Quttera Web Malware Scanner


The Quttera Web Malware Scanner plugin will scan your website for malware, trojans, backdoors, worms, viruses, shells, spyware and other threats as well as JavaScript code obfuscation, exploits, malicious iframes, malicious code injection, malicious code obfuscation, auto-generated malicious content, redirects, hidden eval code and more. Also, it will check whether your website is blacklisted by Google and other blacklisting authorities. Help yourself to protect your website, your website users and your online reputation with a free Quttera Web Malware Scanner plugin.


  • One Click Scan
  • Unknown Malware Detection
  • External Links Detection
  • Blacklist Status
  • No Signatures or Patterns Updates
  • Artificial Intelligence Scan Engine
  • Cloud Technology
  • Detailed Investigation Report
  • Investigation of WordPress files
  • Detection of files infected by PHP malware
  • Detection of injected PHP shells

If you need a hand with malware removal please do not hesitate to contact us on support@quttera.com or sign-up to any of our annual plans which include malware cleanup and blacklist removal on https://quttera.com/anti-malware-website-monitoring-signup .


Plugin’s other home


  • Quttera Web Malware Scanner for Word Press


  1. Download the plugin.
  2. Go to the WordPress Plugin menu and activate it.
  3. That’s it!


How is this plugin different from similar plugins?

This plugin uses Quttera’s unique, patented, malware scanning and detection technology. The scanning engine employs a multi-layered, heuristic approach to gather the intelligence from the analyzed system and digest it into weighted rules to flag a piece of code as malicious. A self-learning mechanism uses Quttera’s threats intelligence database crowd-sourced from a worldwide network to update the ruleset and improve detection with each subsequent run.

What is the heuristic scan?

Standard or traditional scanning relies on the signature matching mechanisms. In which the signature of the known threat or its polymorphed variant is compared with the contents (string, e.g.) of the examined file. This technique relies on the existence of the signature in the database to enable the detection. Heuristic approach implements rules, weight-based systems, emulators, flow analyzers, statistical and mathematical methods when probing specific instructions, commands or any other portion of the software. As a result, it allows detecting the potentially malicious functionality in new (previously unknown) malware.

What to do if plugin detects something suspicious?

Quttera technology encompasses heuristic and self-learning components. The severity of the detection depends on the danger it can potentially pause. Current implementation offers four (4) severity levels: Clean, Potentially Suspicious, Suspicious and Malicious. If you are not sure whether Potentially Suspicious or Suspicious detection is an actual threat, our team will help you with that. You can contact us via any of the following: a ticket at https://helpdesk.quttera.com, email to support@quttera.com or through the Support Forum .

Where can I get support for this plugin?

You can contact us via any of the following: a ticket at https://helpdesk.quttera.com, email to support@quttera.com or through the Support Forum .

What to do in case of False-Positives?

Report False-Positive to our helpdesk, and we will review and fix it within the 3-4 working days.

How to submit samples that plugin did not detect?

Please submit any missing detection to our helpdesk.

Why when I click Start Scan the screen freezes and then goes blank?

That usually occurs when there is only one PHP worker assigned to the site. When the plugin runs, it occupies one PHP worker for the scan. Since there are no extra PHP workers available, the plugin blocks the website until the scan is finished.

Do you offer paid services?

Yes, we offer website security plans to protect the sites from malware and blacklisting, fix hacking and improve the overall cybersecurity risks management for web assets.

Why when I click Scan Now nothing happens?

A front-end code interacts with the backend code of this plugin through the HTTP request sent by loaded JavaScript functionality (code). Please verify that you have JavaScript enabled and that the firewall doesn’t block these requests.

How can I send you the investigation report?

Click “Download Report” button to generate the report, store it as a text file and send it to us via helpdesk.

Why when I run an internal scan, the scanned files count shows 0 (zero)?

The plugin scheduler invocation is based on WordPress Cron mechanism.
Some web hostings and servers do not enable the functionality required for WordPress Cron mechanism to work correctly.
There is a way to overcome this limitation by using alternative WordPress Cron. To enable alternative Cron, please add the following line to wp-config.php

define(‘ALTERNATE_WP_CRON’, true);

Questions about investigation process

For questions about investigation process please refer to http://quttera.com or post in the Support section here.


August 27, 2020
I'd like to thank the Quttera team to fix our malware issues that other great security plugins doesn't detect. The premium price is worth every penny. You don't deserve to get 1 star rating. Highly recommended so thank you very much!!
August 17, 2020
It see malware, but not removes until you pay. waste of time and scam like malware.
May 29, 2020
Quttera is best plugin ever I had used, it scans whole files and if infected it shows the exact path as well showing in Red color that code snippet which is infectious code, there are some extra false positives as well but after rechecking and confirming we can leave that parts as well but from all free Scan Plugins, this Plugin is best ever I have used so far, I am using it from last year and it has helped me a lot to recover many of clients websites.
November 12, 2019
This plugin already has some bad reviews, and deserves them. I've just ran this and straight away gave me false positives. There's no excuse for this as they simply have not used a cross reference or checksum to legitimate/clean files. Furthermore, due to a poor interface you can't even tell the exact file due to truncation of deep nested folders. Example: wp-content/plugins/js_composer/assets/lib/b/.../less.min.js Threat name: Trojan.PHP.Agent.gen.317 Threat: eval(c,function(a,c) Details: Detected malicious PHP content On that example I had to try and work out the exact file by looking around for it deep in that folder name which is partially exposed. The file part of WPBakery Page Builder 5.6, and is clean... I even double checked by doing my own checksum and a visual comparison with an original version of the file. Other scanners sometimes class JS EVAL functions as above as a "potential threat", but Quttera go further and even give it a name and call it malicious. The only thing I removed was Quttera's plugin
September 9, 2019
Sorry to say it, but I have tried many security scanners, and this gives so many false positive, even when the log file is empty. this gives so much headache, please fix it, and give real results, you make people work for nothing.
Read all 40 reviews

Contributors & Developers

“Quttera Web Malware Scanner” is open source software. The following people have contributed to this plugin.



  • Added new detection rules

  • Added capability for high sensitive and normal scans

  • Added new detection rules

  • Fixed presentation of investigation report

  • Added new SEO/malware/ransomware detections

  • Added admin user verification on internal scan

  • Added new SEO/malware/ransomware detections

  • Fixes for 4.8.2 and new backdoor samples

  • Added new malware/shell samples

  • Added new spam samples

  • Added new spam samples

  • Added new malware shell

  • Added new malicious ads detection


  • Initial public release