| 开发者 | abocchetti |
|---|---|
| 更新时间 | 2026年7月12日 03:42 |
| PHP版本: | 7.2 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
eval, request input invoked as a function, OS command execution, known shell-family marker strings, packed/obfuscated blobs, executable PHP inside wp-content/uploads/, and more. Each suspicious file is scored and reported with the exact path and line numbers. Comments and docblocks are stripped before matching, and strong vs. supporting signals are separated to reduce false positives. Findings are advisory heuristics — review each flagged file.wp-admin/ or wp-includes/. No prior snapshot is required, so it works even on an already-compromised site.forvault-security folder to /wp-content/plugins/, or install it from the Plugins screen in your WordPress dashboard.No. Every feature is strictly read-only. The scanner reads file contents to analyze them but never edits, moves, deletes or executes them. The baseline only stores hashes.
No. The Malware Scan uses scored heuristics, the same approach as tools like php-malware-finder or a YARA pass. A high score means a file deserves review, not that it is certainly malicious. Always inspect a flagged file before taking action.
No. The free plugin only scans when you click a button, and it does no work on public page loads. Scheduled/automatic scanning is offered by the separate premium add-on.
Any version published on WordPress.org. The check downloads the official manifest for your exact version and locale at the moment you run it.
No. All three scanners are complete and free. The premium add-on is optional and adds response/monitoring tooling.