Title: Cleverhog Malware Scanner
Author: cleverhog
Published: <strong>May 27, 2026</strong>
Last modified: May 27, 2026

---

Search plugins

![](https://ps.w.org/cleverhog-malware-scanner/assets/banner-772x250.png?rev=3550969)

![](https://ps.w.org/cleverhog-malware-scanner/assets/icon-256x256.png?rev=3550969)

# Cleverhog Malware Scanner

 By [cleverhog](https://profiles.wordpress.org/cleverhog/)

[Download](https://downloads.wordpress.org/plugin/cleverhog-malware-scanner.zip)

 * [Details](https://wordpress.org/plugins/cleverhog-malware-scanner/#description)
 * [Reviews](https://wordpress.org/plugins/cleverhog-malware-scanner/#reviews)
 *  [Installation](https://wordpress.org/plugins/cleverhog-malware-scanner/#installation)
 * [Development](https://wordpress.org/plugins/cleverhog-malware-scanner/#developers)

 [Support](https://wordpress.org/support/plugin/cleverhog-malware-scanner/)

## Description

**Cleverhog Malware Scanner** helps you investigate a suspicious or compromised 
WordPress site from the admin dashboard. It is **free** and may be used on **unlimited
websites** with no license keys or per-site fees.

This plugin **detects and reports** potential security issues. It does **not** automatically
remove malware or guarantee that a site is clean. Always back up your site before
changing or deleting files.

#### What it scans

 * **Files** — Pattern-based scan of themes, plugins, uploads, wp-content, or the
   full site (with code snippets, file size, and last-modified date)
 * **Backdoors** — Must-use plugins, drop-ins, wp-config, cron jobs, and suspicious
   hooks
 * **.htaccess** — Discovers `.htaccess` files site-wide and lists suspicious redirects,
   PHP handlers in uploads, auto_prepend, cloaking rules, and more
 * **Authentication** — XML-RPC, user enumeration, weak salts, file editor, and 
   SSL-related checks
 * **Database** — Suspicious autoloaded options and injected post content
 * **Administrators** — All admin users with registration dates and risk flags
 * **Updates** — Outdated plugins, themes, and core (high for major/minor updates,
   medium for patches only)
 * **Plugin integrity** — WordPress.org plugins compared to official checksums (
   one summary per plugin)

#### Features

 * Live threat counter during scans
 * Results sorted by severity (critical, high, medium, low)
 * Last scan results restored when you reopen the dashboard
 * Admin menu badge showing critical issue count
 * Excludes this plugin’s own files from file scans to reduce false positives

### Privacy

This plugin runs entirely on your server. Scans do not send your site files to the
plugin author.

When you run a scan, the plugin may contact:

 * **WordPress.org** (`downloads.wordpress.org`) — to fetch official plugin checksums
   for integrity verification
 * **WordPress.org update APIs** — to check for available plugin, theme, and core
   updates (standard WordPress behavior)

No personal data is collected by the plugin author. Scan results are stored in your
WordPress database (options and transients) for display in the admin dashboard and
are visible to users who can manage the site.

### Support

Support is provided through the WordPress.org support forums after publication.

## Screenshots

 * [[
 * Scan configuration and live threat counter
 * [[
 * Scan results with severity filters and file details
 * [[
 * Administrator account audit
 * [[
 * Threat summary sidebar

## Installation

 1. Install through **Plugins  Add New** after this plugin is on WordPress.org, or 
    upload the `cleverhog-malware-scanner` folder to `/wp-content/plugins/`
 2. Activate **Cleverhog Malware Scanner**
 3. Open **Cleverhog Malware Scanner** in the admin menu
 4. Choose scan types and click **Start Security Scan**

## FAQ

### Does this remove malware automatically?

No. It shows what was found with file paths, snippets, and severity so you can investigate.
Restore from backup or use professional help for active breaches.

### Can it give false positives?

Yes. Legitimate plugins may use patterns that look suspicious (for example `base64_decode`).
Review every critical finding before deleting files.

### Does it scan its own plugin files?

No. The scanner excludes its own directory from file scans.

### Will large sites timeout?

File scans run in batches via AJAX to reduce PHP timeout issues.

