WordPress.org
Get WordPress
WordPress.org

Plugin Directory

Content Guard Pro – Database Malware Scanner & SEO Spam Detector

Content Guard Pro – Database Malware Scanner & SEO Spam Detector

By contentguardpro
Download

Description

File scanner clean but Google still shows spam?

File scanner says your WordPress site is clean, but Google still shows spam pages, strange redirects, pharma keywords, hidden links, or Japanese keyword hack results?

Content Guard Pro scans the WordPress database for hidden SEO spam, malicious scripts, suspicious iframes, spam links, encoded payloads, and cloaked content inside posts, pages, custom post types, titles, excerpts, and Gutenberg blocks.

Most WordPress security plugins focus on files, firewalls, login protection, or vulnerability checks. Content Guard Pro adds the missing database-content layer, so you can inspect the places attackers often abuse after a hacked-site cleanup: post content, block markup, titles, excerpts, and deeper database fields when Standard Scan is enabled.

What the free WordPress.org version scans

The free plugin includes Quick Scan for wp_posts, including:

  • Posts, pages, and custom post types
  • Post titles, excerpts, and post content
  • Gutenberg block content stored in the database
  • Classic Editor and Block Editor content during single-post scans
  • Hidden links, suspicious scripts, iframes, SEO spam, and encoded payloads in supported content fields

The free version also includes unlimited manual scans, all findings visible, on-save single post scanning, confidence scores, severity labels, admin notices, dashboard alerts, 30-day scan history, and allowlist/denylist controls.

What this database malware scanner detects

Content Guard Pro helps find content-layer threats such as:

  • Hidden SEO spam links and cloaked text using CSS tricks such as display:none, visibility:hidden, opacity:0, off-screen positioning, and tiny or hidden elements
  • Pharma spam, casino spam, gambling spam, crypto spam, financial scam phrases, counterfeit goods spam, and redirect spam
  • Japanese keyword hack content and cloaked search-result spam
  • Suspicious external scripts, iframes, object/embed tags, and links in posts and blocks
  • JavaScript redirects, meta refresh redirects, javascript: links, and suspicious inline event handlers
  • Obfuscated JavaScript patterns such as eval(), fromCharCode(), atob(), Base64 payloads, and large data: URIs
  • URL shorteners and redirectors that hide the final destination
  • Cryptocurrency miner patterns and known cryptojacking script indicators
  • Encoded attacks hidden with HTML entities, URL encoding, Base64, ROT13, hex, or octal encoding
  • Serialized malware in postmeta, selected options, and Elementor data when Standard Scan is enabled

When to use Content Guard Pro

Use Content Guard Pro when:

  • Google flags hacked content, spam pages, or strange search results, but your file scanner looks clean
  • You cleaned a hacked WordPress site and want to check whether spam remains in posts or blocks
  • You inherited a client site and need to inspect the database content layer before making changes
  • You see pharma keywords, Japanese keyword spam, casino links, hidden iframes, or suspicious redirects in search results
  • You want to review risky Gutenberg or Classic Editor content before publishing
  • You need a database malware scanner alongside your existing firewall, file scanner, and vulnerability scanner

Why database-first scanning matters

File scanners are important, but many SEO spam infections do not live in plugin files or theme files. Attackers often inject spam links, hidden text, malicious scripts, or redirect code directly into WordPress content stored in the database.

Content Guard Pro focuses on that content layer. It is designed to complement your existing security stack, not replace it.

Think of it as database forensics for WordPress content: scan posts, pages, custom post types, block markup, and deeper database fields with a scanner built specifically for content-resident threats.

Low-noise findings for real cleanup work

Not every external link or hidden element is malicious. Content Guard Pro uses confidence scores, Critical/Suspicious/Review severity labels, accessibility-aware rules, and allowlists to reduce obvious false positives.

Findings include the affected content location, matched rule, confidence score, context excerpt, and suggested next action so you can review problems faster.

Free plugin features

  • Quick Scan for wp_posts content, including posts, pages, custom post types, titles, excerpts, and Gutenberg blocks
  • Unlimited manual scans
  • All findings visible in the plugin dashboard
  • Gutenberg-aware scanning with block parsing
  • Classic Editor and Block Editor single-post scanning on save
  • Confidence scores from 0 to 100
  • Severity labels: Critical, Suspicious, and Review
  • Admin notices for important findings
  • Admin bar alerts and WordPress dashboard summary
  • 30-day scan history
  • Allowlist and denylist controls to reduce false positives
  • One-click Edit Post workflow for manual cleanup
  • Ignore/false-positive workflow for accepted findings
  • Local scanning with bundled detection rules

Premium adds deeper database coverage

Premium plans add deeper coverage and workflow automation for site owners and agencies:

  • Standard Scan for wp_posts, wp_postmeta, and selected wp_options data
  • Deeper inspection of serialized data and Elementor data stored in postmeta
  • Scheduled daily scans
  • Non-destructive quarantine to neutralize risky content without deleting database content
  • Revision-based rollback for affected posts
  • Email alerts and daily digest emails
  • Webhooks for agency monitoring on supported plans
  • Reputation checks through supported security services
  • Faster rule updates
  • CSV/JSON export and REST API access on supported agency plans
  • Extended scan history on paid plans

Privacy and external services

Content Guard Pro scans locally on your WordPress server and works without creating an account or connecting to the cloud service.

