Real-time malware detection for WordPress

Detect & Clean
Hacked WordPress Sites

Scan themes and plugins for backdoors, spam scripts, crypto miners, webshells, and 30+ malware patterns.

✓ No plugin install ✓ Read-only scanner ✓ 30+ patterns

No key? Get Premium for exact lines, fix guide & 150 MB ZIP

Detects: Critical (8) High (8) Medium (8) Low (6)

Backdoor Detection

Finds eval(base64_decode), webshells (c99/r57), assert() backdoors, preg_replace /e.

Spam Script Detection

Detects mailer spam, hidden SEO links, pharma hack, Japanese keyword injections.

Crypto Miner Detection

Finds Coinhive, CryptoLoot, and browser-based cryptocurrency mining scripts.

SQL Injection Risk

Flags unsanitized database queries missing $wpdb->prepare() calls.

Permission Issues

Detects chmod 777, remote file inclusion, and insecure file write patterns.

JS Obfuscation

Finds document.write with unescape/fromCharCode drive-by download techniques.

How It Works

1

Enter Path

Provide the absolute server path to your WordPress theme, plugin, or root.

2

Scan

All PHP, JS, HTML files are scanned against 30+ malware signatures.

3

Fix

Review by severity. Premium: exact line numbers and step-by-step fix guide.

Feature
Free
Premium
Detect all malware patterns
Severity classification
Blurred code preview
Exact line numbers
Full malicious code view
Step-by-step fix guide
Security hardening tips
Downloadable HTML report
Unlimited scans
Use Free
Get Premium →