Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal -- WordPress 插件

开发者	malcure cybermalcure
更新时间	2026年1月10日 17:40
PHP版本:	5.6 及以上
WordPress版本:	6.9
版权:	MIT
版权网址:	版权信息

The Only Security Plugin You Need: Detection, Protection, and Reporting. When your site is hacked, you don't need "maybe". You need "definitely". Malcure Malware Scanner is precision-engineered to detect over 50,000+ threats with Zero False Positives. Trusted by 10,000+ site owners and security professionals, Malcure doesn't just "scan" — it investigates. From hidden backdoors in your database to obfuscated code in your images, we find what others miss. Powered by Malcure API: Real-Time Threat Intelligence Hackers don't sleep, and neither do we. Malcure connects to our real-time API to fetch the latest threat definitions. This plugin relies on the Malcure API to provide real-time threat intelligence and checksum verification.

Data Transmission: To perform scans, the plugin sends file checksums and your site's domain to Malcure servers. No sensitive user data or file contents are transmitted unless you explicitly use the "Inspect File" feature.
Terms & Privacy: Use of the API is subject to our Terms of Use and Privacy Policy.
Zero-Day Alerts: Our API analyzes new threats in real-time, ensuring the site is scanned against the latest vulnerabilities.
Smart Checksums: We verify your core files against the official WordPress repository using our API, ensuring absolute integrity.
Lightweight: By offloading heavy analysis to our API, we keep your server fast and responsive.

Why Malcure?

Precision, Not Noise: Our advanced heuristic engine is tuned to distinguish between legitimate code and malicious payloads. No more heart attacks over false alarms.
Surgical Cleanup: Don't nuke your site. Malcure identifies the exact infection so you can surgically remove the malicious code while keeping your website fully functional.
Performance First: Built to be lightweight. We scan rigorously without bringing your server to its knees.

Who This Plugin Is For

Site owners who want clear, actionable results (what was flagged and where).
Agencies & developers who need fast triage across multiple sites.
WooCommerce / membership / lead-gen sites where downtime and SEO damage are expensive.
Anyone who wants a scanner that cuts through the noise to focus on signal—real threats with practical remediation paths.

How It Works (Scan → Review → Clean → Monitor)

Scan
Go to Malcure Scanner in your WordPress admin.
Run a scan to check your files and database for malware, backdoors, suspicious code, and integrity issues.
Review
Malcure reports findings with clear locations (file paths / database records) so you can verify what changed and why it was flagged.
Use the results to decide what should be repaired, deleted, or kept (for example, legitimate custom code).
Clean & Recover
The free edition helps you identify issues and understand what needs fixing.
The Advanced Edition adds cleanup tools (Inspect / Repair / Delete for infected files) and workflow features like custom whitelisting.
Monitor
Set up scheduled scans to keep your site continuously monitored.
Get alerts for new infections or integrity issues.

Free vs Advanced (Feature Comparison) Below is a practical feature comparison to help you choose the right edition. | Feature | Free | Advanced | | --- | --- | --- | | Deep malware scan (files + database) | Yes | Yes | | Checksum verification (WordPress core integrity) | Yes | Yes | | Vulnerability scanner | Yes | Yes | | Firewall (WAF) & hardening | Yes | Yes | | Incident response toolkit (sessions, salts, etc.) | Yes | Yes | | Event logging | Yes | Yes | | Google Search Console integration | Yes | Yes | | 1-click cleanup actions (Inspect / Repair / Delete infected files) | No | Yes | | Custom whitelisting (files/folders) | No | Yes | | WP-CLI integration | No | Yes | | High-priority support | No | Yes | | Real-time definition updates | No | Yes | [youtube https://www.youtube.com/watch?v=EbSbxiTOc8k] Core Features (Free Forever)

