Detects malware infection
from internal files

Checks and detects malware (tampering and virus infection) by scanning throughout the files inside WordPress.

Malware pattern detection
and definitive diagnosis

You can check both of the machine detection of malware patterns and the result judged by experts.

Highlights the detected
location of malware or tampering

Highlights the locations where malware or tampering is detected for easy identification.


Auto scanning runs at midnight so that tampering damage can be checked during hours with less visits to the website.

Emails you about the
detection result of malware infection

Notifies by email when detected malware so that you won’t miss it. (Email notification is only once in 24 hours even if detected multiple times.)


Automatically acquires malware patterns increasing day by day via cloud. Installs them to detect the latest malware and tampering methods.



Enhances login functions of WordPress to make it difficult for hackers to steal administrator right.


Prevents leak of important files (htaccess, wp-config.php, etc.) and server information.

Protects against
hacking tools

Detects accesses from well-known hacking tools and blocks them to protect WordPress.

Shows adequate write
permission for files.

Shows files having a problem with write permission, and advises adequate write permission.

Protects against brute
force attack

Detects and blocks IP addresses that attempted to login to your website by brute force attack.

Protects against comment
spam and spam emails.

Prevents automatically posted comment spam and spam emails.

All security improvement functions are available free of charge, including 21 items (Login LockDown, Login captcha, Password reset captcha, Login log, Protect author information, Change login page URL, Prevent information leak about WordPress version, Protect important files, Block access to wlwmanifest.xml, Protect server information, Prohibit display of Index list, Prohibit WPSCAN, Prohibit access from brute force attack IP to XMLRPC and wp-login, Inspect permission (write permission for files), Prohibit editing themes and plugins, Prohibit Pingback, Prohibit REST API, Prohibit Trace & Track, Prohibit comment posting via proxy, Comment form captcha, Prohibit comment posting by spambots, IP blocker , Include file protection, Upload folder protection, Block danger query) other than the above.

Complete scan of files and databases

WordPress Doctor Malware Scanner & Security v1.9 or later scans files as well as databases for all patterns and detects and removes any malicious code.
There are two types of malware: those that parasitize PHP files and send backdoor programs, spam, redirects, etc., and those that write directly into the database.
The most common malware type for databases is redirection hack.

WordPress malware (Virus) removal

You can easily remove or edit malware file at management screen.

This function not only can remove malware file but deleting just malware code included in wordpress ordinary files.

NIST vulnerability check.

This test checks for the most dangerous vulnerabilities (CVSS V 7.5 points ~) in WordPress and plugins.

※The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes. Vulnerabilities are detected from the data in the database of NIST, an international organization.

Block hacking
in realtime!

WordPress Doctor - Malware Scanner & Security has a world’s first function that blocks hacking activities before infection to malware.
. Once hackers find fragility of a website, they will build-in a backdoor to tamper the website again even if the malware is removed. This function will block malware codes by catching them at the time they are sent, and log the hackers’ IPs.

*You can activate this function by subscribing the latest malware patterns.

Install the Plugin

  1. Download the plugin and save the ZIP file to your local computer.

  2. Log in to your WordPress. From dashboard, go to “Plugins” > “Add New” > Click “Upload Plugin”.

  3. Select the downloaded ZIP file and click Install Now to activate the plugin.

  4. Click plugin menu “Malware Scan” added to the left bar on dashboard.

  5. Click “Scan now” on the right top to start scanning shortly.

  6. Various settings are available on the “Setting” tab on this display, and the plugin’s security measures are available on the “Security Improvement” tab.

Download plugin for free v2.6


files a day can be checked with the high-speed scanner.


malware (tampering) patterns can be detected.


vulnerabilities can be inspected.


sites installed & trusted our plugin.


Auto scaning does not start at the scheduled time.

Auto scaning of malware scanner uses the auto-execution function of WordPress. This function is triggered only when there is an access to the website.
If there is no access in the scheduled time zone, execution of auto scaning may be delayed.