### Which plugins can be checksum-verified?

Only plugins hosted on WordPress.org with published checksums for the installed 
version. Premium or custom plugins are listed as unverified; use the file malware
scan on those.

## Reviews

![](https://secure.gravatar.com/avatar/c036f9b467573f198c2c62a153fa0bf60a33d1b84ae1d288f3ceaaf2c8cb5c4f?
s=60&d=retro&r=g)

### 󠀁[Does a lot for a free plugin](https://wordpress.org/support/topic/does-a-lot-for-a-free-plugin-2/)󠁿

 [spitereu](https://profiles.wordpress.org/spitereu/) May 27, 2026

Scans are divided into steps so it didn’t timeout on my shared hosting, which other
scanners struggled with. Took me a minute to understand that “unverified” plugins
aren’t necessarily infected — just not on WordPress.org checksums. Once I got that,
the reports made sense. Would love scheduled scans in a future update, but for manual
checks this is very useful.

 [ Read all 1 review ](https://wordpress.org/support/plugin/cleverhog-malware-scanner/reviews/)

## Contributors & Developers

“Cleverhog Malware Scanner” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ cleverhog ](https://profiles.wordpress.org/cleverhog/)

[Translate “Cleverhog Malware Scanner” into your language.](https://translate.wordpress.org/projects/wp-plugins/cleverhog-malware-scanner)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/cleverhog-malware-scanner/),
check out the [SVN repository](https://plugins.svn.wordpress.org/cleverhog-malware-scanner/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/cleverhog-malware-scanner/)
by [RSS](https://plugins.trac.wordpress.org/log/cleverhog-malware-scanner/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.6.7

 * PHPCS/WPCS: prefix dashboard template globals for Plugin Check compliance

#### 1.6.6

 * WordPress.org review: all wp-admin includes centralized in Admin_Dependencies
   with immediate function use
 * Path resolution centralized in Wp_Paths (uploads, plugins via WPMG_PLUGIN_FILE,
   WP_LANG_DIR, core files)
 * Checksum API failures cached with a distinct marker (not an empty array)

#### 1.6.5

 * Checksum fetch failures use a distinct transient marker so plugins are not marked
   verified after a failed lookup

#### 1.6.4

 * Language pack paths use WP_LANG_DIR only (no WP_CONTENT_DIR/languages fallback)

#### 1.6.3

 * Quarantine and plugin-owned files use wp_upload_dir() under uploads/cleverhog-
   malware-scanner (no hard-coded WP_CONTENT_DIR/uploads paths)
 * Plugin and content paths resolved via WPMG_PLUGIN_FILE and Wp_Paths helpers instead
   of WP_PLUGIN_DIR / WP_CONTENT_DIR in scanner code

#### 1.6.2

 * All wp-admin includes go through Admin_Dependencies only (including uninstall
   and is_plugin_active)

#### 1.6.1

 * WordPress.org review: centralize wp-admin includes via Admin_Dependencies (load
   + immediate use)

#### 1.6.0

 * WordPress.org review: distinctive name **Cleverhog Malware Scanner**, slug `cleverhog-
   malware-scanner`
 * Quarantine files stored under uploads (not wp-content root)
 * Admin menu CSS enqueued with wp_add_inline_style (no raw <style> in admin_head)

#### 1.5.0

 * Full slug rename: `cleverhog-malware-doctor` folder, main file, text domain, 
   and admin menu page slug

#### 1.4.3

 * Display name updated to Cleverhog Malware Doctor

#### 1.4.2

 * WordPress.org slug changed to `cleverhog-malware-plugin` (trademark)

#### 1.4.1

 * Rebranded to Cleverhog Malware Scanner (display name and documentation)

#### 1.4.0

 * WordPress.org readiness: textdomain loading, uninstall cleanup, server limits
   UI layout fix
 * Server limits panel uses stacked rows (fixes overlapping table text in the admin
   sidebar)
 * Legacy bootstrap files (wp-mal-guard.php, wp-malware-doctor.php) updated for 
   correct plugin paths and scan exclusion
 * Plugin Check: remove .DS_Store, fix screenshot filenames, WP_Filesystem for quarantine,
   Tested up to 7.0

#### 1.3.9

 * Server limits panel: shows current vs recommended PHP memory and execution time
 * Scan failures show an in-page error panel with tips and one-click smaller scan
   presets (uploads, plugins, themes, etc.)