Deep Malware Scan: Scans core files, themes, plugins, images, and your entire database for viruses, trojans, backdoors, and malicious redirects.
Files: Scans core files, themes, plugins, images, and uploads for backdoors, shells (C99, R57), and obfuscated code.
Database: Scans database tables for malicious injections and spam links.
SEO Spam Detection: Specifically checks page titles and database records for "Japanese Keyword Hack", "Pharma Hack" and other SEO spam symptoms.
Vulnerability Scanner: Checks your installed plugins and themes against our real-time database of known security vulnerabilities.
Intelligent Checksum Verification: Automatically verifies your files against the official WordPress repository. If a core file has been tampered with, we know instantly.
Uncompromising Detection: Detects C99, R57, RootShell, Crystal Shell, Matamu, and thousands of other known and unknown variants.
Firewall (WAF) & Hardening:
Block Path Traversal: Stops attackers from accessing sensitive system files.
Block PHP Uploads: Prevents malicious scripts from being uploaded to your site.
Stop User Enumeration: Blocks bots from fishing for your username.
REST API Protection: Prevents user data leakage via the WP REST API.
Security Hardening: Learn more about securing your WordPress site.
Automated Background Scans & Monitoring:
Set it and forget it: Malcure runs silently in the background. Schedule daily, weekly, or monthly scans associated with the new 'Malware Monitor' feature.
Stay Ahead: Automatically catch new infections before they spread or damage your SEO rankings.
Incident Response Toolkit:
Nuke User Sessions: Instantly force-logout every user on the site to kick out intruders.
Salt Shuffler: One-click rotation of WordPress security keys (salts) to invalidate all browser cookies.
Comprehensive Event Logging: Track every security event. Know exactly when and how a breach might have occurred with our 100-day event log.
Google Search Console Integration: Connect directly to Google to fetch security warnings and blacklist status in real-time.
Real-Time API Updates: Connects to the Malcure Cloud to detect the latest threats and vulnerabilities.

Upgrade to Advanced Edition For mission-critical websites that demand comprehensive protection and recovery tools.

1-Click Fixes: Inspect, Delete or Repair infected files instantly with a single clicks.
On-Demand Background Scanning: Run deep scans that continue working even if you close your browser. Perfect for humongous sites.
Real-Time Definition Updates: Stay protected against the very latest threats discovered by our security labs.
WP-CLI Integration: Automate scans and cleanups via command line — a developer's dream. See our WP-CLI Cheatsheet.
Custom Whitelisting: Full control to whitelist specific files or folders.
High-Priority Support: Direct access to our security analysts.

Get Malcure Advanced Edition What Our Users Say

"Best by far, better than Wordfence and other giants... I spent hours trying to find a plugin like this... Simple and effective." — @dalingzaf "The ONLY plugin that scans files in real time. I am a web developer and have tried many malware removal plugins, including popular ones like Wordfence and Sucuri. However, none of them detected some unusual files that were actually malware causing regular attacks." — @devzeeshanx "Accurately shows which Database table row is infected and it helps resolve the hacking attempt instantly. Saves a lot of time for the developers." — @s3630 "It’s not just a “teaser”. This plugin really found the malware, and removed it. Really for free." — @halucska

Additional Resources for Malware Removal Follow these expert guides to remove malware, recover lost traffic, and restore your online reputation:

Expert Malware Removal Service In over your head? Our security analysts are on standby. We offer a complete Malware Removal Service that includes:

100% Removal Guarantee: We guarantee to remove all malware from your website.
Same Day Service: Fast turnaround time to get your business back online.
DeepScan™ Technology: Scans backups, archives, images, and hidden files where malware hides.
Manual Inspection: Our experts manually inspect critical files (htaccess, wp-config, index.php) and your database.
Blacklist Removal: We handle the removal of your site from blacklists like Google, Norton, McAfee, etc.
Security Hardening: We identify the root cause and patch vulnerabilities to prevent future infections.
15-Day Cover: Security analysts available 24/7/365 to ensure your site stays clean. Book Expert Malware Removal

Upload the wp-malware-removal folder to the /wp-content/plugins/ directory.
Activate the plugin through the 'Plugins' menu in WordPress.
Go to the Malcure Scanner menu to start your first scan.

19.5

New: Clearer admin UI labeling.
Bugfix: Styles not loading on Scan Scheduler page.
Stability: Several other stability fixes.

19.4

Major Bugfix: Fatal error during auto-upgrade.
Updated readme.

19.3

Major Bugfix: The very initial database record was never scanned.
Feature: New DB-record inspection + (Advanced Edition) DB-record whitelisting.
Improvement: Smart Checksum Refresh — Updates only modified components during upgrades for faster performance.
Major: Checksum system overhaul: more robust payload handling, better core vs non-core validation, and automatic checksum refresh after WP/plugin/theme upgrades.

19.2

Feature: Major performance optimization for checksums.
Feature: Enhanced SaaS API integration with signature verification.
Feature: Compatibility check for plugin version.
UX: Improved license validation and error messages.
UX: Better handling of database vs file infections in UI.

19.1

Feature: Introducing enhanced cleanup operations.

19.0

Bugfix: Enhanced detection of suspicious empty files in core directories.

Malcure Malware Removal, Monitor and Security Hardening

标签

下载

详情介绍:

安装:

屏幕截图:

升级注意事项:

常见问题:

更新日志: