WordPress.org

Ready to get started?Download WordPress

Plugin Reviews

Exploit Scanner

Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.

10 reviews
Average Rating
4 stars
4.2 out of 5 stars
1 star
"hashes-3.x.php missing"
By , for WP 3.8

Every time I update WordPress, Exploit Scanner loses its hashes file and marks everything as compromised. The fact that you have to manually generate a replacement hashes file - there is no way through the GUI - means that it is of limited use to anyone bar expert users. And even then, its not guaranteed to work.

The developers don't seem to be keeping up pace with WordPress core development - the Plugin page lists 3.5.2 as latest supported version, whereas 3.8 is most up to date WP version as of writing.

5 stars
only shows exploits in security plugins
By , for WP 3.7.1

does not show much except lots of stuff from other security plugins.
useless.

1 star
An error occurred. Please try again later.
By , for WP 3.7.1

I haven't gotten it to work once yet. I've increased the memory it requires and set it to the Upper file size limit to 50k and number of files per batch to 100. It still times out or otherwise errors. Maybe it works, maybe it doesn't, but I'm not changing system-wide settings (that make my system more vulnerable) to get a scanner to work.

4 stars
great little tool
By ,

only problem is the missing the hashes-3.6.php file :D

4 stars
lots of false positives, but excellent tool
By , for WP 3.5.2

Whenever WP puts out a new version it would appear as though this plug-in needs to update the hashes, which can sometimes take a while. That being said, when the hashes are up to date it's fantastic at pointing out vulnerabilities. It seems like false positives are pretty common, but once you get the hang of it it's very helpful to recognize problems. Our blog has been hacked a few times in the past and this tool really helped to clean it up.

2 stars
Too many false positives
By , for WP 3.5.1

The plugin should be aware of false positives in core WordPress code.

1 star
Error when running on site in network
By , for WP 3.5.1

We have a half-dozen blogs running on one WordPress installation. I installed this plugin and then attempted (1) Network activate, then run from different individual blog dashboards; and (2) Network deactivate, go to individual blog dashboard, activate, run from individual blog dashboard. Either way, I get a long error starting with:

{"status":"error","message":"$this->files was not an array","data":{"start":1000,"files":"s:102453

Screen shot

5 stars
Best idea ever
By , for WP 3.4.2

This plugin is a very very good idea because cometimes, hackers are modiying core files to include their backdoors.

5 stars
Common sense needed
By , for WP 3.4.2

Make sure you use common sense when reviewing your site.

5 stars
Great tool
By , for WP 3.4.2

I had a site hacked last summer (2012). In spite of clearing the hacked files that showed up for a phishing exploit, new ones kept popping up. I added a number of security plugins including Website Defender, Bulletproof Security, and Wordfence. Of these, Wordfence seemed to be the best at actually and quickly detecting the presence of attack shells; but the problem continued to occur. I could also see some of the IP addresses that were involved in sourcing the attack (Indonesia especially) and I could block specific IP addresses; but still, the attack continued. I inspected the MySQL DB to see if there had been any SQL injection at or near the first attack, but there was nothing there. I was about ready to take the entire site back to formula and do the whole thing over by hand when I came across this plugin.

Of course, it over-did the detection but it also pinpointed the upload vectors buried away in the site. This was much better than under-detection, since I could decide for myself if a file was clean or not by opening it and checking it out.

This plugin gets my five-star rating for saving my bacon.

You must log in to submit a review. You can also log in or register using the form near the top of this page.