Fixes scan-result severity ordering and reduces JavaScript false positives. No database migration needed \u2014 simply update.<\/p>","1.0.3":"
Adds a database scanner that checks options, posts, comments, and post meta for injected malware. Requires WordPress 6.2 or higher. No manual migration needed.<\/p>","1.0.2":"
Adds daily scheduled scans, email notifications, safe quarantine with backup, uploads hardening, and an active-plugin guard. Database columns are added automatically on first load \u2014 no manual migration needed.<\/p>","1.0.1":"
Adds malware auto-purge, login protection, and real-time alerts. No database migration required \u2014 simply update and activate.<\/p>","1.0.0":"
Initial release \u2014 no upgrade steps required.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.jpg":{"filename":"icon-128x128.jpg","revision":3529934,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3529934,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3529934,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3529934,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.1","1.0.2","1.0.3","1.0.4"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3529934,"resolution":"1","location":"assets","locale":"","width":2240,"height":1148},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3529934,"resolution":"2","location":"assets","locale":"","width":2240,"height":1316},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3529934,"resolution":"3","location":"assets","locale":"","width":2242,"height":1322},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3529934,"resolution":"4","location":"assets","locale":"","width":2238,"height":1288}},"screenshots":{"1":"Dashboard<\/strong> \u2014 At-a-glance security overview showing a threat alert notice, scan statistics (total scans run, threats found, files scanned, time since last scan), and quick-access buttons to run a new scan or open Settings.","2":"Malware Scanner<\/strong> \u2014 One-click scan launcher with a live progress indicator, followed by the Last Scan Results section displaying a threat detection notice and the full results table.","3":"Scan Results<\/strong> \u2014 Detailed results table listing each flagged file with its full path, threat type (e.g. Deep Malware Cleaner<\/strong> is a lightweight deep malware scanner built for WordPress. It performs a thorough deep cleanup scan of your Whether you're dealing with a live attack, a hidden backdoor, or a redirect hack silently sending visitors to malicious sites, Deep Malware Cleaner gives you the tools to scan, alert, and act \u2014 fast.<\/p>\n\n Deep Cleanup Scan<\/strong>\nWalks your entire Pre-Install Upload Guard<\/strong>\nScans plugins, themes, and risky media uploads ( Database Scanner<\/strong>\nInspects the most-targeted database tables \u2014 options, posts, comments, and post meta \u2014 for injected scripts, hidden iframes, and encoded payloads, using keyset pagination and a time budget so it stays safe on a live site.<\/p>\n\n Backdoor Fixer<\/strong>\nDetects PHP backdoors uploaded through vulnerable plugins or themes \u2014 including webshells, remote-execution scripts, and hidden PHP files inside the uploads folder where no PHP should ever exist.<\/p>\n\n Site Script Cleaner<\/strong>\nIdentifies injected JavaScript and malicious Redirect Hack Fix<\/strong>\nFlags the PHP patterns most commonly responsible for redirect hacks \u2014 including Malware Auto-Purge<\/strong>\nRemove confirmed threats directly from the scan results screen without touching FTP or cPanel. Quarantine or delete flagged files in one click.<\/p>\n\n Login Protection<\/strong>\nHardens your WordPress login against brute-force attacks and unauthorized access attempts \u2014 an essential layer of website protection alongside active scanning.<\/p>\n\n Instant Alerts<\/strong>\nGet notified the moment a scan finds a threat. Real-time alerts keep you informed so you can respond before an attack escalates.<\/p>\n\n This plugin makes zero<\/strong> external HTTP requests. No data is sent to any third-party server. Scan results are stored only in your own WordPress database and are removed when you uninstall the plugin (if that option is enabled in Settings).<\/p>\n\n\n No. The scanner runs only when you click Start Scan in the admin. It does not hook into page loads or run any background cron jobs. Visitor-facing performance is completely unaffected.<\/p><\/dd>\n The scanner reads PHP-family files ( Legitimate image, video, and document uploads are never Yes \u2014 the malware auto-purge feature lets you delete or quarantine flagged files directly from the scan results screen. Always review the file path and threat type before purging.<\/p><\/dd>\n No. The plugin makes zero external HTTP requests. All scan results and alert history live only in your WordPress database.<\/p><\/dd>\n Login protection limits repeated failed login attempts and helps prevent brute-force attacks against your Go to Malware Cleaner \u2192 Scan Results<\/strong> and click the file path to view the matched pattern. The troubleshoot view shows the exact line and rule that triggered the alert, so you can decide whether it is a false positive or a real threat.<\/p><\/dd>\n Go to Malware Cleaner \u2192 Settings<\/strong>, enable Remove all data on uninstall<\/strong>, then deactivate and delete the plugin. All database tables, scan history, and plugin options will be removed automatically.<\/p><\/dd>\n To stay safe on resource-constrained servers, the file scan runs under a 20-second time budget and the database scan under its own 10-second budget. On a very large eval_base64<\/code>), and severity badge (HIGH \/ MEDIUM) so you know exactly what was found and where.","4":"Settings<\/strong> \u2014 Configure email alert notifications, set the alert recipient address, and manage scan data retention with the Remove Data on Uninstall option."