Plugin Directory

Exploit Scanner

Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.

Interpreting the Results

It is likely that this scanner will find false positives (i.e. files which do not contain malicious code). However, it is best to err on the side of caution; if you are unsure then ask in the Support Forums, download a fresh copy of a plugin, search the Internet for similar situations, et cetera. You should be most concerned if the scanner is: making matches around unknown external links; finding base64 encoded text in modified core files or the wp-config.php file; listing extra admin accounts; or finding content in posts which you did not put there.

Understanding the three different result levels:

  • Severe: results that are often strong indicators of a hack (though they are not definitive proof)
  • Warning: these results are more commonly found in innocent circumstances than Severe matches, but they should still be treated with caution
  • Note: lowest priority, showing results that are very commonly used in legitimate code or notifications about events such as skipped files

Help! I think I have been hacked!

Follow the guides from the Codex:

Ensure that you change all of your WordPress related passwords (site, FTP, MySQL, etc.). A regular backup routine (either manual or plugin powered) is extremely useful; if you ever find that your site has been hacked you can easily restore your site from a clean backup and fresh set of files and, of course, use a new set of passwords.


Updates to the plugin will be posted here, to Holy Shmoly! and the WordPress Exploit Scanner page will always link to the newest version.

Other Languages

Unfortunately for people using WordPress versions for other locales some of the file hashes may be incorrect as some strings have to be hardcoded in their translated form. Here are some file hashes for WordPress in other languagues provided separately by other members of the community:

The hash files should only be declaring an array called $filehashes and the majority of the hashes should still be the same.

Requires: 3.3 or higher
Compatible up to: 4.2.2
Last Updated: 2015-5-27
Active Installs: 60,000+


3.1 out of 5 stars


3 of 6 support threads in the last two months have been resolved.

Got something to say? Need help?


Not enough data

1 person says it works.
0 people say it's broken.

0,1,0 100,1,1 100,1,1
63,8,5 50,2,1 0,1,0
100,2,2 100,1,1
100,1,1 100,1,1 50,2,1 67,3,2 67,3,2
25,4,1 33,3,1
100,2,2 91,11,10 0,1,0
0,3,0 0,2,0 40,5,2 100,2,2 100,1,1
78,18,14 100,1,1 100,2,2
0,1,0 100,1,1
67,3,2 0,1,0
100,6,6 100,3,3
100,3,3 100,1,1
100,1,1 0,1,0
100,1,1 100,1,1 100,1,1 100,1,1
67,3,2 100,1,1
100,1,1 40,5,2 100,1,1 0,1,0
50,2,1 100,4,4
100,1,1 100,1,1
25,12,3 50,2,1
50,2,1 100,1,1