24-hour protection for your WordPress site. Plug-in that checks (detects and confirms) and removes defacement, hijacking, hacking, malware, backdoors, and virus infection of your WordPress site, and restores your WordPress site.
Plug-in that checks and detects WordPress site code from patterns of malicious code (malware, viruses, defacement, hacking damage) ranging from 18,974 patterns from sites restored by WordPress Doctor. WordPress Doctor Malware Scanner.
Malware patterns are constantly updated on our servers to ensure detection with the latest pattern definitions.
WordPress Doctor: Malware Scanner is a plugin that not only detects tampering, but can even determine if the code is embedded malicious code by hackers.
Table of Contents
- 24-hour protection for your WordPress site. Plug-in that checks (detects and confirms) and removes defacement, hijacking, hacking, malware, backdoors, and virus infection of your WordPress site, and restores your WordPress site.
- Hacker-proof your WordPress with best-in-class security features that prevent hackers from entering your site.
- Malware Scanner Plug-in Overview
- Security Enhancement Features
- WordPress malware inspection and disinfection, removal, and decontamination
- WordPress WordPress Vulnerability Countermeasure
- Block hacker activities before malware (viruses) infect or tamper with your website.
- How to install and use the malware scanner plug-in
- Troubleshooting
- Plug-in Requirements
Hacker-proof your WordPress with best-in-class security features that prevent hackers from entering your site.
The plugin includes 26 easy-to-configure WordPress security features, free of charge. The functions are the best in the country and include unique features based on research into hacker intrusion methods.
This is the most nimble security plugin that can provide hacker infiltration and hacking countermeasures in a single plugin.
Malware Scanner Plug-in Overview
Scans entire WordPress site files and databases with the latest definition patterns
Obtaining the latest malware patterns, which are increasing daily via WordPress Doctor’s cloud server, WordPress files and databases are completely scanned from the inside, and hacker-altered files are detected by the program’s investigation and checking.
You can find out where the malware is located and where it has been tampered with when WordPress has been hijacked.
Pattern matching and definitive diagnosis
Pattern Match (mechanically checks if the code contained in the malware is found in the file), and if the detected code has already been identified as malicious by an expert, a definitive diagnosis is performed using a proprietary algorithm.
Reference articles
WordPress: How the Malware Scan & Security Plugin can detect malware with high accuracy
Highlighting function of detection location
Highlight where malware is contained in the code.
Automatic scanning and email notification
Automatically scans for malware at a time of your choice. You will also receive email notifications when malware is detected.
Security Enhancement Features
The WordPress Doctor Malware Scanner comes with a powerful site security enhancement feature that is free of charge.
This feature is also easy for anyone to set up by simply checking a box, and it displays a score of your current security strength.
Login Lockdown
After three failed login attempts, the user is prevented from logging in for 10 minutes. Enabling this feature reduces the risk that hackers will use brute force to break through passwords at the login screen.
Login Capture
Displays a capture on the login screen. Adding a quiz to the login screen reduces the risk that hackers will mechanically repeat login attempts to steal administrative privileges.
Password Reset Capture
Displays a capture on the password reset screen. This can be used to curb hacking through vulnerabilities in the email sending program on the password reset screen.
Change login page URL
Change the URL of the login page to make it difficult for hackers to access the login page itself.
Login Log Function
Logins with administrative privileges can be saved for up to one month to check for unauthorized logins.
Prevent WordPress version leakage (unique feature only in this plugin)
Hackers can exploit the vulnerability by checking the WordPress version from the outside. Stop meta generator output and queries (numerical version variables assigned to CSS and JS loaded in HTML) containing version information output by WordPress to keep the WordPress version secret.
Protection of critical files
Deny access to and protect htaccess and wp-config.php
Protection of server information
Disables access to readme.html, license.txt and wp-config-sample.php, which are included in WordPress and plug-ins and may contain version- or server-specific information. It also suppresses the server signature, which outputs server information.
Prohibit the display of Index listings
Fixes a problem in which a folder file listing is displayed when accessing a directory that does not contain an index file such as Index.html.
