NinjaScanner

Description

A lightweight, fast and powerful antivirus scanner for WordPress.

NinjaScanner is a lightweight, fast and powerful antivirus scanner for WordPress which includes many features to help you scan your blog for malware and virus.

Features

  • File integrity checker.
  • File comparison viewer.
  • Exclusion filters.
  • File snapshot.
  • Anti-malware/Antivirus.
  • Sandbox for quarantined files.
  • Incremental scans.
  • Background scans.
  • Scheduled scans (Premium).
  • WP-CLI integration (Premium).
  • Debugging log.
  • Email report.
  • Integration with NinjaFirewall (WP and WP+ Edition).
  • Multi-site support.
  • Contextual help.
  • And many more…

File Integrity Checker

The File Integrity Checker will compare your WordPress core files as well as your plugin and theme files to their original package. Its File Comparison Viewer will show you the differences between any modified file and the original. You can also add your Premium themes and plugins to the File Integrity Checker. Infected or corrupted files can be easily restored with one click.

File Snapshot

The File Snapshot will show you which files were changed, added or deleted since the previous scan.

Anti-Malware Signatures

You can scan your blog for potential malware and virus using the built-in signatures. The scanning engine is compatible with the popular Linux Malware Detect LMD (whose anti-malware signatures are included) and with some ClamAV signatures as well. You can even write your own anti-malware signatures.

Incremental Scan

If a scan is interrupted before completion (e.g., crash, error etc), it will restart automatically where it left off.

NinjaFirewall Integration

If you are running our NinjaFirewall (WP or WP+ Edition) web application firewall plugin, you can use this option to integrate NinjaScanner into its menu.

Fast and Lightweight Scanner

NinjaScanner has strictly no impact on your database. It only uses it to store its configuration (less than 1Kb). It saves the scan data, report, logs etc on disk only, makes use of caching to save bandwidth and server resources. It also includes a Garbage Collector that will clean up its cache on a regular basis.

Background Scans

Another great NinjaScanner feature is that it runs in the background: start a scan, let it run and keep working on your blog as usual. You can even log out of the WordPress dashboard while a scanning process is running! You don’t have to wait patiently until the scan has finished. Additionally, a scan report can be sent to one or more email addresses.

Sandbox for quarantined files

When moving a file to the quarantine folder, NinjaScanner can use a testing environment (a.k.a. sandbox) to make sure that this action does not crash your blog with a fatal error. If it does, it will warn you and will not quarantine the file. It is possible (but not recommended) to disable the sandbox.

Advanced Settings

NinjaScanner offers many advanced settings to finely tune it, such as exclusion filters, selection of the algorithm to use, a debugging log etc.

Privacy Policy

We, the authors, do not collect, share or sell personal information. We don’t track or profile you. Our sotfwares do not collect any private data from you or your visitors.

NinjaScanner is compliant with the General Data Protection Regulation (GDPR).

Premium Features

Check out our NinjaScanner Premium Edition

  • Scheduled Scans: Don’t leave your blog at risk. With the scheduled scan option, NinjaScanner will run automatically hourly, twice daily or daily.
  • WP-CLI Integration: Do you own several blogs and prefer to manage them from the command line? NinjaScanner can nicely integrate with WP-CLI, using the ninjascanner command. You can use it to start or stop a scanning process, view its status, its report or log from your favourite terminal, without having to log in to the WordPress Admin Dashboard.
  • Dedicated Help Desk with Priority Support

Screenshots

  • Summary page.
  • Basic settings.
  • Advanced settings.
  • Nerds settings.
  • WP-CLI integration.
  • Report sample.
  • Viewing differences between the modified and the original files.
  • Debugging log.
  • Integration with NinjaFirewall.

Installation

  1. Upload the ninjascanner folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ page in WordPress.
  3. Plugin settings are located in the ‘Tools > NinjaScanner’ sub-menu.

FAQ

Installation Instructions
  1. Upload the ninjascanner folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ page in WordPress.
  3. Plugin settings are located in the ‘Tools > NinjaScanner’ sub-menu.

