You can easily check WordPress for malware by using an external online scanner or by using a WordPress plugin. Malware is an ongoing problem with websites running WordPress which is typically due to out-dated themes and plugins. This can either be from not manually updating, or due to the developer not providing a patched version.
The easiest method of checking for malware is to utilize an online malware scanner such as Google’s Virus Total which is one of the best out there. Simply select “URL” and type in your website address to perform the scan utilizing a large library of definitions. Typically, WordPress malware will affect the entire site and not just a single page/directory since it is a content management system (CMS). Therefore, you really only need to scan one page of your site and not all pages. It will provide basic results if any malware is found on the URL.
Another way to scan your WordPress site for malware is to use a security plugin such as Wordfence. The free option will allow you to scan your entire site including all files. If malware is found it will provide detailed results to include the affected file(s) so that you can take action.
Once you have determined if malware exists on your WordPress site it is time to sanitize the affected files and patch the exploit that was used to gain access. This is the most difficult process as you will need knowledge of standard web programming languages and web server fundamentals.
It is best to research the type of malware based upon the footprint it leaves which will give you clues as to the type of exploit that was used to compromise your WordPress installation. You can then patch your site appropriately so that it is not compromised again.
Finally, once your site has been sanitized and patched, be sure to change the MYSQL database password as well as passwords for all WordPress users.