WordPress.org

Plugin Reviews

Exploit Scanner

Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.

26 reviews
Average Rating
3.3 out of 5 stars
Very Helpful Plugin - It works!
By , for WP 4.4.2

First, we did have to download the hashes-4.4.2.php file from GitHub here: https://github.com/philipjohn/exploit-scanner-hashes, and add it to the exploit-scanner plugin folder.

Running the scan produced a nice list of files that didn't belong or had been corrupted. Thank you for this plugin!

Finds files others miss
By , for WP 4.4.2

Yes, this produces a lot of false positives, but once you learn how to recognize a real hack, this plugin is gold. Finds files Wordfence and others miss. So use the other "automatic" security plugins first, then run this after to find what they didn't. Combine them and you'll be well protected.

Too Many Errors in a New WordPress Installation
By , for WP 4.4.1

I'm having big trouble with a couple of sites that have been hacked MANY times. I'm trying everything, before recreating from scratch the sites (fortunately, they are only informative sites, easy to recreate).

I tried Exploit Scanner in a a fresh, new, empty (only 2 security plugins, and an coming soon plug in) site and the results from Exploit Scanner are just depressing...

"hashes-4.4.2.php missing
The file containing hashes of all WordPress core files appears to be missing; modified core files will no longer be detected and a lot more suspicious strings will be detected"

Then, 483 files are pointed as suspicious.... an example:

wp-admin/menu.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-admin/user-edit.php
Unknown file found in wp-includes/ or wp-admin/ directory.

this plugin didnt work for me.

What even is this
By , for WP 4.4.2

All it does is scan your fields for instances of "eval" and "base64_decode" and flags them as severe (both of which are used fairly widely by plugins anyway). It even flags its own readme as being potentially malicious. What a waste of time.

Did what it was supposed to do
By , for WP 4.3.1

Found a few files that had been hacked. Thanks for finding them.

Great Plugin for Devs
By , for WP 4.3.1

Great plugin for devs, finds pretty much anything, Wordfence did not!
Keep up the good work Dev!

It works if you read
By , for WP 4.3.1

Used the plugin to discover a few infected files not detected by other security plugins. It works great if you manage to identify the infected files in the loong list. Yes, a lot of the listed files are clean.

it detected base64_decode('IyBCRUdJTiBXb3JkUHJlc3MKPEl
By , for WP 4.2.4

it detected core file changes by codes base64_decode('IyBCRUdJTiBXb3JkUHJlc3MKPEl...

For advanced users but GOOD!
By , for WP 4.2.2

I could find some files I didn't catch nor wordfence. I had a very malicious hacker on a website and it was really dirty.

impossible to work with
By , for WP 4.2.2

Really too many false positives. So what I'm supposed to do now?

You must log in to submit a review. You can also log in or register using the form near the top of this page.