🔍 Security Scanner
File integrity monitoring, malware detection, and vulnerability scanning for WordPress. Know exactly what changed, what's suspicious, and what needs fixing.
See It in Action
Explore the admin interface — click any screenshot to zoom
What This Solves
Malware can sit undetected in WordPress files for weeks. Core files get modified, backdoors get injected, and vulnerabilities go unpatched. Security Scanner monitors file integrity against official WordPress checksums, detects malware patterns, identifies known vulnerabilities, and provides quarantine management for suspicious files.
Who This Module Is For
Sites That Need Malware Monitoring
If you have ever been hacked or worry about hidden backdoors, continuous file integrity monitoring and 62+ malware signatures catch threats the moment they appear.
Agencies Managing Client Security
Scan every client site from one place. Quarantine suspicious files, track security scores over time, and deliver professional reports that prove the value of your maintenance plan.
Anyone Needing Compliance Audit Trails
PCI-DSS and SOC 2 require file integrity monitoring. The scanner logs every change with timestamps, severity, and matched patterns so you have a ready-made audit trail.
Key Features
Core File Integrity
Compares every WordPress core file against official checksums from wordpress.org. Instantly identifies modified, missing, or added files that shouldn't be there.
Malware Detection
Scans with 62+ pattern signatures covering base64-encoded payloads, eval injections, hex-escaped obfuscation, backdoor shells, and known malware families.
Vulnerability Scanning
Checks installed plugins and themes against known CVE databases. Flags outdated or vulnerable components with severity ratings and recommended actions.
File Quarantine
Isolate suspicious files safely without deleting them. Quarantined files are moved out of the web root and can be restored with one click if they turn out to be false positives.
Scheduled Scans
Configure automated daily or weekly scans via WP-Cron. Receive email notifications when new issues are detected so you never miss a threat.
Security Score
Get an A-F grade based on scan findings. Track your security posture over time with historical score trends visible on the dashboard.
How Scanning Works
The Security Scanner performs three distinct scan types, each targeting a different layer of your WordPress installation. Scans run in the background using batched processing to avoid impacting site performance.
Core Integrity Checks
Every WordPress release includes an official set of MD5 and SHA1 checksums. The scanner downloads the checksum manifest for your exact WordPress version and compares each core file byte-for-byte.
- Detects modified core files (often a sign of compromise)
- Identifies unexpected files added to core directories
- Flags missing files that may have been deleted by an attacker
- Supports WordPress versions 4.0 and above
What Gets Checked
wp-admin/— all admin interface fileswp-includes/— core libraries and functions- Root files —
wp-config.php,index.php,.htaccess wp-content/plugins/— all active and inactive pluginswp-content/themes/— all installed themeswp-content/uploads/— scanned for PHP files that shouldn't exist
Malware Detection Engine
The malware scanner uses a signature-based approach with 62+ detection patterns. Each pattern targets a specific obfuscation technique or known malware family. The engine handles hex-escaped strings, nested base64 encoding, variable function calls, and other common evasion methods.
Signatures are categorized by severity (critical, high, medium, low) and each match includes the exact file path, line number, and matched pattern so you can quickly assess whether it's a genuine threat or a false positive.
Quarantine System
When a suspicious file is found, you can quarantine it with one click. The file is moved to a secure directory outside the web root, its original path and permissions are recorded, and a log entry is created. If the file turns out to be legitimate, restoring it takes a single click and puts everything back exactly as it was.
- Quarantined files are stored outside the web root for safety
- Original file path, permissions, and ownership are preserved
- Full audit trail of quarantine and restore actions
- Bulk quarantine for handling multiple infected files at once
Why Upgrade Scanner to Pro
Free scans and detects threats. Pro adds longer forensic history for incident investigation — trace when a file was first modified, not just that it changed. Scheduled PDF reports give clients and stakeholders regular proof that their site is monitored. Priority support means faster expert guidance when a scan flags something serious. See this data in your cloud dashboard — alongside all your other sites.
Free vs Pro
Free scans and monitors your files. Pro adds longer scan history for incident investigation, scheduled PDF reports, and faster expert support.
| Feature | Free | Pro |
|---|---|---|
| File integrity monitoring | ✓ | ✓ |
| Malware scanning (62+ patterns) | ✓ | ✓ |
| Vulnerability detection | ✓ | ✓ |
| Quarantine management | ✓ | ✓ |
| Scan history | 7 days | Up to 10 years |
| Scheduled scan reports | ✗ | ✓ PDF weekly |
| Priority support | Community | 24h email |
| €0 forever | €79 /year (10 sites) — €6.50/mo | |
| Included Free | Start Free Trial No credit card required |
All Pro features included in the Pro plan at €79/year (10 sites). Managing client sites? See Agency plan →
Ready to Scan Your WordPress Site?
Install Security Scanner from the WordPress plugin directory and run your first scan in under a minute.
Get Started Free See All Plans →