Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall

By Jubayer Hossain ยท Recently Updated โœ“ ยท Well Documented โœ“
Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall
Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall
Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall
Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall
Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall
Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall
Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall
Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall
Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall
Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall
Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall

Malware Inspector Pro – Malware Scanner, Integrity Monitor, Security and Firewall v1.3.0

Product Features

  • Malware scanning for WordPress core, plugins, themes, uploads, MU plugins, and root files
  • Detection of suspicious code patterns such as obfuscated code, shell functions, injected iframes, and risky filenames
  • WordPress core checksum verification to spot tampered core files
  • Plugin checksum verification for supported WordPress.org plugins
  • Database scanning for injected scripts, suspicious URLs, and spam content
  • Scan history with saved reports and trend tracking
  • File quarantine to disable suspicious files safely
  • File restore, delete, download, and review tools for investigation
  • Whitelist support for trusted files you want excluded from future scans
  • Scheduled scans with email alert support
  • Integrity monitoring to detect new, modified, or missing files
  • Integrity baseline creation for more reliable change detection
  • Vulnerability intelligence for WordPress core, plugins, and themes
  • Login security with failed-login rate limiting and lockout controls
  • Firewall-style request inspection for suspicious activity
  • PHP upload blocking for uploads directory protection
  • Uploads execution hardening to reduce abuse of uploaded files
  • Official file compare and restore tools for supported WordPress files
  • Security activity logging for better incident tracking
  • WordPress core restore helper after malware cleanup
โ–ถ Live Demo ๐Ÿ“ฆ More Products ๐Ÿ“– Documentation ๐Ÿ’ฌ Support

# Changelog โ€” Malware Inspector Pro

All notable changes to this plugin are documented here.
Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

---

## [1.3.0] โ€” 2026-04-13

### Changed
- Plugin renamed from **WP Malware Inspector Pro** to **Malware Inspector Pro** across all headers, email notifications, error messages, and UI strings.
- Author confirmed as **BroodWeb** across all plugin headers.
- Version constant `WMTP_VERSION` bumped to `1.3.0` (triggers browser cache-bust for JS/CSS assets).

### Added โ€” Login Security tab
- **Login Honeypot** card moved from Hardening tab into the Login Security tab for better discoverability. Saves independently via dedicated `wmtp_save_honeypot` AJAX action โ€” does not overwrite other hardening settings.
- **Login reCAPTCHA** card moved from Hardening tab into the Login Security tab. Supports Google reCAPTCHA v2 (checkbox widget) and v3 (invisible, score-based). Configurable v3 score threshold. Falls back gracefully on Google API network failure to avoid locking out legitimate users.

### Added โ€” Hardening tab
- **Security Headers** โ€” inject protective HTTP response headers on every page load with no server config required: `X-Frame-Options`, `X-Content-Type-Options`, `Referrer-Policy`, `Permissions-Policy`, `X-XSS-Protection`, `Strict-Transport-Security`, and a configurable `Content-Security-Policy` with Report-Only mode.
- **XML-RPC Protection** โ€” three modes: Allow, Allow + Log (every call recorded in Activity Log), or Disable completely (returns 403).
- **User Enumeration Protection** โ€” block `?author=N` URL enumeration (returns 403) and restrict the REST API `/wp/v2/users` endpoint to authenticated users.

### Improved
- Hardening tab status cards row updated to reflect moved features (Honeypot card removed, remaining cards reordered).
- `render_login_security_tab()` early-return removed so Honeypot and reCAPTCHA cards render even when there are no active lockouts.

### Fixed
- `enqueue_assets()` now accepts both `tools_page_malware-inspector` and `tools_page_wp-malware-inspector` hook names, resolving a critical bug where all Pro JavaScript failed to load when the free plugin used a different menu slug.
- Dependency check updated from `class_exists('WPMalwareInspector')` to `class_exists('WMT_Malware_Inspector')` to match the actual free plugin class name.

---

## [1.2.0] โ€” 2026-03-20

### Added
- **Brute-force lockout** โ€” rate-limit failed login attempts; lock by IP and/or username with configurable threshold, duration, and attempt window.
- **Email notifications** โ€” alert admin on new lockouts with per-IP notification cooldown to prevent inbox floods during attacks.
- **Permanent IP Blocklist** โ€” manually block IPs at the `authenticate` filter and firewall layer regardless of lockout settings. Block/unblock directly from the Active Lockouts table.
- **IP Geolocation** โ€” show attacker country and flag emoji in the lockouts table and email notifications. Uses ip-api.com with 24-hour transient caching (no API key required).
- **Activity Log** โ€” timestamped log of security events: lockouts, IP blocks, hardening changes, firewall hits.
- **Firewall Lite** โ€” inspect incoming requests for path traversal, SQL injection, and code-execution payloads. Configurable block mode (log only or hard 403). Protects frontend, login, REST API, and uploads directory.
- **Uploads PHP execution protection** โ€” write `.htaccess` / `web.config` rules to block PHP execution inside the uploads directory.
- **Pro Reports tab** โ€” vulnerability scanner against the WPScan-compatible feed for installed plugins and themes.
- **Repair Tools tab** โ€” compare and restore individual WordPress core files from the official source.
- **Integrity Monitor** โ€” periodic baseline snapshot with email alert on file additions, modifications, and deletions.

### Improved
- Login settings defaults: notification cooldown raised to 60 minutes; lockout duration default 30 minutes; max lockout duration raised to 10080 minutes (7 days).
- Database migration (`maybe_migrate_lockouts_table`) adds `country` and `country_code` columns to existing installs without data loss.

---

## [1.1.0] โ€” 2026-01-10

### Added
- Pro admin UI integrated into the free plugin's tab bar.
- Vulnerability feed data file with scheduled daily refresh.
- File comparison viewer (diff against official WordPress source).

---

## [1.0.0] โ€” 2025-12-01

### Added
- Initial release.
- Pro add-on scaffold with dependency check for the free Malware Inspector plugin.
- Integrity baseline builder and monitor with email alerts.
- Admin-only assets (JS/CSS) enqueued only on the Malware Inspector admin page.

Newsletter

Stay in the loop

Get notified about new plugins, updates, and exclusive tutorials.

No spam ever. Unsubscribe anytime.