Optional external service: Content Guard Pro Cloud, provided by contentguardpro.com.

The optional cloud service can be used for rule-pack hints, community allowlist sync, optional anonymous telemetry, optional developer contact, and optional security newsletter preferences. It is consent-based and can be skipped.

If you choose to connect, the service may receive the site URL, site name, plugin version, WordPress version, PHP version, anonymous installation ID, consent choices, optional email address if you provide it, and anonymous scan metrics such as scan count, findings count, duration, and items scanned when telemetry is enabled.

Content Guard Pro does not send post content, database contents, matched excerpts, scan result details, usernames, passwords, payment details, visitor data, or stored customer data to the cloud service.

Terms: https://contentguardpro.com/terms
Privacy Policy: https://contentguardpro.com/privacy

Documentation and support

Documentation: https://contentguardpro.com/docs
Support forum: https://wordpress.org/support/plugin/content-guard-pro/

Screenshots

  • Hidden SEO Spam Found in the Database – Review a database finding with severity, confidence score, matched excerpt, and exact post location.
  • Run a WordPress Database Malware Scan – Start a Quick Scan, review progress, and inspect posts, pages, custom post types, and Gutenberg blocks.
  • Why This Content Was Flagged – See contextual explanations for hidden links, suspicious iframes, malicious scripts, spam keywords, and encoded payloads.
  • Clean Up Without Deleting Content Automatically – Open affected posts, ignore false positives, and review remediation guidance before making changes.
  • Block Editor and Classic Editor Scanning – Scan content while editing and review findings before or after saving posts.
  • Security Dashboard and Site Health – Track open Critical, Suspicious, and Review findings from the Content Guard Pro dashboard.
  • Scan History and Audit Trail – Review completed scans, detected findings, scan duration, and historical scan status.
  • Finding Details with Confidence Scoring – Inspect rule matches, affected database field, context snippet, confidence score, and suggested next steps.
  • Reports and Content Security Summary – View database content security status, severity counts, and scan metrics.
  • Detection Patterns and Allowlist Management – Manage trusted domains, denylist entries, and detection behavior to reduce false positives.
  • Pattern Tester – Test suspicious snippets or custom patterns against scanner rules before applying changes.
  • Scanner Settings and Performance Controls – Configure scan behavior, Safe Mode, notifications, and diagnostics.
  • System Diagnostics and Support Tools – Copy diagnostics, verify plugin health, and collect information for support.
  • Admin Bar Security Alerts – See critical database-content findings while working inside WordPress admin.

Installation

Automatic installation

  1. In WordPress admin, go to Plugins > Add New.
  2. Search for “Content Guard Pro”.
  3. Click “Install Now”.
  4. Click “Activate”.
  5. Follow the setup wizard and run your first Quick Scan.

Manual installation

  1. Download the plugin ZIP file.
  2. In WordPress admin, go to Plugins > Add New > Upload Plugin.
  3. Upload the ZIP file and click “Install Now”.
  4. Activate the plugin.
  5. Follow the setup wizard and run your first scan.

After activation

  1. Run a Quick Scan to check posts, pages, custom post types, titles, excerpts, and Gutenberg block content.
  2. Review any Critical or Suspicious findings first.
  3. Use Edit Post to clean affected content manually.
  4. Add known legitimate domains to your allowlist when appropriate.
  5. Re-scan after cleanup to confirm the content layer is clean.

FAQ

What does the free version scan?

The free WordPress.org version includes Quick Scan for wp_posts. That covers posts, pages, custom post types, post titles, post excerpts, post content, and Gutenberg block content stored in WordPress.

It also includes single-post scanning in the Block Editor and Classic Editor, unlimited manual scans, all findings visible, confidence scores, admin alerts, 30-day scan history, and allowlist/denylist controls.

Does the free version hide findings or limit scan results?

No. The free version shows all findings detected by the included Quick Scan. Detection quality is not reduced in the free plugin.

What does Standard Scan add?

Standard Scan adds deeper database scanning for wp_postmeta and selected wp_options data. This helps find malware and SEO spam hidden outside the main post content, including serialized data and Elementor data stored in postmeta.

Standard Scan is available in Premium.

My file scanner says my site is clean, but Google still shows spam. What should I do?

Run a Content Guard Pro Quick Scan first. When files are clean but Google still shows hacked content, the spam often lives in the WordPress database: posts, pages, block markup, postmeta, widgets, or selected options.

Quick Scan checks posts and Gutenberg blocks. Standard Scan adds postmeta and selected options for deeper database coverage.

Can Content Guard Pro find hidden SEO spam in WordPress posts and pages?

Yes. Content Guard Pro is built to detect hidden links, cloaked text, spam keywords, suspicious redirects, malicious scripts, and iframes stored in WordPress content.

