Title: Gogasys Malware Scanner
Author: gogasysitsolutions
Published: <strong>May 19, 2026</strong>
Last modified: May 22, 2026

---

Search plugins

![](https://s.w.org/plugins/geopattern-icon/gogasys-malware-scanner.svg)

# Gogasys Malware Scanner

 By [gogasysitsolutions](https://profiles.wordpress.org/gogasysitsolutions/)

[Download](https://downloads.wordpress.org/plugin/gogasys-malware-scanner.1.0.7.zip)

 * [Details](https://wordpress.org/plugins/gogasys-malware-scanner/#description)
 * [Reviews](https://wordpress.org/plugins/gogasys-malware-scanner/#reviews)
 *  [Installation](https://wordpress.org/plugins/gogasys-malware-scanner/#installation)
 * [Development](https://wordpress.org/plugins/gogasys-malware-scanner/#developers)

 [Support](https://wordpress.org/support/plugin/gogasys-malware-scanner/)

## Description

Gogasys Malware Scanner is a comprehensive security solution for WordPress, built
from the ground up to be lightweight, secure, and fully compliant with WordPress
coding standards.

**Key Features:**

 * **Web Application Firewall (WAF):** Real-time inspection of GET, POST, and FILES
   requests to block SQL injection, XSS, and more.
 * **Malware Scanner:** Detects malicious file patterns and monitors WordPress core
   file integrity using official checksums.
 * **IP & Country Blocking:** Easily block specific IP addresses or entire countries
   using GeoIP detection.
 * **Security Headers:** One-click configuration for XSS Protection, CSP, HSTS, 
   and more.
 * **Scheduled Scans:** Automated scanning powered by WP-Cron. **Note: This feature
   is OFF by default and requires explicit user consent to enable.**
 * **Incident Logging:** Detailed logs of all blocked threats and suspicious activities.
 * **Admin Notifications:** Get notified via email immediately when threats are 
   detected.

### External services

Gogasys Malware Scanner connects to the following third-party services to provide
core security features:

 1. **api.wordpress.org**: Used by the Malware Scanner to fetch official WordPress 
    core file checksums. This allows the plugin to verify the integrity of your WordPress
    installation and detect unauthorized file modifications.
 2.  * **Data Sent:** WordPress version and site locale.
     * **Service Provider:** WordPress.org (Privacy Policy: [https://wordpress.org/about/privacy/](https://wordpress.org/about/privacy/))
 3. **ip-api.com**: Used for GeoIP-based country blocking. When the _Country Blocking(
    GeoIP)_ feature is **explicitly enabled** by the site administrator, visitor IP
    addresses are sent to ip-api.com to determine the country of origin. **This feature
    is disabled by default.** No IP data is sent unless the administrator opts in. 
    IP addresses are not stored by this plugin.
 4.  * **Data Sent:** Visitor IP address (only when the GeoIP feature is enabled by
       the admin).
     * **Service Provider:** Artia International S.R.L. (Terms and Privacy: [https://ip-api.com/docs/legal](https://ip-api.com/docs/legal))

## Installation

 1. Upload the `gogasys-malware-scanner` folder to the `/wp-content/plugins/` directory.
 2. Activate the plugin through the ‘Plugins’ menu in WordPress.
 3. Navigate to the ‘Gogasys Security’ menu in your dashboard to configure settings.

## FAQ

### Does this plugin include a firewall?

Yes, it includes a real-time Web Application Firewall (WAF) that inspects every 
request.

### How does the malware scanner work?

It compares your WordPress core files against official checksums and scans the `
wp-content` directory for known malicious PHP patterns.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Gogasys Malware Scanner” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ gogasysitsolutions ](https://profiles.wordpress.org/gogasysitsolutions/)

[Translate “Gogasys Malware Scanner” into your language.](https://translate.wordpress.org/projects/wp-plugins/gogasys-malware-scanner)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/gogasys-malware-scanner/),
check out the [SVN repository](https://plugins.svn.wordpress.org/gogasys-malware-scanner/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/gogasys-malware-scanner/)
by [RSS](https://plugins.trac.wordpress.org/log/gogasys-malware-scanner/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0.7