The execution time of malware scanning depends on the number of files. If there are a lot of files to be scanned, scanning may take several minutes at least, or more than 10 minutes to complete.

Can I switch the screen during scanning?

Scanning will be stopped, but the files are scanned properly and are recorded up to that point. Please restart scanning or wait until auto scaning is completed.

Login captcha is not displayed, or captcha value is not accepted.

Due to using Jetpack single sign-on function or caching plugin together, cached login screen without captcha or login screen including old captcha (captcha is generated at every access to the login screen for security) may be displayed. In this case, please create a URL as follows and try to access.

http://URL of WordPress/Changed login URL?jetpack-sso-show-default-form=1

If you have changed wp-login.php and login URL with a caching plugin, it is recommended not to cache the changed URL.

What if malware is detected?

When a malware is found by scanning only with pattern matching, there is a possibility of misdetection. Please consider waiting until the code is reviewed.
Please note that the website has been tampered when some files are judged as malware as a result of definitive diagnosis of individual files.
Removal of malware requires technical knowledge. It is recommended to ask an expert, but pay attention especially to the following points when you manage it by yourself.

● If the malware is infesting the file originally consists WordPress, please delete only the tampered parts carefully.
● If the file is not a regular file of WordPress, the entire file can be deleted without any problem.

However, if the tampered file is read by another tampered file, deletion of the tampered file may cause errors to the caller and may lead to malfunction such as undisplayable website. In that case, investigation of the caller and deletion of its tampering are required.

A plugin that checks and detects Wordpress sites tampering, hijacking, hacking, malware, and virus infections.

The WordPress Doctor Malware Scanner is a plugin that checks and detects the program code of a WordPress site from nearly 8000 patterns of malicious code (malware, viruses, tampering, hacking infection damage) . Malware detection patterns are constantly updated on our servers to ensure that the latest malwares are available for detection.

WordPress Doctor: Malware Scan is a plugin that not only detects tampering, but can also determine if the code is embedded with malicious code by hackers.

Make WordPress more secure with top-notch security features that prevent hackers.

The plugin offers 26 easy-to-set WordPress security features for free. The functions are the best , and include unique functions that are based on research with crackers intrusion methods.
This is the most light-weight security plug-in that can be used to prevent hacker intrusion and hacking.

WP Doctor Malware Scanner plugin Overview

Scans the entire WordPress site files and database with the latest malware definition patterns.

The program gets the latest malware patterns, which are increasing every day via WordPress Doctor's cloud server, and scans WordPress files and database completely from the inside to investigate and detect files that have been tampered by hackers.
When WordPress is hijacked, you can check the location of the malware code and the tampering file place.

Pattern matching, definitive diagnosis

The results of the scan are displayed in two stages: pattern matching (a mechanical check to see if the code contained in the malware patterns is in the file) and definitive diagnosis using a proprietary algorithm if the detected location has already been identified as malicious code by experts and our algorithm.

Highlighting of detection code lines

Highlight the part of the code where the malware is contained.

Automatic scanning and email notification

Automatically scans for malware at a time of your choice. It also notifies you by e-mail when malware is detected.

Security enhancement features

WordPress Doctor Malware Scanner comes with a powerful site security enhancement feature, which is mostly free.
This feature can be easily configured by anyone by simply checking a box, and it also displays the current security strength as a score.

Login Lockdown

Prevents a user from logging in for 10 minutes after three failed login attempts. By enabling this feature, you can reduce the risk of hackers breaking through the password brute force at the login screen.

Login Capture

Display a capture on the login screen. By adding a quiz to the login screen, you can reduce the risk that hackers will repeatedly try to log in mechanically and lose administrative privileges.

Password reset capture

Display a capture on the password reset screen. This can prevent hackers from taking advantage of the vulnerability of the email sending program in the password reset screen.

Login Page URL Change

Change the URL of the login page to make it difficult for hackers to access the login page itself.