Does it detect Japanese keyword hacks?

Yes. Japanese keyword hack cleanup often requires checking database content, not only files. Content Guard Pro can detect spam patterns when they appear in posts, pages, titles, excerpts, and Gutenberg content. Standard Scan extends coverage into postmeta and selected options.

Can it find pharma spam hidden in WordPress posts?

Yes. Pharma spam often hides drug-name keywords and outbound links inside existing posts, sometimes using CSS tricks such as display:none, tiny text, off-screen positioning, or hidden containers. Content Guard Pro scans for those patterns in supported database fields.

Does it scan Gutenberg blocks?

Yes. Content Guard Pro is Gutenberg-aware and scans block content stored in post_content.

Does it scan the Classic Editor?

Yes. Content Guard Pro supports single-post scanning in the Classic Editor and Block Editor.

Does it scan Elementor or page builder data?

The free Quick Scan checks rendered post content stored in wp_posts. Premium Standard Scan adds deeper postmeta scanning, including Elementor data stored in postmeta.

Does Content Guard Pro delete content automatically?

No. Content Guard Pro is review-first and non-destructive. The free version helps you find issues and edit affected content manually. Premium adds non-destructive quarantine, which neutralizes risky content without deleting the original database content.

Does it replace my firewall, file scanner, or login security plugin?

No. Content Guard Pro is a database-first malware and SEO spam scanner. Use it alongside file scanners, firewalls, login protection, backups, and vulnerability scanners for broader WordPress security coverage.

Will scans slow down my site?

Scans are designed to run in batches with performance-conscious limits. Content Guard Pro includes Safe Mode and throttling behavior to reduce load on typical WordPress hosting.

What happens after I fix a finding?

After you clean affected content and save the post, scan again to confirm the issue is gone. Content Guard Pro keeps scan history so you can review previous findings and cleanup progress.

Can I ignore a false positive?

Yes. You can ignore findings that you have reviewed and accepted. You can also use allowlist and denylist controls to tune scanner behavior for legitimate services used by your site.

Does Content Guard Pro send my database content to the cloud?

No. Scanning runs locally. Post content, database contents, scan result excerpts, and matched findings are not sent to the cloud service.

The optional cloud connection is consent-based and can be skipped. Optional telemetry, if enabled, is limited to anonymous scan metrics and environment details.

Can I use it after cleaning a hacked WordPress site?

Yes. That is one of the main use cases. After file cleanup, run Content Guard Pro to check whether hidden SEO spam, malicious scripts, iframes, suspicious links, or encoded payloads remain in the database content layer.

What should I check first after a scan finds issues?

Start with Critical findings, then review Suspicious findings, then Review findings. Open affected posts directly from the finding details, remove suspicious content, save the post, and scan again.

Reviews

Responsive Developer and a Useful Layer of Protection

March 23, 2026
I reached out with a few questions and some feature suggestions, and the developer was quick to respond and very open to feedback. What stood out was the effort put in over the weekend to roll out an update addressing those points. That level of responsiveness is rare. Still early days, but promising and actively supported. Looking forward to how it evolves.
Read all 1 review

Contributors & Developers

“Content Guard Pro – Database Malware Scanner & SEO Spam Detector” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Content Guard Pro – Database Malware Scanner & SEO Spam Detector” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.3.1

  • Clarified what the free Quick Scan covers, including posts, pages, custom post types, titles, excerpts, post content, and Gutenberg blocks.
  • Expanded FAQ with answers to common WordPress malware scenarios, including hidden SEO spam, pharma hacks, Japanese keyword hacks, post-cleanup database scans, Gutenberg, Classic Editor, and Elementor coverage.
  • Refreshed screenshot captions to lead with finding details, scanning, contextual explanations, and cleanup workflow.

1.3.0

  • Fewer false positives across common editorial patterns – refined detection heuristics better distinguish legitimate content from spam injection patterns.
  • Improved scan accuracy on link-heavy pages through tuned anomalous link profile scoring.
  • Scan engine stability and minor performance improvements on large batch runs.

1.2.0

  • Improved reporting and dashboard to better visualize site health.

1.1.1

  • Fixed anomalous link profile detection so allowlisted domains no longer inflate suspicious link ratio checks.
  • Improved findings filtering, pagination, and scan summaries for faster review after each scan.
  • Clarified email alert recipient settings for the site admin email and additional recipients.

1.1.0

  • Prevented duplicate scans for cleaner scan history and more reliable reporting.
  • Added optional cloud security integration for rule updates and security advisories.

1.0.6

  • Minor scan stability fixes.

1.0.3

  • Added serialized data inspection for malware hidden in postmeta, selected options, and Elementor data.
  • Added multi-layer decoding and deeper obfuscation detection for Base64, URL encoding, HTML entities, ROT13, hex, and octal payloads.

1.0.0

  • Initial release – WordPress database malware scanning, Gutenberg block parsing, on-save scanning, confidence scoring, admin alerts, REST API, audit trail, and allowlist/denylist management.

Meta

Ratings

5 out of 5 stars.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum