Cleverhog Malware Scanner
| 开发者 | cleverhog |
|---|---|
| 更新时间 | 2026年5月29日 19:32 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
Cleverhog Malware Scanner helps you investigate a suspicious or compromised WordPress site from the admin dashboard. It is free and may be used on unlimited websites with no license keys or per-site fees.
This plugin detects and reports potential security issues. It does not automatically remove malware or guarantee that a site is clean. Always back up your site before changing or deleting files.
What it scans
- Files — Pattern-based scan of themes, plugins, uploads, wp-content, or the full site (with code snippets, file size, and last-modified date)
- Backdoors — Must-use plugins, drop-ins, wp-config, cron jobs, and suspicious hooks
- .htaccess — Discovers
.htaccessfiles site-wide and lists suspicious redirects, PHP handlers in uploads, auto_prepend, cloaking rules, and more - Authentication — XML-RPC, user enumeration, weak salts, file editor, and SSL-related checks
- Database — Suspicious autoloaded options and injected post content
- Administrators — All admin users with registration dates and risk flags
- Updates — Outdated plugins, themes, and core (medium for major/minor updates, low for patch-only updates)
- Plugin integrity — WordPress.org plugins compared to official checksums (one summary per plugin)
- Live threat counter during scans
- Results sorted by severity (critical, high, medium, low)
- Last scan results restored when you reopen the dashboard
- Admin menu badge showing critical issue count
- Excludes this plugin’s own files from file scans to reduce false positives
安装:
- Install through Plugins → Add New after this plugin is on WordPress.org, or upload the
cleverhog-malware-scannerfolder to/wp-content/plugins/ - Activate Cleverhog Malware Scanner
- Open Cleverhog Malware Scanner in the admin menu
- Choose scan types and click Start Security Scan
屏幕截图:
常见问题:
Does this remove malware automatically?
No. It shows what was found with file paths, snippets, and severity so you can investigate. Restore from backup or use professional help for active breaches.
Can it give false positives?
Yes. Legitimate plugins may use patterns that look suspicious (for example base64_decode). Review every critical finding before deleting files.
Does it scan its own plugin files?
No. The scanner excludes its own directory from file scans.
Will large sites timeout?
File scans run in batches via AJAX to reduce PHP timeout issues.
Which plugins can be checksum-verified?
Only plugins hosted on WordPress.org with published checksums for the installed version. Premium or custom plugins are listed as unverified; use the file malware scan on those.
更新日志:
1.6.9
- Fix admin JavaScript: file preview (View file) and permission-hardening actions work reliably again
- Quarantined file preview sends quarantine ID for correct path resolution
- Update findings: major/minor bumps are medium severity; patch-only updates are low
- Harden permissions action for world-writable file findings (e.g. core bootstrap files)
- Mobile-friendly stacked layout for the administrator accounts table
- Do not offer delete on inactive parent themes when a child theme is active
- PHPCS/WPCS: prefix dashboard template globals for Plugin Check compliance
- WordPress.org review: all wp-admin includes centralized in Admin_Dependencies with immediate function use
- Path resolution centralized in Wp_Paths (uploads, plugins via WPMG_PLUGIN_FILE, WP_LANG_DIR, core files)
- Checksum API failures cached with a distinct marker (not an empty array)
- Checksum fetch failures use a distinct transient marker so plugins are not marked verified after a failed lookup
- Language pack paths use WP_LANG_DIR only (no WP_CONTENT_DIR/languages fallback)
- Quarantine and plugin-owned files use wp_upload_dir() under uploads/cleverhog-malware-scanner (no hard-coded WP_CONTENT_DIR/uploads paths)
- Plugin and content paths resolved via WPMG_PLUGIN_FILE and Wp_Paths helpers instead of WP_PLUGIN_DIR / WP_CONTENT_DIR in scanner code
- All wp-admin includes go through Admin_Dependencies only (including uninstall and is_plugin_active)
- WordPress.org review: centralize wp-admin includes via Admin_Dependencies (load + immediate use)
- WordPress.org review: distinctive name Cleverhog Malware Scanner, slug
cleverhog-malware-scanner - Quarantine files stored under uploads (not wp-content root)
- Admin menu CSS enqueued with wp_add_inline_style (no raw <style> in admin_head)
- Full slug rename:
cleverhog-malware-doctorfolder, main file, text domain, and admin menu page slug
- Display name updated to Cleverhog Malware Doctor
- WordPress.org slug changed to
cleverhog-malware-plugin(trademark)
- Rebranded to Cleverhog Malware Scanner (display name and documentation)
- WordPress.org readiness: textdomain loading, uninstall cleanup, server limits UI layout fix
- Server limits panel uses stacked rows (fixes overlapping table text in the admin sidebar)
- Legacy bootstrap files (wp-mal-guard.php, wp-malware-doctor.php) updated for correct plugin paths and scan exclusion
- Plugin Check: remove .DS_Store, fix screenshot filenames, WP_Filesystem for quarantine, Tested up to 7.0
- Server limits panel: shows current vs recommended PHP memory and execution time
- Scan failures show an in-page error panel with tips and one-click smaller scan presets (uploads, plugins, themes, etc.)
- Fix 504 gateway timeouts: start scan returns in seconds; heavy work runs across many short AJAX batches
- Incremental file-list building, plugin verification (2 per batch), and split backdoor/htaccess scans
- Fix scan 500 errors on large sites: file queue stored separately, higher PHP limits, capped plugin checksum depth
- Scan failures now return a clearer error message in the admin alert
- Fewer false positives: theme cache PHP in uploads, payment webhooks using php://input, protective uploads .htaccess
- Weak salt check only inspects AUTH_KEY-style defines (not the word "WordPress" in comments)
- World-writable core check uses file permissions instead of is_writable()
- Third-party/premium plugins reported as low-severity informational findings
- Auth and config findings no longer show unrelated file paths or action buttons
- Update outdated plugins and themes directly from scan results via AJAX
- Delete inactive plugins and themes directly from scan results (updates and integrity findings)
- Delete is only offered for high-confidence threats (e.g. PHP in uploads, suspicious drop-zone filenames)
- Quarantined files panel on the dashboard with restore, view, and permanent delete
- View, quarantine, delete, and restore actions on file findings from the scan results
- File preview modal with safe path validation and quarantine storage under uploads/cleverhog-malware-scanner/wpmg-quarantine/
- Context-aware malware scanning (reduces false positives in translations, themes, and core)
- Smarter signatures: eval on request, webshell names, remote includes, chmod 777, and more
- Skip WordPress core/language files; suppress noise for outdated plugins and themes
- Improved .htaccess scan; fewer backdoor/REST/cron false positives
- WordPress.org Plugin Check compliance (naming, i18n, privacy, nonce helpers)
- Group plugin integrity mismatches into one result per plugin
- Update severity: high for major/minor updates, medium for patch-only
- Sort results by severity; persist last scan; admin menu critical badge
- Plugin integrity checksum scanner; live threat counts; dashboard UI refresh
- Initial release (as Malware Doctor)