WordPress.org

Plugin Reviews

The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

Exploit Scanner

Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.

27 reviews
Average Rating
3.2 out of 5 stars
Virus log for exploit-scanner.1.5.zip
By , for WP 4.5.3
Great plugin, works as advertised
By , for WP 4.5.2

Great plugin that does exactly what it says, scans your WordPress files for potentially malicious code. Written by some top WordPress developers. Super easy to use with clear results. The plugin got some negative reviews because of a missing hash file, but that has been fixed. Thanks to the authors for keeping the plugin updated.

Very Helpful Plugin - It works!
By , for WP 4.4.2

First, we did have to download the hashes-4.4.2.php file from GitHub here: https://github.com/philipjohn/exploit-scanner-hashes, and add it to the exploit-scanner plugin folder.

Running the scan produced a nice list of files that didn't belong or had been corrupted. Thank you for this plugin!

Finds files others miss
By , for WP 4.4.2

Yes, this produces a lot of false positives, but once you learn how to recognize a real hack, this plugin is gold. Finds files Wordfence and others miss. So use the other "automatic" security plugins first, then run this after to find what they didn't. Combine them and you'll be well protected.

Too Many Errors in a New WordPress Installation
By , for WP 4.4.1

I'm having big trouble with a couple of sites that have been hacked MANY times. I'm trying everything, before recreating from scratch the sites (fortunately, they are only informative sites, easy to recreate).

I tried Exploit Scanner in a a fresh, new, empty (only 2 security plugins, and an coming soon plug in) site and the results from Exploit Scanner are just depressing...

"hashes-4.4.2.php missing
The file containing hashes of all WordPress core files appears to be missing; modified core files will no longer be detected and a lot more suspicious strings will be detected"

Then, 483 files are pointed as suspicious.... an example:

wp-admin/menu.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-admin/user-edit.php
Unknown file found in wp-includes/ or wp-admin/ directory.

this plugin didnt work for me.

What even is this
By , for WP 4.4.2

All it does is scan your fields for instances of "eval" and "base64_decode" and flags them as severe (both of which are used fairly widely by plugins anyway). It even flags its own readme as being potentially malicious. What a waste of time.

Did what it was supposed to do
By , for WP 4.3.1

Found a few files that had been hacked. Thanks for finding them.

Great Plugin for Devs
By , for WP 4.3.1

Great plugin for devs, finds pretty much anything, Wordfence did not!
Keep up the good work Dev!

It works if you read
By , for WP 4.3.1

Used the plugin to discover a few infected files not detected by other security plugins. It works great if you manage to identify the infected files in the loong list. Yes, a lot of the listed files are clean.

For advanced users but GOOD!
By , for WP 4.2.2

I could find some files I didn't catch nor wordfence. I had a very malicious hacker on a website and it was really dirty.

You must log in to submit a review. You can also log in or register using the form near the top of this page.