}},"plugin_section":[],"plugin_tags":[8646,1184,55021,6464,600],"plugin_category":[54],"plugin_contributors":[239335,242184],"plugin_business_model":[],"class_list":["post-305633","plugin","type-plugin","status-publish","hentry","plugin_tags-backdoor","plugin_tags-malware","plugin_tags-malware-scanner","plugin_tags-scanner","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-habibnote","plugin_contributors-themepaste","plugin_committers-themepaste"],"banners":{"banner":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/banner-772x250.png?rev=3529934","banner_2x":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/banner-1544x500.png?rev=3529934","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/icon-128x128.jpg?rev=3529934","icon_2x":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/icon-256x256.png?rev=3529934","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/screenshot-1.png?rev=3529934","caption":"Dashboard<\/strong> \u2014 At-a-glance security overview showing a threat alert notice, scan statistics (total scans run, threats found, files scanned, time since last scan), and quick-access buttons to run a new scan or open Settings."},{"src":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/screenshot-2.png?rev=3529934","caption":"Malware Scanner<\/strong> \u2014 One-click scan launcher with a live progress indicator, followed by the Last Scan Results section displaying a threat detection notice and the full results table."},{"src":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/screenshot-3.png?rev=3529934","caption":"Scan Results<\/strong> \u2014 Detailed results table listing each flagged file with its full path, threat type (e.g. eval_base64<\/code>), and severity badge (HIGH \/ MEDIUM) so you know exactly what was found and where."},{"src":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/screenshot-4.png?rev=3529934","caption":"Settings<\/strong> \u2014 Configure email alert notifications, set the alert recipient address, and manage scan data retention with the Remove Data on Uninstall option."}],"raw_content":"\nwp-content<\/code> directory, detects backdoors, cleans injected site scripts, fixes redirect hacks, and triggers malware auto-purge \u2014 all from your WordPress admin dashboard with no external service, no subscription, and no data ever leaving your server.<\/p>\n\nCore Capabilities<\/h4>\n\n
wp-content<\/code> directory, inspecting PHP files plus the client-side formats most often used to deliver malware \u2014 JavaScript, HTML, SVG, and .htaccess<\/code> \u2014 for known signatures, obfuscated code, and injected payloads. Results are sorted by severity so the worst threats surface first.<\/p>\n\n.php<\/code>, .svg<\/code>, .html<\/code>, .js<\/code>, .htaccess<\/code>) in their temporary directory before<\/em> WordPress moves them into place. If malware is detected the install or upload is aborted and an error is shown \u2014 stopping a compromised package before it ever touches your site. Can be toggled in Settings.<\/p>\n\n<script><\/code> tags, hidden iframes, and obfuscated code blocks embedded in your theme or plugin files.<\/p>\n\nheader()<\/code> injection, variable-based shell execution, and compressed payload backdoors used to silently redirect visitors to attack sites.<\/p>\n\nWhat the Scanner Detects<\/h4>\n\n
\n
shell_exec<\/code>, passthru<\/code>, proc_open<\/code>, popen<\/code>, and system<\/code> called with a variable, a classic attack pattern for remote code execution.<\/li>\n<iframe><\/code> elements injected with display:none<\/code> used to load malicious content invisibly.<\/li>\neval(atob(...))<\/code> payload pairs and javascript-obfuscator<\/code> (_0x<\/code> hex identifier) fingerprints in JS, HTML, and SVG files.<\/li>\n.php<\/code> file in wp-content\/uploads\/<\/code> is flagged High severity; legitimate uploads are never PHP files.<\/li>\n<\/ul>\n\nKey Features<\/h4>\n\n
\n
Who Is This For?<\/h4>\n\n
\n
Privacy<\/h4>\n\n
Automatic Installation<\/h4>\n\n
\n
Manual Installation<\/h4>\n\n
\n
After Activation<\/h4>\n\n
\n
\n
Will this plugin slow down my site for visitors?<\/h3><\/dt>\n
Which files does the deep cleanup scan inspect?<\/h3><\/dt>\n
.php<\/code>, .php3<\/code>, .php4<\/code>, .php5<\/code>, .php7<\/code>, .phtml<\/code>, .phar<\/code>) plus the client-side formats most often used to deliver malware \u2014 JavaScript (.js<\/code>, .mjs<\/code>), HTML (.html<\/code>, .htm<\/code>), .svg<\/code>, and .htaccess<\/code> \u2014 inside your wp-content<\/code> directory. To stay fast on shared hosting, it reads only the first 64 KB of each file (malware is injected at the top) and runs under a 20-second time budget per run.<\/p><\/dd>\nWhat does \"PHP file in uploads\" mean?<\/h3><\/dt>\n
.php<\/code> files. If the scanner finds any PHP file inside wp-content\/uploads\/<\/code>, it is almost certainly a backdoor uploaded through a vulnerable plugin or theme \u2014 a High severity threat that should be removed immediately.<\/p><\/dd>\nCan it fix or delete infected files?<\/h3><\/dt>\n
Is any data sent outside my site?<\/h3><\/dt>\n
How does login protection work?<\/h3><\/dt>\n
wp-login.php<\/code> endpoint \u2014 a key layer of website security that works alongside the malware scanner.<\/p><\/dd>\nHow do I troubleshoot a scan that flagged an unexpected file?<\/h3><\/dt>\n
How do I remove all plugin data when I uninstall?<\/h3><\/dt>\n
The scan finished but I expected more files to be checked. Why?<\/h3><\/dt>\n
wp-content<\/code> directory the file scan stops when the budget is reached, so a single run may not reach every file. Run the scan again to continue checking, and remediate the highest-severity findings first.<\/p><\/dd>\n\n<\/dl>\n\n\n1.0.4<\/h4>\n\n
\n
1.0.3<\/h4>\n\n
\n
1.0.2<\/h4>\n\n
\n
1.0.1<\/h4>\n\n
\n
1.0.0<\/h4>\n\n
\n