WSN includes an antivirus utility which you can run at Admin Panel -> Maintenance -> Antivirus. Note that it may take 5 or 10 minutes to complete the scan, just leave it running in a background tab. This utility will scan for known malicious content. In order to detect unknown hacker tools it'll also scan for any files which aren't part of a normal WSN installation, and will prompt you to whitelist or delete them. The files marked as suspect will fall into one of these three categories:
- Files/subdirectories that used to be standard in WSN, aren't anymore, but haven't been autoremoved. You'll want to delete these.
- Files/subdirectories you intentionally created (including custom templates/pages which you may have created via the Admin Panel instead of manually uploading). You'll want to whitelist these. If you have custom subdirectories, such as for other scripts (wordpress etc) installed on the same site, you can whitelist those in their entirity.
- Files of unknown origin. You could use FTP to open these in a text editor to see if their content looks malicious (malicious files are usually obfuscated, unlike legitimate files). Also feel free to send a list of them to WSN support to ask if they're likely to be malicious. If the file does seem to be malicious, make a note of the last modification time (the antivirus lists this for you) and have your web host check the apache access logs to see if there was a hacking action at that time.
To be sure you learn of attacks quickly, you may want the antivirus to run automatically and email you if anything suspicious is found. To enable the automatic antivirus, go to Admin Panel -> Settings -> Tweaks Editor and enable the autoantivirus tweak. It'll run once a day. A report will only be emailed if there are suspect files, not if everything's okay. If a report shows any suspect files, you'll be prompted to run a manual scan in order to deal with them.