#### 1.3.8

 * Fix 504 gateway timeouts: start scan returns in seconds; heavy work runs across
   many short AJAX batches
 * Incremental file-list building, plugin verification (2 per batch), and split 
   backdoor/htaccess scans

#### 1.3.7

 * Fix scan 500 errors on large sites: file queue stored separately, higher PHP 
   limits, capped plugin checksum depth
 * Scan failures now return a clearer error message in the admin alert

#### 1.3.6

 * Fewer false positives: theme cache PHP in uploads, payment webhooks using php://
   input, protective uploads .htaccess
 * Weak salt check only inspects AUTH_KEY-style defines (not the word “WordPress”
   in comments)
 * World-writable core check uses file permissions instead of is_writable()
 * Third-party/premium plugins reported as low-severity informational findings
 * Auth and config findings no longer show unrelated file paths or action buttons

#### 1.3.5

 * Update outdated plugins and themes directly from scan results via AJAX

#### 1.3.4

 * Delete inactive plugins and themes directly from scan results (updates and integrity
   findings)

#### 1.3.3

 * Delete is only offered for high-confidence threats (e.g. PHP in uploads, suspicious
   drop-zone filenames)

#### 1.3.2

 * Quarantined files panel on the dashboard with restore, view, and permanent delete

#### 1.3.1

 * View, quarantine, delete, and restore actions on file findings from the scan 
   results
 * File preview modal with safe path validation and quarantine storage under uploads/
   cleverhog-malware-scanner/wpmg-quarantine/

#### 1.3.0

 * Context-aware malware scanning (reduces false positives in translations, themes,
   and core)
 * Smarter signatures: eval on request, webshell names, remote includes, chmod 777,
   and more
 * Skip WordPress core/language files; suppress noise for outdated plugins and themes
 * Improved .htaccess scan; fewer backdoor/REST/cron false positives

#### 1.2.0

 * WordPress.org Plugin Check compliance (naming, i18n, privacy, nonce helpers)
 * Group plugin integrity mismatches into one result per plugin
 * Update severity: high for major/minor updates, medium for patch-only
 * Sort results by severity; persist last scan; admin menu critical badge

#### 1.1.0

 * Plugin integrity checksum scanner; live threat counts; dashboard UI refresh

#### 1.0.0

 * Initial release (as Malware Doctor)

## Meta

 *  Version **1.6.7**
 *  Last updated **14 hours ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 5.8 or higher **
 *  Tested up to **7.0**
 *  PHP version ** 7.4 or higher **
 * Tags
 * [backdoor](https://wordpress.org/plugins/tags/backdoor/)[hacked](https://wordpress.org/plugins/tags/hacked/)
   [malware](https://wordpress.org/plugins/tags/malware/)[scanner](https://wordpress.org/plugins/tags/scanner/)
   [security](https://wordpress.org/plugins/tags/security/)
 *  [Advanced View](https://wordpress.org/plugins/cleverhog-malware-scanner/advanced/)

## Ratings

 5 out of 5 stars.

 *  [  1 5-star review     ](https://wordpress.org/support/plugin/cleverhog-malware-scanner/reviews/?filter=5)
 *  [  0 4-star reviews     ](https://wordpress.org/support/plugin/cleverhog-malware-scanner/reviews/?filter=4)
 *  [  0 3-star reviews     ](https://wordpress.org/support/plugin/cleverhog-malware-scanner/reviews/?filter=3)
 *  [  0 2-star reviews     ](https://wordpress.org/support/plugin/cleverhog-malware-scanner/reviews/?filter=2)
 *  [  0 1-star reviews     ](https://wordpress.org/support/plugin/cleverhog-malware-scanner/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/cleverhog-malware-scanner/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/cleverhog-malware-scanner/reviews/)

## Contributors

 *   [ cleverhog ](https://profiles.wordpress.org/cleverhog/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/cleverhog-malware-scanner/)