Descrição
Deep Malware Cleaner is a lightweight deep malware scanner built for WordPress. It performs a thorough deep cleanup scan of your wp-content directory, detects backdoors, cleans injected site scripts, fixes redirect hacks, and triggers malware auto-purge — all from your WordPress admin dashboard with no external service, no subscription, and no data ever leaving your server.
Whether you’re dealing with a live attack, a hidden backdoor, or a redirect hack silently sending visitors to malicious sites, Deep Malware Cleaner gives you the tools to scan, alert, and act — fast.
Core Capabilities
Deep Cleanup Scan
Walks your entire wp-content directory, inspecting every PHP file for known malware signatures, obfuscated code, and injected payloads. Results are sorted by severity so the worst threats surface first.
Backdoor Fixer
Detects PHP backdoors uploaded through vulnerable plugins or themes — including webshells, remote-execution scripts, and hidden PHP files inside the uploads folder where no PHP should ever exist.
Site Script Cleaner
Identifies injected JavaScript and malicious <script> tags, hidden iframes, and obfuscated code blocks embedded in your theme or plugin files.
Redirect Hack Fix
Flags the PHP patterns most commonly responsible for redirect hacks — including header() injection, variable-based shell execution, and compressed payload backdoors used to silently redirect visitors to attack sites.
Malware Auto-Purge
Remove confirmed threats directly from the scan results screen without touching FTP or cPanel. Quarantine or delete flagged files in one click.
Login Protection
Hardens your WordPress login against brute-force attacks and unauthorized access attempts — an essential layer of website protection alongside active scanning.
Instant Alerts
Get notified the moment a scan finds a threat. Real-time alerts keep you informed so you can respond before an attack escalates.
What the Scanner Detects
- eval(base64_decode(…)) — the most widespread PHP malware obfuscation and attack vector.
- eval(gzinflate(…)) / eval(gzuncompress(…)) — compressed-payload backdoors.
- eval(str_rot13(…)) — rotation-cipher obfuscated malware.
- Shell execution with dynamic arguments —
shell_exec,passthru,proc_open,popen, andsystemcalled with a variable, a classic attack pattern for remote code execution. - Hidden iframes —
<iframe>elements injected withdisplay:noneused to load malicious content invisibly. - Long base64 strings — unusually large base64 blobs embedded in PHP, a common technique for hiding large attack payloads.
- PHP files inside the uploads directory — any
.phpfile inwp-content/uploads/is flagged High severity; legitimate uploads are never PHP files.
Key Features
- Lightweight deep malware scanner — scans up to 500 files per run in under 25 seconds, safe on shared hosting.
- On-demand scan — runs only when you click Start Scan, never in the background.
- Deep Cleaner dashboard — at-a-glance stats: threats found, files scanned, time since last scan.
- Website Security & Website Protection — comprehensive coverage against the most common WordPress attack types.
- Troubleshoot mode — detailed per-file reporting to help you understand exactly what was found and why it was flagged.
- Secure login hardening included.
- All scan history stored in your own database — nothing leaves your server.
- No account, no API key, no external requests.
- Translatable — full
.potfile included.
Who Is This For?
- Site owners who received a “this site may be hacked” alert from Google.
- Developers who need to troubleshoot a suspected redirect hack or injected script.
- Agencies that manage multiple WordPress sites and need a fast, lightweight scanner with no SaaS dependency.
- Anyone who wants ongoing website security and website protection without a monthly fee.
Privacy
This plugin makes zero external HTTP requests. No data is sent to any third-party server. Scan results are stored only in your own WordPress database and are removed when you uninstall the plugin (if that option is enabled in Settings).
Capturas de tela
Dashboard — At-a-glance security overview showing a threat alert notice, scan statistics (total scans run, threats found, files scanned, time since last scan), and quick-access buttons to run a new scan or open Settings. 
Malware Scanner — One-click scan launcher with a live progress indicator, followed by the Last Scan Results section displaying a threat detection notice and the full results table. 
Scan Results — Detailed results table listing each flagged file with its full path, threat type (e.g. eval_base64), and severity badge (HIGH / MEDIUM) so you know exactly what was found and where.