Prohibit WPSCAN (This is a unique feature of this plugin only)
WPSCAN is a tool to investigate WordPress vulnerabilities and is used by many hackers for preliminary investigations. to neutralize WPSCAN’s activities, version information is kept secret and access from that IP is blocked for a certain period of time when a specific file is accessed.
Access blocking action for brute force attack IPs to XMLRPC,wp-login (This is a unique feature of this plugin only.)
IP addresses that have accessed XMLRPC or wp-login more than 50 times in 10 minutes will be disabled for 3 hours. This feature can be used in conjunction with JETPACK to detect only excessive accesses. In addition, sites that have been subjected to brute force attacks may be able to reduce the load and speed up their sites by suppressing attacks.
Blocking wlwmanifest.xml
Prohibits external access to wlwmanifest.xml. This file is used by Windows Live Writer to update the WordPress site, but is subject to unauthorized data acquisition and attack by hackers.
Permissions (file write permissions)
Automatically checks if file permissions are appropriate and displays permissions that should be improved.
Prohibit editing of themes and plugins
Stops the ability to edit themes and plugins from the admin screen.
Author Protection
Suppresses WordPress output of user information when accessed by special queries such as /?author=1
Prohibit Pingback
Pingback, a notification function of WordPress, can be used for high-load attacks by a large number of accesses, or a vulnerability can be exploited to leak user names and other information. Disable this pingback function.
Disable REST API
The REST API is a useful mechanism in WordPress 4.7 and above that allows external users to post, retrieve information, and add changes to posts, but some versions have major vulnerabilities. It is also a feature that is likely to be discovered for unauthorized use in the future.
The REST API functionality is also being used by prominent plugins such as Jetpack and ContactForm7. Hence, we will stop all functionality except for the use of REST API in Jetpack and ContactForm7.
If other plugins also use REST API functionality, enabling this functionality may cause some malfunctioning of the site.
Disable Trace & Track
Suppresses HTTP Trace Attacks (XST), Cross Site Scripting (XSS), and other attacks that take advantage of a server’s Trace & Track functionality (a special way of processing requests sent to a server).
Direct access to Include files is prohibited, PHP access to Upload folders is prohibited, and dangerous queries are prohibited.
Prohibit direct access to files loaded into other programs (Direct access prohibition of Include files). Prohibit execution of PHP programs in the Upload folder (PHP access prohibition function for the Upload folder). Prevent SQL injection and malware code from being sent in GET requests (Disable sending dangerous queries).
Prohibit posting comments via proxies.
Posting comments via proxies is prohibited based on the unique header information sent by users who use proxies.
Comment Form Capture
Add a captcha to the comment form to discourage comments from being submitted mechanically. This may not be displayed on some themes that display custom comment forms.
Prohibit spambots from submitting comments
Spambots are programs that post comments mechanically and are characterized by the lack of a referrer from which they are accessed. By prohibiting comment posting by visitors without a referrer, we can suppress comment posting by spambots.
Return 404 status and noindex if wordpress internal search result does not exist
In order to disable the method by which hackers illegally create WordPress internal search result generation pages with arbitrary strings and index them in search engines to pollute search results, we will return the page with a 404 (non-existent) status and add a noindex header when the WordPress internal search result does not exist, so that the page will not be followed in search results.
Block arbitrary IPs
You can restrict access from any computer by IP. WordPress Doctor also prevents unauthorized access by automatically restricting access to hacker IPs detected by WordPress Doctor.
Detects and blocks dangerous activities of hackers
When hackers attack a vulnerability on your site, they check to see if the vulnerable file exists on your site by actually accessing it. We can detect such access and block the hacker’s IP.
Emergency access suspension (ban) function for your site
Blocks all external access except for the current login IP. This function is useful in the event of repeated site tampering to temporarily prohibit all external access, deter automatic tampering type malware activity, remove the tampering, and then republish the site.
WordPress malware inspection and disinfection, removal, and decontamination
In addition to the malware detection function, the detected malware/viruses can be disinfected and removed from the WordPress administration screen.
This function not only removes malware, but also includes a file editing function when easily pinpointing and removing parasitic types of malware from the WordPress regular files from the admin screen.
Automatic removal of malware and tampering
Automatic malware and tampering removal replaces the infected file with the same version of the file distributed by the official WordPress website and restores it.
Algorithm of the automatic disinfection function
The algorithm for automatic disinfection follows the steps below to restore files. Please check it before use.
1 Automatic disinfection will start when Automatic Disinfection is selected.
2 The plugin will send a query to the official WordPress website to see if the theme or plugin is distributed there.
3 If there is no distribution of the theme or plugin itself in the official directory, or if there is no distribution of the installed version on the current inspection site, the automatic disinfection will stop without doing anything (this is to prevent accidental deletion of files).
4 If a theme or plugin is distributed in an official directory and the same version of the directory exists, but the file does not exist in the official directory, it will be deleted.
5 If the theme or plugin is distributed in an official directory, and the same version of the directory exists and the file does exist, it will be replaced with the file for which malware has been detected and the tampered parts will be removed.
Cautions for the automatic disinfection function
Automatic disinfection is not possible if the database data or configuration files are infected. Please note that if you have customized the target file, the customized parts will be lost.
When disinfecting malware, please be sure to read the “Notes on malware disinfection” displayed on the plug-in screen.
WordPress WordPress Vulnerability Countermeasure
This simple vulnerability test will check for the most dangerous vulnerabilities (CVSS 7.5 points~).
CVSS is an open, comprehensive, and general evaluation method for vulnerabilities in information systems. 7.5 points or higher are vulnerabilities that allow extremely dangerous activities on the site, such as database rewriting or file modification without authentication from outside the site.
These vulnerabilities may be the entry point for sites to be repeatedly tampered with. The vulnerabilities are listed in an easy-to-understand manner so that you can take countermeasures such as removing or updating plug-ins.
Vulnerabilities are detected using data from the database of NIST, an international organization.
Block hacker activities before malware (viruses) infect or tamper with your website.
Hackers exploit PHP functions by using backdoors (like a backdoor in a site that is created by tampering to access from the outside and send malware) or vulnerabilities to send tampering code remotely.
This feature allows you to monitor and prevent such activities in advance, before hackers send malware to your site to tamper with it. This feature allows you to detect and block tampering just before it takes place.
The blocked hacking activity is recorded along with the hacker’s IP, so by prohibiting access to sites with this IP, it is possible to completely block the hacking activities of hackers using this IP.
*This feature is available with a paid subscription to the latest malware detection patterns.
How to install and use the malware scanner plug-in
1 Installation
After downloading the malware scanner ZIP file, save it to a location of your choice and click Plugins > Add New > Upload Plugin from the administration page.
Select the ZIP file you just downloaded and click Install Now to activate the plugin.
You can also unzip the downloaded ZIP file and upload it to the wp-content/plugins/ folder using FTP software.
2 Malware Scanning
Click on the sidebar of the administration page > Malware Scan and click here in the upper right corner to scan now.
Also, once installed, the plugin is initially set to scan automatically after 3:00 PM.
3 Configuration
The following settings can be configured from the “Settings” tab.
Auto-scan and start time of auto-scan (the scan may run multiple times from the start time until all files have been scanned).
Whether or not to be notified by e-mail when a detection is made (by default, no e-mail notification is made)
Display alerts on detection in the dashboard of the management screen.
Troubleshooting
Auto-scan does not start at set time
The Malware Scanner’s auto-scan is based on WordPress’ auto-execute feature. This feature is triggered when there is some kind of access to the site.
If access is not during the set time period, the automatic scan may be delayed.
The scan does not finish easily.
The execution time of the malware scanner depends on the number of files. If the number of files is large, it may take several minutes to more than 10 minutes to complete the scan.
Can I change screens while scanning?
The scan will stop at that point, but files up to that point will be scanned and recorded correctly, so changing screens is not a problem. Please run the scan again or wait until the automatic scan is complete.
