Content Guard Pro – Database Malware Scanner & Spam Detector

Your file scanner says "all clear" — but Google just flagged your site for spam. Attackers don't always hide in files. They inject spam links directly into your Gutenberg blocks, bury SEO poison in postmeta, and hide obfuscated scripts in custom fields. Traditional security plugins don't scan there. Content Guard Pro does. Content Guard Pro is a database-first malware scanner that finds hidden threats in your WordPress content — the blind spot in your current security stack. The Gap in Your WordPress Security Most security plugins scan files. That's essential — but it's only half the picture. Malware and spam increasingly bypass file scanners by injecting directly into your database:

• Post content — Hidden pharma links and casino spam inside nested Gutenberg blocks
• Custom fields (postmeta) — SEO spam and malicious redirects buried in metadata
• Widget areas — Injected scripts that survive every file scan
• Options table — Persistent backdoors and cloaked content

If you've ever cleaned a hacked site only to have Google flag it again weeks later, database-resident threats are likely the reason. Content Guard Pro finds them. How Content Guard Pro Protects Your Site Find what other security plugins miss. Content Guard Pro scans your posts, pages, custom post types, and metadata — the places where WordPress actually stores your content. Know exactly what to fix first. Every finding gets a confidence score from 0 to 100 and a severity level (Critical, Suspicious, or Review). No guesswork, no alert fatigue. Scan without slowing down your site. Background batch processing with auto-throttling means scans run smoothly even on shared hosting. Your visitors never notice. Keep false positives low. Accessibility-aware detection respects screen reader classes. Configurable allowlists let you whitelist trusted domains and patterns. Maintain a complete audit trail. Every scan, every finding, every action — tracked and timestamped for forensics and compliance. What the Malware Scanner Detects Content Guard Pro catches a wide range of database-resident threats:

• Hidden spam links — Cloaked content using display:none, visibility:hidden, opacity:0, font-size:0, and other CSS tricks
• Suspicious external resources — Unknown <iframe> and <script> tags loading remote content
• SEO spam injections — Pharma, casino, crypto, and gambling keyword stuffing
• URL shorteners and redirectors — bit.ly, t.co, cutt.ly, and other redirect services hiding malicious destinations
• Obfuscated JavaScript — eval(), fromCharCode(), Base64-encoded scripts, and data: URIs
• Serialized PHP malware — Threats hidden inside PHP arrays in postmeta, options, and page builder data
• Cryptocurrency miners — Coinhive, CryptoLoot, JSEcoin, and similar scripts
• Multi-layer encoded attacks — Automatically peels back up to 3 layers of obfuscation: Base64 → URL encoding → ROT13 → hex → octal

Works Alongside Your Existing Security Plugins Content Guard Pro is designed to complement file-based security, not replace it. Already using Wordfence, Sucuri, iThemes Security, All-In-One Security, or MalCare? Great — those tools protect your files. Content Guard Pro covers the database layer they don't scan. Together, you get complete WordPress security coverage. Built for WordPress Professionals

• Agencies managing client sites — Find database threats before clients or Google discover them. Use findings to demonstrate the value of your security retainer.
• Freelancers and consultants — Add content-layer scanning to your cleanup and maintenance workflow. Catch what file scanners leave behind.
• E-commerce site owners — Protect product descriptions and category pages from SEO spam that damages your search rankings and revenue.
• Security professionals — Fill the database gap in your security stack with specialized content-layer analysis.

Gutenberg Block Editor Security WordPress stores content as nested blocks — and attackers exploit this. Content Guard Pro includes a recursive Gutenberg block parser that inspects every layer of nested blocks, including reusable blocks and block patterns. It also scans content in the Classic Editor with a dedicated meta box for findings. Serialized Data Inspector Page builders like Elementor, Beaver Builder, and Divi store data as serialized PHP arrays. Content Guard Pro safely unserializes and recursively inspects these structures up to 10 levels deep, detecting malware hidden in keys like custom_css, custom_js, callback, raw_html, and more. Performance You Can Trust

• Scans approximately 100 posts in 30–60 seconds on shared hosting
• Auto-throttling prevents timeouts and resource exhaustion
• Resumable scans survive server restarts
• Safe Mode activates automatically for large sites (over 2 million rows)

Developer-Friendly Content Guard Pro provides hooks and filters for customization:

• content_guard_pro_loaded — Plugin initialization
• content_guard_pro_finding_saved — After a finding is stored
• content_guard_pro_detection_patterns — Modify or add detection rules
• content_guard_pro_allowlist_domains — Programmatic domain allowlisting

REST API available at /wp-json/content-guard-pro/v1/findings for programmatic access (Premium Agency+ tiers). External Services & Privacy API Connection: This plugin connects to Content Guard Pro API (api.contentguardpro.com) for:

• Free tier activation tracking (site URL, WP version, PHP version, plugin version)
• License validation when a paid license key is entered

What is sent: Site URL, site name, WordPress version, PHP version, plugin version, and admin email (free tier only). Sent once on activation via asynchronous, non-blocking request. Privacy: All data sent over HTTPS. No post content or scan data is ever transmitted. All scanning happens locally on your server. Service provider: Content Guard Pro Team Terms: https://contentguardpro.com/terms Privacy Policy: https://contentguardpro.com/privacy Documentation & Support

• Documentation: https://contentguardpro.com/docs
• Support Forum: https://wordpress.org/support/plugin/content-guard-pro/
• Bug Reports: WordPress.org support forum

Automatic Installation (Recommended)

1. In your WordPress admin, go to Plugins → Add New
2. Search for "Content Guard Pro"
3. Click "Install Now" and then "Activate"
4. The setup wizard will guide you through initial configuration

Manual Installation

1. Download the plugin ZIP file
2. Go to Plugins → Add New → Upload Plugin
3. Upload the ZIP file and click "Install Now"
4. Activate the plugin

After Activation

1. Follow the setup wizard to configure scanning preferences
2. Enable admin alerts for Critical findings (recommended)
3. Run your first scan to establish a security baseline

1.0.6

• Minor fixes to scan functionality.

1.0.5

• Minor fixes to scan functionality.

1.0.4

• Minor fixes to scan functionality (removed duplicated scans).

1.0.3

• NEW: Serialized Data Inspector — Detects malware hidden in serialized PHP arrays (postmeta, options, Elementor data) with safe unserialization, recursive traversal up to 10 levels deep, and dangerous key detection.
• NEW: Multi-Layer Malware Decoder — Automatically peels back up to 3 layers of obfuscation across 6 encoding types: Base64, URL encoding, HTML entities, ROT13, hex, and octal strings.
• NEW: Advanced Obfuscation Detection — Detects chained dangerous functions, triple nested decoding, ROT13+Base64 chains, hex/octal in eval(), and gzinflate+Base64 attacks.
• ENHANCED: Detection Engine — Scans both original and decoded content for significantly improved malware detection.

1.0.2

• Minor fixes.

1.0.1

• Minor fixes.

1.0.0

• Initial release — Database malware scanning, Gutenberg block parsing, real-time on-save scanning, confidence scoring, admin alerts, REST API, auto-throttling, audit trail, setup wizard, allowlist/denylist management, and 20+ detection patterns.