VulnTitan - Malware Scanner, Vulnerability Scanner & Security

VulnTitan is a lightweight WordPress malware scanner and malware removal tool that detects infected files and vulnerable plugins before they can be exploited. Instantly scan your WordPress site for malware infections and known vulnerabilities, review detailed results, and clean or remove malware safely using a guided fix workflow with automatic backups. Unlike heavy security suites, VulnTitan focuses on practical protection: vulnerability detection, malware scanning and removal, file integrity monitoring, essential firewall protection, and hidden custom login access — without unnecessary bloat. Malware Scanner The WordPress malware scanner inspects your site files for suspicious code patterns and known malicious signatures.

• Detect malware infections in core, plugins, and themes
• Review problematic files with contextual code preview
• Safe-fix workflow with automatic backups
• Clear severity indicators and actionable recommendations

Vulnerability Scanner The vulnerability scanner checks your installed WordPress core, plugins, and themes against a real-time vulnerability database powered by the VulnTitan API.

• Detect vulnerable plugins and themes
• Identify outdated components with known security risks
• Real-time vulnerability intelligence
• Clear risk explanations and remediation guidance

File Integrity Scanner Monitor unauthorized file changes and unexpected modifications.

• Baseline comparison for WordPress files
• Queue-based processing for performance safety
• Visual status legends for fast review
• Actionable next steps for suspicious changes

Firewall & Login Protection VulnTitan includes lightweight firewall and WAF protection to block common attack patterns and protect the WordPress login surface.

• Early MU-plugin runtime request guards
• SQL injection (SQLi) payload protection
• Command injection detection
• Suspicious path traversal blocking
• Endpoint whitelisting controls
• Login lockout protection against brute-force attacks
• Configurable custom login slug so administrators can use a private login URL instead of the default wp-login.php
• Default wp-login.php and guest wp-admin access can be hidden behind a 404 response when custom login is enabled

Security-First Architecture

• Secure storage and cleanup of scan queues and logs
• Hardened backup handling outside ABSPATH by default
• Adaptive performance tuning for safe large-site scanning

From your WordPress dashboard

1. Navigate to Plugins > Add New
2. Click Upload Plugin
3. Upload the downloaded ZIP file
4. Click Install Now, then Activate

From FTP or File Manager

1. Upload the extracted vulntitan folder to the /wp-content/plugins/ directory
2. Go to your WordPress dashboard
3. Navigate to Plugins > Installed Plugins
4. Find VulnTitan and click Activate

Once activated

• Go to VulnTitan in your admin menu
• Click Scan Now to run a malware and vulnerability scan
• Review detected vulnerabilities, malware infections, and file integrity issues
• Apply guided safe fixes where needed

v2.0.8 - 13 Mar, 2026

• Added a weekly executive security digest email with 7-day firewall telemetry, login abuse summaries, WAF detections, and top targeted paths/rules.
• Added Firewall settings for enabling the weekly digest and overriding the recipient email address.
• Upgraded the digest into a professional branded HTML email template with VulnTitan logo, metric cards, timeline, and protection profile summary.

v2.0.7 - 13 Mar, 2026

• Fixed custom login logout requests on some Nginx-backed WordPress sites so hidden login logout no longer triggers 502 Bad Gateway responses.
• Stabilized hidden login request bootstrapping and canonical custom login route handling for logout/login flows.

v2.0.6 - 12 Mar, 2026

• Added configurable custom login slug support so administrators can use a private login URL instead of the default wp-login.php path.
• Hidden direct guest access to default wp-login.php and wp-admin entry points when custom login protection is enabled.
• Reworked the Firewall page with a tabbed settings layout, a wider recent events section, and toast-style action feedback.

v2.0.4 - 10 Mar, 2026

• Redesigned the VulnTitan Dashboard into an elite, professional security command center layout.
• Redesigned the Firewall page into a professional command center layout.
• Removed the dashboard sidebar to keep the UI focused on scan operations.
• Redesigned the top navigation bar to match the new elite dashboard and firewall style.
• Fixed scan progress indicator layout in the redesigned dashboard.

v2.0.3 - 10 Mar, 2026

• Reduced false positives for benign decode-only utilities (e.g., base64 + gzuncompress).
• Reduced false positives for safe data:image/svg+xml;base64 payloads.
• Disabled auto-fix for low-risk malware findings to prevent accidental code removal.

v2.0.2 - 10 Mar, 2026

• Reduced malware scanner false positives for base64-decoded signature and key material.
• Avoided false positives from benign data:image base64 CSS payloads embedded in PHP/JS strings.
• Prevented false positives on large serialized option blobs without execution or file-write patterns.

v2.0.1 - 03 Mar, 2026

• Fixed Vulnerability scanner UI so the "Vulnerability Overview" section stays pinned at the top while results are scrolled.
• Reduced Malware scanner false positives for benign CSS content: strings and similar static string-literal matches.

v2.0.0 - 25 Feb, 2026

• Major release with redesigned Malware, Vulnerability, and File Integrity scan UX.
• Improved malware scanner with detailed problematic-files panel and guided safe-fix actions.
• Enhanced vulnerability detection powered by updated API intelligence.
• Improved file integrity scanner with clearer legends and performance tuning.
• Added dedicated Firewall module with MU runtime guards and login lockout protection.
• Added WAF payload protection for SQL injection and command injection.
• Security hardening for backup storage and automated cleanup routines. For full release history, see CHANGELOG.md included in the plugin package.