Look-See Security Scanner


Look-see Security Scanner is designed to help you quickly and easily spot the sorts of file system irregularities that happen when a site is hacked.

  • Verify the integrity of all core WordPress files, including plugins and themes hosted by WordPress;
  • Search wp-admin/ and wp-includes/ for unexpected files;
  • Search wp-content/uploads/ for hidden scripts;
  • Identify file changes since previous scan;
  • Locate files left over from older versions of WordPress;
  • Analyze configurations for oversights and vulnerabilities;
  • Pro: One-click delete, ignore, fix, and source viewer;
  • Pro: Full feature access through WP-CLI;


Due to the advanced nature of some of the plugin features, there are a few additional server requirements beyond what WordPress itself requires:

  • WordPress 4.4 or later.
  • PHP 7.1 or later.
  • PHP extensions: date, filter, json, pcre, spl
  • CREATE and DROP MySQL grants.

Please note: it is not safe to run WordPress atop a version of PHP that has reached its End of Life. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂

Premium Version

Look-See Pro is the same great administrative tool, just more of it!

  • WP-CLI: file scans and configuration analysis can be run from the command line.
  • Quick Actions: view source code, fix file permission/ownership issues, ignore, or delete a file with the click of a button.

To learn more, visit blobfolio.com.

Privacy Policy

This plugin does not make use of or collect any “Personal Data”.


  • The file scan page at rest.
  • The file scan in progress is updated in realtime and optimized to complete even on slow servers.
  • Overview of past scans.
  • Detailed scan results with explainations and more.
  • Configuration analysis, offering suggestions to improve site security.


Nothing fancy! You can use the built-in installer on the Plugins page or extract and upload the look-see-security-scanner folder to your plugins directory via FTP.

To install this plugin as Must-Use, download, extract, and upload the look-see-security-scanner folder to your mu-plugins directory via FTP. See the MU Caveats for more information about getting WordPress to load an MU plugin that is in a subfolder.

Please note: MU Plugins are removed from the usual update-checking process, so you will need to handle future updates manually.


Is this plugin compatible with WPMU?

The plugin is only meant to be used with single-site WordPress installations.

Does Look-See correct any problems it finds?

The free version of Look-See will point out potential issues and recommend follow-up actions, but it is left up to you to actually complete those actions.

The pro version includes “quick action” links when viewing scan results that can let you view a file’s source, fix permission/ownership issues, and/or ignore or delete it with the push of a button.

Every scan is timing out?

Unfortunately file system operations like scanning can be very resource-intensive. A lot of low-end, budget shared hosting providers might have completing a scan.

In such cases, you could try fiddling with the ignore rules — ignore images and other large files — but ultimately the solution is to probably just find better hosting.

If there are no warnings, does that mean I am A-OK?

Not necessarily. There could still be backdoors elsewhere on the server. As always, we recommend you maintain best security practices and keep regular back-ups.

Can scans be automated?

The free version of the plugin requires scans be run manually through the admin interface.

The pro version contains WP-CLI integration, allowing scans to be run through the command line (thus scans can be executed any which way through server-side scripts or CRON jobs).


Read all 7 reviews

Contributors & Developers

“Look-See Security Scanner” is open source software. The following people have contributed to this plugin.




  • [Remove] Scheduled scans;
  • [Remove] WPScan DB integration;


  • [Fix] Update handling of plugins_api() response to match formatting change.


  • [Misc] Update dependencies.


  • [Misc] Update dependencies.
  • [Misc] Minor performance improvements.


  • [New] Use the new WP.org plugin checksum API endpoint (where possible).