WordPress.org

Plugin Reviews

Exploit Scanner

Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.

8 reviews
Average Rating
3.2 out of 5 stars
You are currently viewing the reviews that provided a rating of 5 stars. Click here to see all reviews.
it detected base64_decode('IyBCRUdJTiBXb3JkUHJlc3MKPEl
By , for WP 4.2.4

it detected core file changes by codes base64_decode('IyBCRUdJTiBXb3JkUHJlc3MKPEl...

For advanced users but GOOD!
By , for WP 4.2.2

I could find some files I didn't catch nor wordfence. I had a very malicious hacker on a website and it was really dirty.

Great Plugin
By ,

Must plugin for a WordPress web site. You can use it in combo with kali linux, and build a secure wall to your web site..

Really Works
By , for WP 4.1.1

After grabbing the latest hash tags from https://github.com/philipjohn/exploit-scanner-hashes, I was able to get this to scan my site. Awesome work!

only shows exploits in security plugins
By , for WP 3.7.1

does not show much except lots of stuff from other security plugins.
useless.

Best idea ever
By , for WP 3.4.2

This plugin is a very very good idea because cometimes, hackers are modiying core files to include their backdoors.

Common sense needed
By , for WP 3.4.2

Make sure you use common sense when reviewing your site.

Great tool
By , for WP 3.4.2

I had a site hacked last summer (2012). In spite of clearing the hacked files that showed up for a phishing exploit, new ones kept popping up. I added a number of security plugins including Website Defender, Bulletproof Security, and Wordfence. Of these, Wordfence seemed to be the best at actually and quickly detecting the presence of attack shells; but the problem continued to occur. I could also see some of the IP addresses that were involved in sourcing the attack (Indonesia especially) and I could block specific IP addresses; but still, the attack continued. I inspected the MySQL DB to see if there had been any SQL injection at or near the first attack, but there was nothing there. I was about ready to take the entire site back to formula and do the whole thing over by hand when I came across this plugin.

Of course, it over-did the detection but it also pinpointed the upload vectors buried away in the site. This was much better than under-detection, since I could decide for myself if a file was clean or not by opening it and checking it out.

This plugin gets my five-star rating for saving my bacon.

You must log in to submit a review. You can also log in or register using the form near the top of this page.