 * Compatibility: Confirmed fully compatible with WordPress 7.0 and PHP 8.4.
 * Security Fix: Added `realpath()`/`WP_CONTENT_DIR` path-traversal validation to`
   ajax_delete_file()`, matching the existing guard in `ajax_quarantine_file()`.
 * Bug Fix: Corrected `WP_Filesystem::get_contents()` call that incorrectly passed
   two extra parameters not supported by the WP Filesystem API — the 100 KB file-
   size cap is now properly enforced via `strlen()` after reading.
 * Security Header: Changed `X-XSS-Protection` default from `1; mode=block` to empty
   string. This header is deprecated, unsupported by modern browsers (Chrome removed
   it in 2019, Firefox never supported it), and can introduce XSS vulnerabilities
   per Mozilla’s security documentation. Leave blank and rely on Content-Security-
   Policy instead.
 * Admin UI: Added WordPress 7.0 / Modern Browser deprecation notice and orange 
   DEPRECATED badge on the X-XSS-Protection field in Security Headers settings.
 * Admin JS: Updated protection mode preset recommendations to set X-XSS-Protection
   to empty (matching server-side default).
 * Code Quality: Added PHP 7.4+ type hints and `: void` return types to `Cron::add_schedules()`,`
   Cron::run_scan()`, all `Activity_Logger` public methods, and `Admin::enqueue_assets()`
   for PHPCS/WordPress Coding Standards compliance and PHP 8.x strict-mode compatibility.
 * Readme: Updated `Tested up to: 7.0`.

#### 1.0.6

 * Security: Gated all ip-api.com GeoIP lookups behind an explicit admin opt-in 
   toggle (`gogasys_ms_enable_geoip`). The plugin no longer contacts external services
   without administrator consent, complying with WordPress.org Plugin Directory 
   Guidelines.
 * Privacy: Added `wp_add_privacy_policy_content()` integration so site owners can
   include GeoIP data-handling details in their Privacy Policy.
 * Path Handling: Replaced hardcoded `WP_CONTENT_DIR` with `wp_upload_dir()` for
   the quarantine directory, ensuring compatibility with non-standard WordPress 
   installs.
 * Security: Replaced the disallowed `define('DISALLOW_UNFILTERED_HTML', true)` 
   with a `map_meta_cap` filter, which is the WordPress-approved pattern for restricting
   the `unfiltered_html` capability.
 * Bug Fix (Critical): Fixed fatal PHP error in quarantine action — `GOGASYS_MS_QUARANTINE_DIR`
   constant reference replaced with the correct `gogasys_ms_quarantine_dir()` function
   call throughout `class-scanner.php`.
 * Bug Fix: Fixed admin asset enqueue logic — CSS/JS now loads on all plugin subpages(
   Firewall, Scanner, Logs, IP Blocker, Headers, Notifications), not only the main
   dashboard.
 * Compliance: Removed `Network: true` from plugin header (plugin does not require
   network activation).
 * Compliance: Updated `Author` header field to a proper display name per WordPress
   Plugin Directory guidelines.
 * Compliance: Updated `Plugin URI` to a clean URL without `.html` extension.
 * Settings API: Registered `gogasys_ms_enable_geoip`, `gogasys_ms_blocked_countries`,
   and `gogasys_ms_block_attack_countries` via `register_setting()` for proper sanitization.
 * Added `gogasys_ms_sanitize_country_array()` sanitize callback for country code
   option storage.
 * UI: Added a prominent opt-in notice to the IP & Country Management settings page
   explaining that ip-api.com is an external service.
 * Uninstall: Added all `gogasys_ms_header_*` options, `gogasys_ms_attack_countries`,
   and removed duplicate entries from uninstall cleanup list — ensures no orphaned
   data remains after plugin deletion.

#### 1.0.5

 * Fix: Resolved PHP syntax error by renaming invalid namespace (`Gogasys Malware
   Scanner`) to `GogasysMalwareScanner` across all files to comply with WordPress.
   org coding standards.

#### 1.0.4

 * Renamed plugin to Gogasys Malware Scanner for compliance with directory guidelines.
 * Fully refactored codebase to synchronize namespaces, constants, and options with
   the new identity.

#### 1.0.3

 * Resolved granular Plugin Check security warnings for unescaped DB parameters.
 * Optimized database queries with unified suppressions.

#### 1.0.2

 * Finalized database compliance by using literal SQL fragments for ordering.
 * Improved cache invalidation on data updates.

#### 1.0.1

 * Improved database query compliance for WordPress.org submission.
 * Implemented full object caching for database results.
 * Prefixed all global variables in admin views.

#### 1.0.0

 * Initial release.

## Meta

 *  Version **1.0.7**
 *  Last updated **17 hours ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 5.6 or higher **
 *  Tested up to **7.0**
 *  PHP version ** 7.4 or higher **
 *  [Advanced View](https://wordpress.org/plugins/gogasys-malware-scanner/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/gogasys-malware-scanner/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/gogasys-malware-scanner/reviews/)

## Contributors

 *   [ gogasysitsolutions ](https://profiles.wordpress.org/gogasysitsolutions/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/gogasys-malware-scanner/)