Login Log Function

Save up to one month of logins with administrator privileges to check for unauthorized logins.

Prevent wordpress version leaks

Hackers can check the version of WordPress from outside and take advantage of attack vulnerabilities. It stops the output of meta-generators and queries (numerical variables of the version given to CSS and JS loaded in HTML) that contain version information output by WordPress.

Protection of important files

Disables and protects access to htaccess and wp-config.php file.

Protect server information

Prevents access to readme.html, license.txt, and wp-config-sample.php, which may contain version and server-specific information. It also suppresses the server signature which outputs server information.

Disables the display of Index list

Fixes the problem that the file list of a folder is displayed when accessing a directory to a directory.

Protect from WPSCAN

WPSCAN is a tool used by many hackers to investigate WordPress vulnerabilities before they start hacking your site.

Protect Brute force attack to XMLRPC and wp-login

IP addresses that have accessed XMLRPC or wp-login more than 50 times in 10 minutes will be disabled for 3 hours. This feature can be used in conjunction with JETPACK to detect only excessive access. Also, if your site is under brute force attack, this feature can reduce the hackers access on your site and speed your site up.


Automatically checks if the file permissions are appropriate and shows the permissions that need to be improved.

Prohibit editing of themes and plugins

Stops the ability to edit themes and plugins from the admin page.

Author Protection

Prevents WordPress from outputting user information when accessed by special queries such as /?author=1

Ban Pingback

Pingback, a notification function of WordPress, can be used for high-load attacks by a large number of accesses, or it can be used as a vulnerability to leak user names and other information.

Disable REST API

The REST API is a convenient mechanism included WordPress 4.7 and above versions that allows you to post from the outside, retrieve information, and add changes to posts. However, some versions have major vulnerabilities, and there is a possibility that unauthorized use of this feature will be discovered in the future.
The REST API feature is also being used in well-known plugins such as Jetpack and ContactForm7. Hence, we will stop all functionality except for the use of the REST API in Jetpack and ContactForm7.
If you have other plugins that use the REST API, enabling this feature may cause some malfunction on your site.

Disallow Trace & Track

Suppresses attacks such as HTTP Trace Attack (XST) and Cross Site Scripting (XSS) that use the Trace & Track feature of the server (a special way of handling requests sent to the server).

Prohibit direct access to Include files, prohibit PHP access to Upload folder, and prohibit sending dangerous queries.

Prohibits direct access to files that are loaded by other programs (direct access to Include files is prohibited). Prohibit execution of PHP programs in the Upload folder (Prohibit PHP access to the Upload folder). Prevent SQL injection and malware code from being sent in GET requests (ban dangerous queries).

Prohibit comment posting via proxy

Prohibits the posting of comments via proxies based on the specific header information sent by the user using the proxy.

Comment form capture

Adds a captcha to the comment form to discourage people from submitting comments mechanically. This may not be displayed in some themes that display custom comment forms.

Prohibit spambots from posting comments

A spambot is a program that posts comments mechanically and has no referrer. By prohibiting viewers without referrers from posting comments, comment posting by spambots will be suppressed.

Block arbitrary IPs

You can restrict access from any computer by IP. It also automatically restricts access to the IPs of hackers detected by WordPress Doctor to prevent unauthorized access.

Detect and block hackers' dangerous activities

When hackers target vulnerabilities on your site, they check to see if the vulnerable files exist on your site by actually accessing them. You can detect such access and block the IP of the hacker.

Site emergency access stop (ban) function

Blocks all external access except the current login IP. This feature can be useful in case your site is repeatedly tampered with, to stop all external accesses, to deter the activity of malware of the type that is automatically tampered with, and to re-publish the site after removing the tampering.

WordPress malware removal, deletion, and decontamination

In addition to the malware detection function, detected malware/viruses can be removed and decontaminated from the WordPress administration screen.
This function not only removes malware, but also includes a file editing function when removing malware of the type that parasitizes regular WordPress files from the control panel with pinpoint ease.

When removing malware, please be sure to check the 'Notes on removing malware' displayed on the plugin screen.

Vulnerability Check

This simple vulnerability test checks for the most dangerous vulnerabilities (CVSS 7.5 points~).

CVSS is an open, comprehensive, and general-purpose assessment method for information system vulnerabilities. 7.5 points or more is a vulnerability that allows extremely dangerous activities on the site, such as database rewriting or file falsification without authentication.
These vulnerabilities can be the gateway to repeated site tampering. The vulnerabilities are listed in an easy-to-understand list so that you can take countermeasures such as removing or updating plug-ins.

Vulnerabilities are detected based on the database of NIST, an international organization.

Blocks hackers' activities before malware (virus) infection or tampering

Hackers exploit PHP functions by using backdoors and vulnerabilities to remotely send malicious malware php codes.

This function allows you to monitor and prevent such activities in advance, before hackers send malware to your site to tamper with it. With this feature, you can detect and block the tampering just before it takes place.

The blocked hacking activity will be recorded along with the IP of the hacker, so by prohibiting access to sites with this IP, it is possible to completely block the hacking activities of hackers using specific IP address.

This feature is available with a paid subscription to the latest malware detection patterns.

Detect malware via API

Our AI technology has developed highly reliable and robust PHP malware detection patterns by analyzing an extensive dataset comprising over 500,000 files of known malware code.

Visit PHP Malware detection API site

Need online scanner? Try

Requirements for using the plugin

Wordpress version: 4.5 or higher (4.3 or higher recommended)
PHP version: Verified to work with version 5.6 or higher

Update History

Version 2.6 Update Date 2024-06-26
Improved malware detection rate
Added password-resistance testing
Bug Fixes

Version 2.5 Update Date 2024-01-25
Added a function to return a 404 status and noindex the WordPress internal search results if they do not exist.
Some UI improvements
Bug Fixes

Version 2.4 Update Date 2023-08-09
Added protection for HTACCESS and Index.php
Added the ability to detect and repair tampering that causes administration screen access malfunctions just by enabling the plugin
Bug Fixes

Version 2.3 Update Date 2022-10-29
Added the ability to perform automatic malware removal in batches.
Addition of function to block wlwmanifest.xml
Bug Fixes

Version 2.2.1 Update Date 2022-04-15
Addition of an automatic disinfection function that replaces infected files with the same version of the file distributed from the official WordPress website.
Bug Fixes

Version 2.1.9 Update Date 2022-04-07
Fixed a bug that prevented malware detection patterns from being acquired in some server environments.

Version 2.1.8 Update Date 2021-12-15
Fixed the problem that some security settings cannot be written when HTACCESS is originally blank.
Added an emergency stop function for the site.
Bug Fixes

Version 2.1.5 Update Date 2021-09-04
Improvement of the detection accuracy of the real-time block and IP block functions.
Bug Fixes

Version 2.1.1 Update Date 2021-04-30
Improvement of the detection accuracy of the real-time block and IP block functions.
Improved speed
Bug Fixes

Version 2.1 Update Date 2021-03-11
Improvement of the detection accuracy of the IP block function
Strengthen and stabilize the real-time block function.
Bug Fixes

Version Update Date 2020-12-31
Resolved the problem of site health error in WordPress 5.2 and above.
Improve accuracy of 2.0.1.X hacking access detection.
Bug Fixes

Version 2.0.1 Update Date 2020-11-25
Added a function to detect hackers' hacking access and block their IP.
Bug Fixes

Version Update Date 2020-10-14
Fixed bug fix for insufficient retention of some database data.

Version 1.9.4 Update Date 2020-09-30
Fixed a bug that caused some files to be detected incorrectly by another malware scanning plug-in.
Added the ability to block malicious queries sent by hackers (40 patterns).
Bug Fixes

Version 1.9.3  Update Date 2020-08-05
Fixed an issue where some malware was left without being scanned in detail.
Fixed a problem where the UI disappears when mixed with some themes.

Version 1.9.2  Update Date 2020-06-09
Fixed a bug related to the processing of the malware database.
Fixed a runtime bug in PHP 5.4 environment.
Fixed a bug in the processing of the malware database.

Version 1.9.1  Update Date 2020-04-30
Fixed a bug in the processing of the malware database.
Improved the algorithm of database malware scan.
Bug Fixes

Version 1.9.0  Update Date 2020-04-08
Improved database malware scan algorithm - Database malware scan is now available
Bug Fixes

Version 1.8.6  Update Date 2020-02-19
Improved the algorithm of database malware scan.
Bug Fixes

Version 1.8.5  Update Date 2019-11-21
Increased scanning speed
Display of vulnerability update history, etc.
Bug Fixes

Version 1.8.1-1.8.2
Some translations have been corrected.
Fixed a problem where some malware patterns could not be detected correctly.
Fixed a problem that malware patterns could not be detected correctly.
Fixed the problem that some plug-ins cannot be retrieved by vulnerability check.
Bug Fixes

Version 1.8  
Added vulnerability checking function (free of charge)
Changed the algorithm for detecting malware that randomly generates code each time it infects.
Bug Fixes

Version 1.7.5  Update Date 2019-04-16
Improved operability when disinfecting malware, some UI changes.
Bug Fixes

Version 1.7.0  Update Date 2019-03-07
Addition of a function that enables malware removal, editing, and deletion from the administration screen.
Addition of functions to improve security (3 points)
Reduction of data weight and improvement of efficiency
Other minor changes in display methods, etc.

Version 1.6.4  Update Date 2019-01-31
Addition of real-time block mode
Bug Fixes

Version 1.6.0  Update Date 2019-01-16
Addition of easy security setting
Real-time blocking mode added ・Simple security settings added ・About 40% faster and lower load
Bug Fixes

Version 1.5.5  Update Date 2018-11-10
Addition of IP block function
Bug Fixes

Version 1.5.0  Update Date 2018-10-16
Added author protection function.
Added login log and IP block log functions.
Increased speed.

Version 1.4.5  Update Date 2018-08-17
Added the function of displaying a capture for password reset.
Patch security holes.
Bug Fixes

Version 1.4.1 Update Date 2018-07-25
Added XMLRPC brute-force protection function.
Bug Fixes

Version 1.4 Update Date 2018-07-22
Added security improvement features.
Improved efficiency of the program to reduce scanning load by about 40%.
Fixed a bug related to exclusion files in single-point scans.

Version 1.3 Update Date 2018-07-11
Support for PHP 7.1 and above.
Improved program efficiency to reduce load by 10% to 20%.
Bug Fixes
-Fixed a bug that caused real-time scanning to stop depending on the server.
-Other minor bug fixes and program efficiency improvements

Version 1.2 Update Date 2018-05-29
Multilingual support (English)
Bug Fixes

Version 1.1 Update Date 2018-05-22
Release version

Inquiries about the plugin

Please feel free to send us your opinions, feedback, and questions.

Disclaimer: We do not guarantee the accuracy of the result of WordPress Doctor: Malware Scan Plugin. In addition, we are not responsible for any damage to users, other indirect servers, any items, or data by using this tool. In order to scan the malware found by us after installation, you need to subscribe the malware definition. Please use WordPress Doctor: Malware Scan Plugin with kind understanding and acknowledgement that it acquires a part of inspection data for the purpose of accuracy improvement.
Prohibited matters (licensing): Many of the functions of this plug-in can be used free of charge. But using this plug-in to get compensation from customers (Providing other companies with paid malware scanning and removal services) is prohibited. If you violate this clause, you agree to charge 400 $ per site. If you are interested in doing business like this, please contact us and conclude a licensing agreement.