coopercomputers

Our Go-To Web-Hosted Site Check Is Sucuri

Now, I have plugged this same homepage of this site into Sucuri, and it’s come back clean, even with this tool. As a matter of fact, just last week I was doing a demo where I plugged this computer in. Sucuri came back and said that the homepage was clean, so I had to go and put an internal page into the checker in order to discover the code. The moral of that is when you’re doing a check on your site, don’t stop at the homepage. Pick a couple of internal pages and run them through a couple of different checkers.

Now here, Google has their own what they call a Safe Browsing Report. Notice Cooper Computers came back clean with Google’s own report. But, Sucuri is not the only one. There is Quttera. Remember they were mentioned. It says, “Potentially suspicious content detected on this website.” And you scroll down here and it’ll tell you that it has potentially malicious files that it found on this site.

Also, Siteguarding here, another tool, actually gave me an extremely good readout on this site although it’s a little bit on the technical side. It says, “The website is infected.” Now, this is the one that was probably the most surprising to me because they actually identified the infection as “Spam SEO Linking Anomaly,” which goes along with the negative SEO. That’s a subject for another time, but basically the bottom line is they were able to pick up on the infection at Siteguarding. I think I have one more example here. Nope. No more examples.

So, there we’ve just walked through a few tools. I would say if you’re in doubt, I would typically recommend Sucuri as my first bet go-to site. But as I’ve shown you, these tools are not entirely perfect, and they don’t claim to be. There’s only so much that a tool can do running a scan, but this will give you a good start in checking whether your website is infected.

So, I hope this has been useful to you. Let me know if you have any comments, suggestions for this video or for any others, and definitely subscribe with the big red button. Next to it there’s a little bell icon. Make sure you click on that too because that’s the only way you’ll actually get notifications pushed to you from Google.

I also drop a few more resources and links down in the description, so be sure that you click on the ‘Show More’ button underneath the description to see everything that’s available with this video. And definitely come back and check out our other videos when you have a minute. I’ll see you next time.

Sale Stoppers: Why Some Websites Never Generate Any Business

man unhappy with website sales stares at screen, line drawing

“Why have I invested all this money in a website? It never generates any leads or sales for my business!?! What a waste!”

Have you ever found yourself screaming in frustration at your website because it’s not giving you any return on investment?

Guess what, you’re part of a vast army of disappointed website owners.

Determining the cause of website non-performance isn’t always easy, but we have to start somewhere, and usually in our consulting business at Horizon Web Marketing we start, not with paid search or “organic” SEO, but by looking at the website and asking ourselves: “How can this website do a better job earning money for its owners RIGHT NOW?”

We call this process “conversion rate optimization” (CRO), and it’s all about doing more with the traffic you already have BEFORE you go out and try to attract a bunch of new visitors.

We know from our own experience that this process can bear rich fruit for small business, and so we decided to host a free webinar to give you some actionable tips for identifying and correcting simple, common mistakes that might be standing in the way of your website’s ability to convert visitors to customers.

Join us for free, and ask your questions at the end of the webinar.  I’d love to have you attend, and I’m sure you’ll find it a profitable hour.

This webinar is limited to 100 attendees at the live session.  It will be recorded and freely available for only 30 days after the broadcast date, so make sure you sign up today:

Followbright founder Erin Pheil on splitboard crosscountry outing

Splitboarding and Web Design

Splitboarding vs Snowboarding

Splitboard crosscountry skisMy friend Erin Pheil (owner of Followbright, a web design company) and I were discussing splitboarding, a passion of hers, and how she views another passion, web design.

First of all, “What is a splitboard?” I asked. She explained that a splitboard is a special type of snowboard designed to be split in two lengthwise, to form two separate planks. When special skins are attached to the two planks the splitboard (now in two pieces) can be used to climb ascending slopes.

Why would one want to use a splitboard? Answer: to do back country snowboarding which in recent years has taken off in popularity. It is in the back country where pristine powder is more likely to be found. (Note – Wikipedia: snowboard sales are declining in recent years, while splitboard sales are rising.)

In order to better understand snowboarding vs splitboarding, here are some differences between them:

Location• Ski resort• Anywhere, especially back country
Ski lift• Required• Not required
Fresh powder• Limited access• Virtually unlimited access
Downhill route• Pre-defined by ski resort• Self-defined
Prep Needed• Minimal• Fair amount


So, how do you prep for splitboarding?

Splitboarding requires a fair amount of preparation and planning. Erin explains some major considerations.

Followbright founder Erin Pheil on splitboard crosscountry outing

Ascending a hill on splitboards, almost like uphill cross country skiing

Successful and safe splitboarding requires that you must:

    • Have the understanding that you just can’t show up and go wherever you’d like, like you can at a ski resort


    • Plan your route


    • Inform people of your whereabouts, and always let people know where you are going


    • Check weather conditions


    • Check avalanche conditions


    • Have avalanche certification (preferably Level 2)


    • Understand your group’s dynamics


    • Be highly knowledgeable in back country safety and rescue


  • Constantly assess the situation at all times


Watch Erin enjoy the goods after a two hour long skin on her splitboard in the backcountry of Colorado.

Splitboarding and Web Design

Interestingly  enough, Erin thinks of her web design business in splitboarding terms.  What does this mean?

Erin feels that a special type of client is a good fit for her business.  Her best web clients tend to have a splitboarder (not snowboarder) mentality, as explained below. 

An ordinary snowboarder might be satisfied with a very basic experience, at any ordinary ski resort. Similarly, an ordinary business might be satisfied with an ordinary website design. A client with a splitboarder mentality might be looking for a special experience, on fresh powder away from the tourist crowds. Such a client might be seeking a special website to do special things.


(Not a Good Fit for Followbright)


(Good Fit for Followbright)

  • Considers website as an electronic brochure, full of pretty pictures
  • Views website as a 24/7 salesperson who never sleeps
  • OK with simplistic website, developed by ordinary web developer with “one-size fits all” mentality
  • Requires complex website with many moving parts that work well together by customized programming
  • Lowest price = primary motivator
  • Budget = an investment yielding an ROI that will pay for the web project many times over.
  • Understands that a larger investment will be involved.
  • Typically in a great hurry, having treated web marketing as an afterthought
  • May be in a hurry, but willing to allow enough time to get the job done right the first time
  • Not coachable
  • Coachable
  • Not willing to listen
  • Willing to listen, has intellectual humility
  • May hem and haw, often delay a decision, may have second thoughts afterwards
  • Decisive, confident.
  • Interested in expediency over all else, not appreciative of the subtleties of a job well done or best web design practices
  • Appreciates a job well done and expresses that appreciation
  • OK with cheap copywriters and mediocre content
  • Understands that well written content is critical to search engines and to web visitors

Splitboarding Approach Yields Results

Uphill with skins under the skis

Splitboarding uphill, forging your own path

Some of Erin’s results can be seen on her website and include:

    • Sales increase of 29% to 100%, often within one month to six months


    • Gross revenue up $400K in 20 months for one client


    • 190% new clients in 12 months for another client


  • CEOs testimonials saying “You saved our business” and “I can sleep for the first time in months because of you.”