Reviews

Scan not working

Two days ago I clicked ‘scan’ button, well by now I can see ‘Scan in progress..’
I think its’ stuck, this 1 star, not working.

I owe you guys! Your product is great

Out od current 500+ installs about 50 are probably mine 🙂 I had one shared host which was attacked by some nasty injection – your plugin saved my life – BIG THANK YOU. As a suggestion I would add bulk restore files, notification about suspicious users creation (maybe just list all admins), and button to total core reinstall (but it would have to delete all core files instead of wp-content, htaccess and wp-config)

Awesome

This is an awesome new plugin for scanning the back-end of WordPress. The PRO plugin is reasonably priced. Great job.

Read all 5 reviews

Contributors & Developers

“NinjaScanner” is open source software. The following people have contributed to this plugin.

Contributors

“NinjaScanner” has been translated into 1 locale. Thank you to the translators for their contributions.

Translate “NinjaScanner” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.2.1

  • Fixes a fatal error with non UTF-8 chars when calling the json_decode() function.
  • Makes sure the destination folder is writable before restoring a file.
  • Adds a “GDPR Compliance” link in the “About” page.

1.2

  • Adds a sandbox to the quarantine option: When moving a file to the quarantine folder, NinjaScanner can use a testing environment (a.k.a. sandbox) to make sure that this action does not crash your blog with a fatal error. If it does, it will warn you and will not quarantine the file. The sandbox option can be disabled from the “Nerds Settings” menu. See also our blog: http://nin.link/nssandbox/
  • Adds support for chrooted ABSPATH (“/”).
  • When moving a file to the quarantine folder, an error message will be returned if the source file is not writable and cannot be deleted.

1.1

  • You can now restore modified files (WordPress core, plugin and theme) or quarantine other files with one click while viewing the scan report: select the file in the listbox, and click the corresponding button below.
  • Adds a new “Quarantine” tab. It displays the list of quarantined files, if any, and can be used to managed them.
  • Adds a diagnostics button to help detect potential errors (“NinjaScanner > Settings > Advanced Users Settings > Nerds Settings > Debugging > Run diagnostics”).
  • Better error handling (memory allocation errors etc).
  • Adds a new “System” section to the scan report. It will be used to perform various system tests.
  • Minor fixes and adjustments.

1.0.5

  • The File Comparison Viewer will always attempt to retrieve the original core, plugin or theme file from the local cache first and, if not found, it will download it from wordpress.org rather than returning an error message.
  • Fixes a bug where some errors occurring while checking the core files integrity (e.g., connection errors, time-out) were not mentioned in the email report.

1.0.4

  • Fixes a bug where the scan report was sent by email regardless of the user settings.
  • Fixes an issue with non-en_US locale WordPress installations: the “File Integrity Checker” could wrongly report that bundled translation files (.mo and .po) were modified because it was using outdated cached copies of the files.
  • By default, the Garbage Collector will run hourly instead of daily. You can also run it manually to flush the cache immediately (see “NinjaScanner > Settings > Advanced Users Settings > Nerds Settings > Run the garbage collector”).

1.0.3

  • Adds the option to send the email report depending on the scan results (e.g., only if a critical or important problem was detected). See the “NinjaScanner > Settings > Send the scan report” option.
  • Improves the detection of backdoors in the root (ABSPATH) of the blog installation.
  • Fixes a bug that could wrongly flag a cached file as suspicious when a caching plugin was installed.
  • Minor fixes and adjustments.

1.0.2

  • The scanning process can be started even when DISABLE_WP_CRON is set (note that a cron job is still needed to run scheduled scans and the garbage collector).
  • Fixes a bug in the file comparison viewer that would skip some empty lines.

1.0.1

  • Fixes an issue with non-en_US locale WordPress installations: the “File Integrity Checker” could wrongly report that some files (wp-config-sample.php, version.php and readme.html) were modified.
  • Increases remote connections timeout from 10 to 60 seconds.
  • Adds a warning if the report was created with a different version of NinjaScanner.

1.0

  • Initial released.