🎉 Use coupon MYXERO to enjoy 20% recurring discount on any plan. View Pricing
XeroWP
BrandBees Malware Guardian
BrandBees Malware Guardian

BrandBees Malware Guardian

0/5 (0 ratings) — active installs Updated Apr 29, 2026
malwaremalware detectionscannersecuritywordpress security
Download v1.0.1
Security dashboard and scan controls

Security dashboard and scan controls

BrandBees Malware Guardian is a powerful WordPress security plugin that helps you detect, review, and safely clean malware from your website. It scans both your files and database for malicious code, spam injections, and defacement patterns, making it ideal for website owners who want clear, practical protection without complexity.

With BrandBees Malware Guardian, you get a structured and easy-to-understand malware detection experience. Instead of overwhelming you with technical logs, the plugin highlights real threats with clear severity levels, confidence scores, and actionable recommendations, so you can focus on what actually matters.

The plugin performs deep scans across your WordPress environment, including core files, themes, plugins, and database content. It identifies suspicious PHP, JavaScript, and HTML code, as well as SEO spam and hidden injections that can harm your website’s performance and search rankings.

BrandBees Malware Guardian is built to reduce false positives and noise. Its risk-based detection model prioritizes critical and high-risk issues, helping you respond faster and avoid wasting time on low-impact warnings. Each detected threat includes detailed insights and guided remediation steps, allowing you to clean your site safely without breaking functionality.

The plugin also supports scheduled scans and updated malware signatures, ensuring ongoing protection as new threats emerge. With a simple admin dashboard, you can monitor scan results, review incidents, and take action, all from one place.

Designed for both technical and non-technical users, BrandBees Malware Guardian makes WordPress malware detection and cleanup accessible, efficient, and reliable.

Key Features

  • Malware signature scanning for PHP, JavaScript, HTML, SEO spam, and defacement indicators
  • Local file scanning with threat matching and confidence scoring
  • Database scanning for malicious or injected content patterns
  • Risk-based detection model to reduce noisy/low-value alerts
  • Threat details with severity, confidence, and remediation steps
  • Signature feed support for ongoing rule updates
  • Admin dashboard for scan visibility and incident review
  • Scheduler support for recurring scans and alerting workflow
  • Backup/patch workflow components for safer cleanup operations
  • Built for WordPress administrators with clear, non-technical controls

Ideal Audience

  • Small to mid-size WordPress site owners
  • Agencies managing multiple client WordPress websites
  • Internal website admins who need practical security monitoring
  • Non-technical teams needing clear malware alerts and next steps

Core Value Propositions

  • Early detection of common WordPress malware patterns
  • Clear prioritization (critical/high/medium) to focus on real risk
  • Faster incident response with actionable cleanup guidance
  • Ongoing protection through updateable signature intelligence

Typical Workflow

  1. Open BB Malware Guard in wp-admin
  2. Choose a scan type (quick routine scan or deeper scan depending on your need)
  3. Run a scan now, or enable scheduling so scans run automatically
  4. Review results grouped by severity and confidence (start with critical/high)
  5. Open any finding to see what was detected, where it was found, and why it matters
  6. Apply the recommended cleanup action (safe workflows and backups where applicable)
  7. Re-scan to verify the issue is resolved
  8. Keep scheduled scans enabled to catch new issues early

Support

For support requests, please use the WordPress.org support forum.

Website: brandbees.net/contact-us

Developer Documentation

Hooks & Filters

The plugin provides filters for customization. Full developer docs: BrandBees Malware Guardian documentation.

Actions

There are no custom do_action hooks prefixed for this plugin at this time. Integrate via filters below or standard WordPress hooks.

Filters

  • bbmg_malware_scan_post_types – Adjust which post types are included in database content scanning (array of post type slugs).
  • bbmg_malware_scan_file_roots – Adjust absolute filesystem roots scanned for a given scope (array of paths, plus scan scope context).
  • bbmg_malware_excluded_file_extensions – Change which file extensions are skipped during file scanning (array).
  • bbmg_checksum_trust_scan_enabled – Enable or disable checksum-based trust optimizations during file scanning (boolean).
  • bbmg_pattern_risk_score_threshold – Override the internal pattern risk score threshold used by the matcher (integer).
  • bbmg_detection_risk_score – Adjust the computed risk score for a detection ($score, $signature_id, $category, $signature).
  • bbmg_stale_db_heartbeat_seconds – Seconds of grace before treating a DB scan heartbeat as stale (integer).
  • bbmg_stale_running_scan_grace_seconds – Grace period for a running scan before stale handling (integer).
  • bbmg_stale_zero_progress_grace_seconds – Grace period when scan progress is zero before stale handling (integer).
  • bbmg_signature_feed_url – Provide or override the remote URL used to load the malware signature JSON feed (string).
  • bbmg_signature_remote_fetch_disabled – Return true to disable remote signature feed fetching (boolean).
  • bbmg_signature_feed_ttl – Override cache TTL (seconds) for a successful remote signature feed response (integer).
  • bbmg_signature_feed_cron_first_delay – Override delay (seconds) before the first scheduled signature feed sync after setup (integer).

For deeper integration (REST routes, database tables, scan lifecycle), see the developer documentation site.

External services

This plugin can optionally use third-party threat intelligence services. Core local file/database scanning works without these services.

  • PhishTank (Cisco Talos): Optional phishing feed source used for local URL reputation checks when enabled.
    Terms: https://phishtank.org/terms.php
    Privacy: https://www.phishtank.org/privacy.php

  • VirusTotal: Optional URL reputation lookup used only when VirusTotal integration is enabled and configured.
    Terms: https://www.virustotal.com/gui/terms-of-service
    Privacy: https://www.virustotal.com/gui/privacy-policy

  • Google Safe Browsing API: Optional threat lookup used only when Safe Browsing integration is enabled and configured.
    Terms: https://developers.google.com/safe-browsing/v4/terms
    Privacy: https://policies.google.com/privacy

WordPress.org update APIs may also be contacted by WordPress itself for update/metadata checks.

Privacy Policy

BrandBees Malware Guardian is designed for privacy-conscious operations:

  • Core scanning is performed locally on your server
  • Scan results are stored locally in your WordPress database
  • Optional external integrations are disabled by default and used only when enabled/configured
  • Backups created by cleanup workflows are stored on your server

Credits

Developed by Brand Bees
Contributor profile: Hassan Ejaz (@genius786)