Captures at login do not appear, capture values do not pass
If you use Jetpack’s single sign-on function or cache plug-ins, you may see a cached login screen without captcha or a login screen with old captcha (captcha is generated for each access to the login screen to ensure security). In this case, please create a URL as follows and try accessing it.
http://wordpress url/changed login url?jetpack-sso-show-default-form=1
If you have changed wp-login.php and login URL using a cache plugin, we also recommend that you do not cache the changed URL.
What if malware is detected?
When malware is found in the scan, it may be a false positive if it is only a pattern match. Please consider waiting to take action until the code has been reviewed.
Please assume that the site has been tampered with if the results of the individual file determination scan also indicate that the file has been determined to be malware.
Eliminating malware requires specialized knowledge. We recommend that you have a specialist take action, but if you do it yourself, please pay special attention to the following points.
If the malware is parasitic on a file that is originally included in WordPress, it is necessary to carefully remove only the tampered parts of the file.
If the malware is not a legitimate WordPress file, it is unlikely to cause problems even if you delete the file itself, but in rare cases, another malicious file may have loaded the malicious file.
In this case, deleting the tampered file may cause an error in the caller file, and at worst, the site may not be displayed. If an error occurs, it is necessary to investigate the source file and delete the tampered file as well.
Plug-in Requirements
WordPress version: 4.5 or higher
PHP version: 5.6 or higher
Update History
Version 2.4.5 updated on 2023-11-27
Added HTACCESS optimization function
Improved efficiency of some code and malware detection algorithms
Bug fixes
Version 2.4.1 updated on 2023-09-11
Improved protection of HTACCESS and Index.php
Improved efficiency of some security functions
Bug fixes
Version 2.4 updated on 2023-08-09
Added protection for HTACCESS and Index.php
Added the ability to detect and repair tampering that causes admin access failure just by enabling the plugin.
Bug fixes
Version 2.3.5 updated on 2023-03-03
Improved detection of malware that disguises itself as jpg gif images
Version 2.3.2 updated on 2023-01-30
Revised htaccess line feed handling and exporting method to prevent htaccess corruption.
Other minor bug fixes
Version 2.3 updated on 2022-10-28
Added a function to perform automatic malware removal in a batch.
Added a function to block wlwmanifest.xml
Bug fixes
Version 2.2.2 updated on 2022-08-19
Updated and improved security and blocking of dangerous queries
Bug fixes
Version 2. 2.1.5, 2.2.1.6 updated on 2022-05-14
Fixed an issue where login capture may not work on Lolipop Server Modules with session value usage restrictions.
Fixed a problem in which some other malware scanners mis-detect this plugin.
Version 2.2.1 updated on 2022-04-15
Added an automatic disinfection function that replaces the infected file with the same version of the file distributed from the official WordPress website.
Bug fixes
Version 2.1.9 updated on 2022-04-07
Fixed a bug that prevented malware detection patterns from being retrieved on some server environments.
Version 2.1.8 updated on 2021-12-15
Fixed a bug that prevented some security settings from being written if HTACCESS was originally blank.
Added an emergency stop function for the site.
Other bug fixes
Version 2.1.5 updated on 2021-09-04
Improved detection accuracy of real-time block and IP block functions.
Bug fixes
Version 2.1.1 updated on 2021-04-30
Improved detection accuracy of real-time blocking and IP blocking
Speed improvement
Bug fixes
Added EU language
Version 2.1 updated on 2021-03-11
Improved detection accuracy of IP blocking function
Enhanced real-time blocking function and more stable operation
Bug fixes
Version 2.0.1.5 updated on 2020-12-31
Resolved an issue with site health error on WordPress 5.2 and above.
2.0.1.X Improved accuracy of hacking access detection function
Bug fixes
Version 2.0.1 updated on 2020-11-25
Added IP blocking and detection of hacking access by hackers
Bug fixes
Version 1.9.4.5 updated on 2020-10-14
Fixed a bug that prevented some database data from being retained.
