WordPress.org

Plugin Reviews

Exploit Scanner

Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.

19 reviews
Average Rating
3.2 out of 5 stars
it detected base64_decode('IyBCRUdJTiBXb3JkUHJlc3MKPEl
By , for WP 4.2.4

it detected core file changes by codes base64_decode('IyBCRUdJTiBXb3JkUHJlc3MKPEl...

For advanced users but GOOD!
By , for WP 4.2.2

I could find some files I didn't catch nor wordfence. I had a very malicious hacker on a website and it was really dirty.

impossible to work with
By , for WP 4.2.2

Really too many false positives. So what I'm supposed to do now?

Error occurred during scan
By , for WP 4.1.1

No error message besides the 'Error occurred' message. This is clearly broken, at least for WP multisites.

Great Plugin
By ,

Must plugin for a WordPress web site. You can use it in combo with kali linux, and build a secure wall to your web site..

Really Works
By , for WP 4.1.1

After grabbing the latest hash tags from https://github.com/philipjohn/exploit-scanner-hashes, I was able to get this to scan my site. Awesome work!

doesn't work for me
By , for WP 4.0.1

I get the following message:

"hashes-4.0.1.php missing
The file containing hashes of all WordPress core files appears to be missing; modified core files will no longer be detected and a lot more suspicious strings will be detected"

Then it lists 553 problems which is far too much.

Anyone know how to get it working?

Need option for files/folder to scan
By , for WP 4.0

Works but tedious time to check few thousands of line!
Need option for files/folder to scan, can reduce thousands of lines to check, or at least filter to Severe Level matches

DidnĀ“t work
By ,

Kept not finishing search and giving error message. UNINSTALL!

"hashes-3.x.php missing"
By , for WP 3.8

Every time I update WordPress, Exploit Scanner loses its hashes file and marks everything as compromised. The fact that you have to manually generate a replacement hashes file - there is no way through the GUI - means that it is of limited use to anyone bar expert users. And even then, its not guaranteed to work.

The developers don't seem to be keeping up pace with WordPress core development - the Plugin page lists 3.5.2 as latest supported version, whereas 3.8 is most up to date WP version as of writing.

You must log in to submit a review. You can also log in or register using the form near the top of this page.