Settings — Configure email alert notifications, set the alert recipient address, and manage scan data retention with the Remove Data on Uninstall option.
Instalação
Automatic Installation
- In your WordPress admin, go to Plugins Add New.
- Search for Deep Malware Cleaner.
- Click Install Now, then Activate.
Manual Installation
- Download the plugin zip file.
- In your WordPress admin, go to Plugins Add New Upload Plugin.
- Choose the zip file and click Install Now, then Activate.
After Activation
- Go to Malware Cleaner Settings to configure login protection, alerts, and data-management options.
- Go to Malware Cleaner Run Scan and click Start Scan to run your first deep cleanup scan.
Perguntas frequentes
-
Will this plugin slow down my site for visitors?
-
No. The scanner runs only when you click Start Scan in the admin. It does not hook into page loads or run any background cron jobs. Visitor-facing performance is completely unaffected.
-
Which files does the deep cleanup scan inspect?
-
The scanner reads PHP files with extensions
.php,.php3,.php4,.php5,.php7,.phtml, and.pharinside yourwp-contentdirectory. It skips files larger than 512 KB and enforces a 25-second time budget and a 500-file cap per run to protect shared-hosting environments. -
What does “PHP file in uploads” mean?
-
Legitimate image, video, and document uploads are never
.phpfiles. If the scanner finds any PHP file insidewp-content/uploads/, it is almost certainly a backdoor uploaded through a vulnerable plugin or theme — a High severity threat that should be removed immediately. -
Can it fix or delete infected files?
-
Yes — the malware auto-purge feature lets you delete or quarantine flagged files directly from the scan results screen. Always review the file path and threat type before purging.
-
Is any data sent outside my site?
-
No. The plugin makes zero external HTTP requests. All scan results and alert history live only in your WordPress database.
-
How does login protection work?
-
Login protection limits repeated failed login attempts and helps prevent brute-force attacks against your
wp-login.phpendpoint — a key layer of website security that works alongside the malware scanner. -
How do I troubleshoot a scan that flagged an unexpected file?
-
Go to Malware Cleaner Scan Results and click the file path to view the matched pattern. The troubleshoot view shows the exact line and rule that triggered the alert, so you can decide whether it is a false positive or a real threat.
-
How do I remove all plugin data when I uninstall?
-
Go to Malware Cleaner Settings, enable Remove all data on uninstall, then deactivate and delete the plugin. All database tables, scan history, and plugin options will be removed automatically.
-
The scan finished but I expected more files to be checked. Why?
-
The scanner caps each run at 500 files and 25 seconds to be safe on resource-constrained servers. If your
wp-contentdirectory is very large, only the first 500 PHP files encountered will be inspected per run. Future versions will support paginated / batch scanning.
Avaliações
Não há avaliações para este plugin.
Colaboradores e desenvolvedores
“Deep Malware Cleaner” é um programa de código aberto. As seguintes pessoas contribuíram para este plugin.
Colaboradores
Traduzir o “Deep Malware Cleaner” para seu idioma.
Interessado no desenvolvimento?
Navegue pelo código, consulte o repositório SVN ou assine o registro de desenvolvimento por RSS.
Registro de alterações
1.0.2
- Added automatic daily scans with email alerts when threats are found.
- Added email reports after every scheduled or manual scan.
- Added safe quarantine system — quarantine, ignore, or restore suspicious files easily.
- Added protection for active plugins/themes to prevent accidental site damage.
- Added uploads folder protection to block PHP execution in wp-content/uploads/.
- Added Status and Actions columns in scan results for easier management.
- Improved database updates — new columns are added automatically without manual setup.
- Fixed plugin deployment — Composer files are now included, so no server-side Composer setup is needed.
1.0.1
- Added malware auto-purge (delete / quarantine flagged files from the results screen).
- Added login protection module.
- Added real-time threat alerts.
- Improved site script cleaner detection for injected JavaScript and hidden iframes.
- Enhanced redirect hack fix detection patterns.
1.0.0
- Initial release.
- On-demand deep cleanup scan covering eight malware pattern types.
- Backdoor fixer, site script cleaner, and redirect hack fix detection.
- Admin dashboard with scan statistics.
- Settings page with data-management option.