WP Malware Inspector helps you scan files and database content, verify official checksums, review suspicious code, quarantine risky files, and upgrade into proactive monitoring when you need deeper protection.
Scans across the places malware usually hides
The free version already gives you a serious malware triage workflow with scanning, review tools, history, and safe containment.
Scan WordPress core, plugins, themes, uploads, MU plugins, and root files for suspicious patterns like eval, base64_decode, shell_exec, packed payloads, risky filenames, and iframe injections.
Compare WordPress core files and WordPress.org plugin files against official checksums to spot tampering, hidden edits, or modified payloads fast.
Inspect posts, options, widgets, and users for injected scripts, suspicious URLs, spam payloads, and database-only malware that file scanners often miss.
Move suspicious files into quarantine, restore them if needed, or review them safely before cleanup. You stay in control of every action.
Run AJAX-based chunked scans with live progress so large WordPress installs are easier to inspect without common timeout pain.
Flag heavily obfuscated files using entropy scoring so sophisticated payloads and encoded droppers are easier to surface and investigate.
Whitelist known-safe files, inspect suspicious files inline, and keep your reports focused on findings that actually need attention.
Keep scan history, export reports, and reinstall clean WordPress core files directly from the dashboard when cleanup work needs a trusted reset.
Run on-demand or scheduled scans across files and database content, with checksum verification, entropy analysis, and chunked processing for larger installs.
Inspect suspicious files inline, filter by risk or category, review scan history, export reports, and focus on the findings that actually deserve attention.
Quarantine risky files, restore safe ones, reinstall clean core files, and move into Pro workflows for integrity monitoring, repair, and long-term hardening.
WP Malware Inspector Pro adds the monitoring, intelligence, hardening, and repair workflows that agencies and site owners need after the first scan.
Build a trusted baseline of your files, scan for changes on a schedule, and review clean summaries when something shifts unexpectedly.
Check core, plugins, and themes against vulnerability data so outdated or exposed components are easier to catch before attackers do.
Rate-limit repeated failures, trigger lockouts by IP or username, and get better visibility into suspicious login behavior.
Inspect suspicious requests, optionally block them, block risky PHP uploads, and harden uploads execution for extra protection.
Compare local files with official sources and restore supported core or WordPress.org plugin files directly from the admin workflow.
Track security events like lockouts, firewall detections, integrity scans, and repair actions from dedicated Pro tabs.
Same visual workflow, same product family, with Pro extending the scanner into a broader security operations toolkit.
| Feature |
Free
$0
|
Most Popular
Pro
$20per year - 1 site
|
|---|---|---|
| Scanning and Investigation | ||
| On-demand malware scans | ||
| AJAX chunked scanning for larger sites | ||
| Core checksum verification | ||
| WordPress.org plugin checksum verification | ||
| Database scanning | ||
| Entropy analysis for obfuscated code | ||
| Inline suspicious file viewer | ||
| JSON or CSV style report export | ||
| Cleanup and Workflow | ||
| File quarantine and restore | ||
| Whitelist management | ||
| Auto-quarantine PHP files in uploads | ||
| Scan history tracking | ||
| WordPress core restore helper | ||
| Official file compare and repair | - | |
| Monitoring and Protection | ||
| Scheduled scans and email alerts | ||
| Integrity baseline generation | - | |
| Scheduled integrity monitoring | - | |
| Vulnerability intelligence | - | |
| Login security and lockouts | - | |
| Firewall request inspection | - | |
| PHP upload blocking and uploads execution hardening | - | |
| Activity log and Pro dashboard tabs | - | |
| Download Free | Get Pro | |
WordPress.org install with no account required
30-day refund guarantee and instant delivery
No. It is built as a review-first investigation and cleanup tool. You can scan, inspect, quarantine, restore, and compare files, but you stay in control of final actions.
The free version includes file scanning, checksum verification, database scanning, whitelist management, quarantine and restore, scan history, exports, scheduled scans, alerts, and optional auto-quarantine for risky PHP files found in uploads.
Pro adds integrity baseline monitoring, vulnerability intelligence, login security, firewall inspection, uploads hardening, activity logs, and official compare and repair workflows for supported files.
Yes. It is useful for post-hack triage and cleanup because it helps you locate suspicious files, review findings, inspect database content, quarantine risky files, and restore trusted sources where appropriate.
The scanner is designed for admin-driven and scheduled workflows. The free scanner uses chunked processing, and Pro monitoring runs on schedules rather than continuously on every page load.
Start with the free scanner today. Upgrade to Pro when you want integrity monitoring, vulnerability intelligence, hardening, and a broader incident-response workflow.
Built for review-first cleanup, safer quarantine workflows, and modern WordPress security operations.
Get notified about new plugins, updates, and exclusive tutorials.
No spam ever. Unsubscribe anytime.