🛡️ WP Security Scanner
40+ malware & vulnerability patterns

Is Your WordPress Site
Secretly Hacked?

Instantly scan themes & plugins for backdoors, malware, and injected code. Know exactly what's wrong and how to fix it — in seconds.

No server access needed Works on any PHP host Results in under 10 seconds Free to start
📦

Drag & drop your ZIP here, or click to browse

Free: 20 MB  •  Premium: 150 MB

Get a license key to unlock exact line numbers, fix guides & secure code examples.

5 free scans/hour per IP

What We Detect

Every pattern is designed from real-world WordPress hacks we've seen in the wild.

💀

Backdoors & Webshells

Detects classic ?cmd= webshells, hidden remote access scripts, and obfuscated shell execution via system(), passthru(), and backtick operators.

🧬

Obfuscated Malware

eval(base64_decode(...)), eval(hex2bin(...)), create_function() — the most common tricks hackers use to hide code inside clean-looking files.

💉

Code Injection

SQL injection risks in old mysql_query() calls, XSS from unescaped output, path traversal in file includes, and unsafe unserialize() usage.

📡

Spam & SEO Malware

Injected hidden links, pharma hack patterns, external link spam, and code that sends visitors to other sites without your knowledge.

🔑

Weak Credentials & Auth

MD5 password hashing, hardcoded passwords in source, use of insecure rand() for security tokens, and debug info exposure via phpinfo().

🚫

Deprecated & Removed Functions

Old mysql_* functions removed in PHP 7, ereg(), create_function(), and other functions that also introduce security holes.

Remote File Inclusion

Detects include(http://...) and require(https://...) patterns that let attackers execute code from external servers.

📋

Server & Info Leaks

display_errors=1, phpinfo(), var_dump() in production — each one gives attackers a free map of your server configuration.

How It Works

Three steps. No technical knowledge required.

1 📦

Upload or Enter Path

Upload your theme or plugin as a ZIP file, or enter its full server path. Works with any WordPress installation on any host.

2 🔍

Instant Deep Scan

The scanner checks every PHP, JS, and HTML file — up to 40 malware patterns — recursively through all folders in seconds.

3 📋

Get Your Report

See every issue grouped by severity: Critical, High, Medium, Low. Premium users get exact line numbers and step-by-step fix guides.

Free vs Premium

Premium gives you everything you need to actually fix what's wrong.

Feature
Free
Premium
40+ vulnerability patterns
ZIP upload (up to 20 MB)
ZIP upload (up to 150 MB)
Severity-based filtering
Exact line numbers
Step-by-step fix guides
Secure code examples
Unlimited scans
Export HTML report
5 scans/hour (free tier)
$0
Get Premium from $9.99/mo
🔒

100% Server-Side

Your files never leave your server. The scanner reads and reports — nothing is stored or sent anywhere.

Under 10 Seconds

Scans a full theme (200+ files) in under 10 seconds. No waiting, no queues.

🧹

Temp Files Deleted

ZIP uploads are extracted to a temp folder and immediately deleted after the scan completes.

Ready to clean your WordPress site?

Upload your theme or plugin above — it's free to start. Upgrade for full fix guides.

Scan for Free ↑ See Pricing