{"id":305633,"date":"2026-05-12T13:22:33","date_gmt":"2026-05-12T13:22:33","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/deep-malware-cleaner\/"},"modified":"2026-05-12T13:22:17","modified_gmt":"2026-05-12T13:22:17","slug":"deep-malware-cleaner","status":"publish","type":"plugin","link":"https:\/\/ku.wordpress.org\/plugins\/deep-malware-cleaner\/","author":18813691,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.1","stable_tag":"1.0.1","tested":"6.9.4","requires":"5.6","requires_php":"7.4","requires_plugins":null,"header_name":"Deep Malware Cleaner","header_author":"Themepaste","header_description":"Scan your WordPress site for malware, suspicious files, and security threats.","assets_banners_color":"3e6c85","last_updated":"2026-05-12 13:22:17","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/ultralysis\/deep-malware-cleaner","header_author_uri":"https:\/\/themepaste.com\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":32,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.1":{"tag":"1.0.1","author":"themepaste","date":"2026-05-12 13:22:17"}},"upgrade_notice":{"1.0.1":"<p>Adds malware auto-purge, login protection, and real-time alerts. No database migration required \u2014 simply update and activate.<\/p>","1.0.0":"<p>Initial release \u2014 no upgrade steps required.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.jpg":{"filename":"icon-128x128.jpg","revision":3529934,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3529934,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3529934,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3529934,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.1"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3529934,"resolution":"1","location":"assets","locale":"","width":2240,"height":1148},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3529934,"resolution":"2","location":"assets","locale":"","width":2240,"height":1316},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3529934,"resolution":"3","location":"assets","locale":"","width":2242,"height":1322},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3529934,"resolution":"4","location":"assets","locale":"","width":2238,"height":1288}},"screenshots":{"1":"<strong>Dashboard<\/strong> \u2014 At-a-glance security overview showing a threat alert notice, scan statistics (total scans run, threats found, files scanned, time since last scan), and quick-access buttons to run a new scan or open Settings.","2":"<strong>Malware Scanner<\/strong> \u2014 One-click scan launcher with a live progress indicator, followed by the Last Scan Results section displaying a threat detection notice and the full results table.","3":"<strong>Scan Results<\/strong> \u2014 Detailed results table listing each flagged file with its full path, threat type (e.g. <code>eval_base64<\/code>), and severity badge (HIGH \/ MEDIUM) so you know exactly what was found and where.","4":"<strong>Settings<\/strong> \u2014 Configure email alert notifications, set the alert recipient address, and manage scan data retention with the Remove Data on Uninstall option."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1217,15756,1184,6464,600],"plugin_category":[54],"plugin_contributors":[239335,242184],"plugin_business_model":[],"class_list":["post-305633","plugin","type-plugin","status-publish","hentry","plugin_tags-attack","plugin_tags-login-protection","plugin_tags-malware","plugin_tags-scanner","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-habibnote","plugin_contributors-themepaste","plugin_committers-themepaste"],"banners":{"banner":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/banner-772x250.png?rev=3529934","banner_2x":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/banner-1544x500.png?rev=3529934","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/icon-128x128.jpg?rev=3529934","icon_2x":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/icon-256x256.png?rev=3529934","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/screenshot-1.png?rev=3529934","caption":"<strong>Dashboard<\/strong> \u2014 At-a-glance security overview showing a threat alert notice, scan statistics (total scans run, threats found, files scanned, time since last scan), and quick-access buttons to run a new scan or open Settings."