Version 1.9. 4 updated on 2020-09-30
Fixed a problem that some files are falsely detected by other malware scanning plug-ins.
Added the ability to block malicious queries sent by hackers (40 patterns)
Bug fixes
Version 1.9.3 updated on 2020-08-05
Fixed an issue where some malware remained without detailed inspection.
Fixed a problem that the UI disappears when mixed with some themes.
Other functions are the same.
Version 1.9.2 updated on 2020-06-09
Fixed a bug related to handling of malware database.
Fixed a bug on PHP5.4 environment.
Reduced load on scanning process.
Other features are the same.
Version 1.9.1 updated on 2020-04-30
Sanitized data from database malware scan results can now be edited more securely
Improved database malware scan algorithm
Bug fixes
Version 1.9.0 updated on 2020-04-08
Database malware scan is now available.
Bug fixes
Version 1.8.6 updated on 2020-02-19
Server upgrade (please make sure to upgrade your version)
Bug Fixes
Version 1.8.5 updated on 2019-11-21
Scanning speed-up
Display of vulnerability update history, etc.
Bug Fixes
Version 1.8.1-1.8.2
Fixed some translations
Fixed a problem that prevented some malware patterns from being detected correctly.
Fixed a bug that prevented the security enhancement feature from working on servers where Option is not available.
Fixed a problem that prevented some plug-ins from being detected by the vulnerability checker.
Fixed other minor bugs.
Version 1.8
Added vulnerability scan function (free of charge)
Algorithm change for detecting malware that randomly generates code each time it infects a computer.
Bug fixes
Version 1.7.5 updated on 2019-04-16
Improved operability when removing malware, some UI changes
Bug fixes.
Version 1.7.0 updated on 2019-03-07
Added functionality to allow malware removal, editing, and deletion from the admin screen.
・Addition of security improvement functions (3 items)
Lighter and more efficient data
Other minor display changes, etc.
Version 1.6.4 updated on 2019-01-31
Added real-time block mode
Bug fixes
Version 1.6.0 updated on 2019-01-16
Added easy security settings
・Improved speed up by about 40%, lower load
Bug fixes
Version 1.5.5 updated on 2018-11-10
Added IP blocking function
Bug fixes
Version 1.5.0 updated on 2018-10-16
Added author protection function
Added login log and IP block log function
…Speedup
Version 1.4.5 updated on 2018-08-17
-Added the ability to show captcha on password reset
-Patch for security hole
Bug fixes
Version 1.4.1 updated on 2018-07-25
Added XMLRPC brute-force protection
Bug fixes
Version 1.4 updated on 2018-07-22
Added a new security enhancement feature.
Improved program efficiency, which reduced scanning load by about 40%.
Fixed a bug related to excluded files in single-point scan.
Version 1.3 updated on 2018-07-11
Supported PHP 7.1 and above.
-10% to 20% load reduction due to program efficiency improvement
Bug fixes
-Fixed a bug that real-time scan sometimes stopped on some servers
-Other minor bug fixes and program efficiency improvements
Version 1.2 updated on 2018-05-29
Multilingual support (English)
Bug fixes
Version 1.1 updated on 2018-05-22
Release version
Disclaimer We do not guarantee the accuracy of the results of the WordPress Doctor: malware scan plugin in any way. We also assume no responsibility for any damage to other servers or any goods or data, either user or indirect, caused by the use of this tool. A subscription to malware definitions is required to scan for malware that we have discovered after the point of installation. Please be aware that WordPress Doctor: Malware Scan plugin obtains some of the scan data to improve its accuracy.
Most of the functions of this plugin can be used free of charge, but the act of using this plugin or the plugin’s database to obtain compensation from customers (offering malware scanning or removal as a service to other companies for a fee) is prohibited except for businesses that have signed a special licensing agreement with us. Only those businesses that have signed a special licensing agreement with us are prohibited from doing so. Please note that any business that violates this clause will be billed 40,000 yen or more per site for each site for which the above services are contracted.
WordPress Malware Scanner plugin – English version can be downloaded from here.