},{"src":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/screenshot-2.png?rev=3529934","caption":"<strong>Malware Scanner<\/strong> \u2014 One-click scan launcher with a live progress indicator, followed by the Last Scan Results section displaying a threat detection notice and the full results table."},{"src":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/screenshot-3.png?rev=3529934","caption":"<strong>Scan Results<\/strong> \u2014 Detailed results table listing each flagged file with its full path, threat type (e.g. <code>eval_base64<\/code>), and severity badge (HIGH \/ MEDIUM) so you know exactly what was found and where."},{"src":"https:\/\/ps.w.org\/deep-malware-cleaner\/assets\/screenshot-4.png?rev=3529934","caption":"<strong>Settings<\/strong> \u2014 Configure email alert notifications, set the alert recipient address, and manage scan data retention with the Remove Data on Uninstall option."}],"raw_content":"<!--section=description-->\n<p><strong>Deep Malware Cleaner<\/strong> is a lightweight deep malware scanner built for WordPress. It performs a thorough deep cleanup scan of your <code>wp-content<\/code> directory, detects backdoors, cleans injected site scripts, fixes redirect hacks, and triggers malware auto-purge \u2014 all from your WordPress admin dashboard with no external service, no subscription, and no data ever leaving your server.<\/p>\n\n<p>Whether you're dealing with a live attack, a hidden backdoor, or a redirect hack silently sending visitors to malicious sites, Deep Malware Cleaner gives you the tools to scan, alert, and act \u2014 fast.<\/p>\n\n<h4>Core Capabilities<\/h4>\n\n<p><strong>Deep Cleanup Scan<\/strong>\nWalks your entire <code>wp-content<\/code> directory, inspecting every PHP file for known malware signatures, obfuscated code, and injected payloads. Results are sorted by severity so the worst threats surface first.<\/p>\n\n<p><strong>Backdoor Fixer<\/strong>\nDetects PHP backdoors uploaded through vulnerable plugins or themes \u2014 including webshells, remote-execution scripts, and hidden PHP files inside the uploads folder where no PHP should ever exist.<\/p>\n\n<p><strong>Site Script Cleaner<\/strong>\nIdentifies injected JavaScript and malicious <code>&lt;script&gt;<\/code> tags, hidden iframes, and obfuscated code blocks embedded in your theme or plugin files.<\/p>\n\n<p><strong>Redirect Hack Fix<\/strong>\nFlags the PHP patterns most commonly responsible for redirect hacks \u2014 including <code>header()<\/code> injection, variable-based shell execution, and compressed payload backdoors used to silently redirect visitors to attack sites.<\/p>\n\n<p><strong>Malware Auto-Purge<\/strong>\nRemove confirmed threats directly from the scan results screen without touching FTP or cPanel. Quarantine or delete flagged files in one click.<\/p>\n\n<p><strong>Login Protection<\/strong>\nHardens your WordPress login against brute-force attacks and unauthorized access attempts \u2014 an essential layer of website protection alongside active scanning.<\/p>\n\n<p><strong>Instant Alerts<\/strong>\nGet notified the moment a scan finds a threat. Real-time alerts keep you informed so you can respond before an attack escalates.<\/p>\n\n<h4>What the Scanner Detects<\/h4>\n\n<ul>\n<li><strong>eval(base64_decode(...))<\/strong> \u2014 the most widespread PHP malware obfuscation and attack vector.<\/li>\n<li><strong>eval(gzinflate(...))<\/strong> \/ <strong>eval(gzuncompress(...))<\/strong> \u2014 compressed-payload backdoors.<\/li>\n<li><strong>eval(str_rot13(...))<\/strong> \u2014 rotation-cipher obfuscated malware.<\/li>\n<li><strong>Shell execution with dynamic arguments<\/strong> \u2014 <code>shell_exec<\/code>, <code>passthru<\/code>, <code>proc_open<\/code>, <code>popen<\/code>, and <code>system<\/code> called with a variable, a classic attack pattern for remote code execution.<\/li>\n<li><strong>Hidden iframes<\/strong> \u2014 <code>&lt;iframe&gt;<\/code> elements injected with <code>display:none<\/code> used to load malicious content invisibly.<\/li>\n<li><strong>Long base64 strings<\/strong> \u2014 unusually large base64 blobs embedded in PHP, a common technique for hiding large attack payloads.<\/li>\n<li><strong>PHP files inside the uploads directory<\/strong> \u2014 any <code>.php<\/code> file in <code>wp-content\/uploads\/<\/code> is flagged High severity; legitimate uploads are never PHP files.<\/li>\n<\/ul>\n\n<h4>Key Features<\/h4>\n\n<ul>\n<li><strong>Lightweight deep malware scanner<\/strong> \u2014 scans up to 500 files per run in under 25 seconds, safe on shared hosting.<\/li>\n<li><strong>On-demand scan<\/strong> \u2014 runs only when you click Start Scan, never in the background.<\/li>\n<li><strong>Deep Cleaner dashboard<\/strong> \u2014 at-a-glance stats: threats found, files scanned, time since last scan.<\/li>\n<li><strong>Website Security &amp; Website Protection<\/strong> \u2014 comprehensive coverage against the most common WordPress attack types.<\/li>\n<li><strong>Troubleshoot mode<\/strong> \u2014 detailed per-file reporting to help you understand exactly what was found and why it was flagged.<\/li>\n<li><strong>Secure login<\/strong> hardening included.<\/li>\n<li><strong>All scan history<\/strong> stored in your own database \u2014 nothing leaves your server.<\/li>\n<li><strong>No account, no API key, no external requests.<\/strong><\/li>\n<li><strong>Translatable<\/strong> \u2014 full <code>.pot<\/code> file included.<\/li>\n<\/ul>\n\n<h4>Who Is This For?<\/h4>\n\n<ul>\n<li>Site owners who received a \"this site may be hacked\" alert from Google.<\/li>\n<li>Developers who need to troubleshoot a suspected redirect hack or injected script.<\/li>\n<li>Agencies that manage multiple WordPress sites and need a fast, lightweight scanner with no SaaS dependency.<\/li>\n<li>Anyone who wants ongoing website security and website protection without a monthly fee.<\/li>\n<\/ul>\n\n<h4>Privacy<\/h4>\n\n<p>This plugin makes <strong>zero<\/strong> external HTTP requests. No data is sent to any third-party server. Scan results are stored only in your own WordPress database and are removed when you uninstall the plugin (if that option is enabled in Settings).<\/p>\n\n<!--section=installation-->\n<h4>Automatic Installation<\/h4>\n\n<ol>\n<li>In your WordPress admin, go to <strong>Plugins \u2192 Add New<\/strong>.<\/li>\n<li>Search for <strong>Deep Malware Cleaner<\/strong>.<\/li>\n<li>Click <strong>Install Now<\/strong>, then <strong>Activate<\/strong>.<\/li>\n<\/ol>\n\n<h4>Manual Installation<\/h4>\n\n<ol>\n<li>Download the plugin zip file.<\/li>\n<li>In your WordPress admin, go to <strong>Plugins \u2192 Add New \u2192 Upload Plugin<\/strong>.<\/li>\n<li>Choose the zip file and click <strong>Install Now<\/strong>, then <strong>Activate<\/strong>.<\/li>\n<\/ol>\n\n<h4>After Activation<\/h4>\n\n<ol>\n<li>Go to <strong>Malware Cleaner \u2192 Settings<\/strong> to configure login protection, alerts, and data-management options.<\/li>\n<li>Go to <strong>Malware Cleaner \u2192 Run Scan<\/strong> and click <strong>Start Scan<\/strong> to run your first deep cleanup scan.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"will%20this%20plugin%20slow%20down%20my%20site%20for%20visitors%3F\"><h3>Will this plugin slow down my site for visitors?<\/h3><\/dt>\n<dd><p>No. The scanner runs only when you click Start Scan in the admin. It does not hook into page loads or run any background cron jobs. Visitor-facing performance is completely unaffected.<\/p><\/dd>\n<dt id=\"which%20files%20does%20the%20deep%20cleanup%20scan%20inspect%3F\"><h3>Which files does the deep cleanup scan inspect?<\/h3><\/dt>\n<dd><p>The scanner reads PHP files with extensions <code>.php<\/code>, <code>.php3<\/code>, <code>.php4<\/code>, <code>.php5<\/code>, <code>.php7<\/code>, <code>.phtml<\/code>, and <code>.phar<\/code> inside your <code>wp-content<\/code> directory. It skips files larger than 512 KB and enforces a 25-second time budget and a 500-file cap per run to protect shared-hosting environments.<\/p><\/dd>\n<dt id=\"what%20does%20%22php%20file%20in%20uploads%22%20mean%3F\"><h3>What does \"PHP file in uploads\" mean?<\/h3><\/dt>\n<dd><p>Legitimate image, video, and document uploads are never <code>.php<\/code> files. If the scanner finds any PHP file inside <code>wp-content\/uploads\/<\/code>, it is almost certainly a backdoor uploaded through a vulnerable plugin or theme \u2014 a High severity threat that should be removed immediately.<\/p><\/dd>\n<dt id=\"can%20it%20fix%20or%20delete%20infected%20files%3F\"><h3>Can it fix or delete infected files?<\/h3><\/dt>\n<dd><p>Yes \u2014 the malware auto-purge feature lets you delete or quarantine flagged files directly from the scan results screen. Always review the file path and threat type before purging.<\/p><\/dd>\n<dt id=\"is%20any%20data%20sent%20outside%20my%20site%3F\"><h3>Is any data sent outside my site?<\/h3><\/dt>\n<dd><p>No. The plugin makes zero external HTTP requests. All scan results and alert history live only in your WordPress database.<\/p><\/dd>\n<dt id=\"how%20does%20login%20protection%20work%3F\"><h3>How does login protection work?<\/h3><\/dt>\n<dd><p>Login protection limits repeated failed login attempts and helps prevent brute-force attacks against your <code>wp-login.php<\/code> endpoint \u2014 a key layer of website security that works alongside the malware scanner.<\/p><\/dd>\n<dt id=\"how%20do%20i%20troubleshoot%20a%20scan%20that%20flagged%20an%20unexpected%20file%3F\"><h3>How do I troubleshoot a scan that flagged an unexpected file?<\/h3><\/dt>\n<dd><p>Go to <strong>Malware Cleaner \u2192 Scan Results<\/strong> and click the file path to view the matched pattern. The troubleshoot view shows the exact line and rule that triggered the alert, so you can decide whether it is a false positive or a real threat.<\/p><\/dd>\n<dt id=\"how%20do%20i%20remove%20all%20plugin%20data%20when%20i%20uninstall%3F\"><h3>How do I remove all plugin data when I uninstall?<\/h3><\/dt>\n<dd><p>Go to <strong>Malware Cleaner \u2192 Settings<\/strong>, enable <strong>Remove all data on uninstall<\/strong>, then deactivate and delete the plugin. All database tables, scan history, and plugin options will be removed automatically.<\/p><\/dd>\n<dt id=\"the%20scan%20finished%20but%20i%20expected%20more%20files%20to%20be%20checked.%20why%3F\"><h3>The scan finished but I expected more files to be checked. Why?<\/h3><\/dt>\n<dd><p>The scanner caps each run at 500 files and 25 seconds to be safe on resource-constrained servers. If your <code>wp-content<\/code> directory is very large, only the first 500 PHP files encountered will be inspected per run. Future versions will support paginated \/ batch scanning.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Added malware auto-purge (delete \/ quarantine flagged files from the results screen).<\/li>\n<li>Added login protection module.<\/li>\n<li>Added real-time threat alerts.<\/li>\n<li>Improved site script cleaner detection for injected JavaScript and hidden iframes.<\/li>\n<li>Enhanced redirect hack fix detection patterns.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<li>On-demand deep cleanup scan covering eight malware pattern types.<\/li>\n<li>Backdoor fixer, site script cleaner, and redirect hack fix detection.<\/li>\n<li>Admin dashboard with scan statistics.<\/li>\n<li>Settings page with data-management option.<\/li>\n<\/ul>","raw_excerpt":"Lightweight deep malware scanner for WordPress \u2014 deep cleanup scan, backdoor fixer, redirect hack fix, and malware auto-purge with login protection an &hellip;","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/305633","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=305633"}],"author":[{"embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/themepaste"}],"wp:attachment":[{"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=305633"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=305633"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=305633"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=305633"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=305633"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=305633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}