BroodWeb Malware Scanner helps WordPress site owners, agencies, and developers investigate suspicious files, database content, login activity, and security exposure from one admin screen.

The scanner is built for careful review. It does not blindly delete files. It shows risk scores, findings, file paths, quarantine actions, whitelist controls, and exportable reports so you can inspect suspicious results before taking action.

Key Features

Malware file scanner for WordPress core, plugins, themes, uploads, must-use plugins, and root files.
Official WordPress core checksum verification to suppress false positives on clean core files.
Detection for common malware indicators such as eval(), base64_decode(), gzinflate(), shell_exec(), obfuscated strings, suspicious filenames, disguised PHP payloads, and PHP files inside uploads.
Database scanner for suspicious content in options, posts, and users.
Quarantine, restore, delete, and whitelist tools for flagged files.
Scan history with stored reports.
Filterable scan report with filename search, risk filter, category filter, collapsible findings, and JSON/CSV export.
AJAX chunked scanning to reduce timeouts on larger websites.
Scheduled scans and email alerts.
Integrity monitor with file-change tracking and alert email support.
Login security tools, including custom login URL support.
Activity log for security events.
Vulnerability review for WordPress core, plugins, and themes.
Firewall-lite controls for basic request protection.
Go Pro information tab explaining Pro features.

Official Core Verification

WordPress core files can contain functions that look suspicious in normal malware signatures. BroodWeb Malware Scanner verifies official WordPress core files against WordPress.org checksums before content heuristics are applied. If a core file matches the official source, it is not reported as suspicious.

If a core file is changed or if an unexpected file appears inside a core directory, the scanner can report that as a higher-signal issue.

Designed For Manual Review

BroodWeb Malware Scanner is an investigation and triage tool. Always review flagged files before quarantining or deleting them, and always create a full backup before cleaning an infected site.

BroodWeb Malware Scanner Pro

The free plugin includes the core protection layer: malware scanning, database checks, quarantine, whitelist, integrity monitoring, login security, vulnerability review, firewall-lite, activity log, and reporting exports.

BroodWeb Malware Scanner Pro adds advanced cleanup and intelligence tools, including:

Hardening controls.
Repair tools for comparing and restoring supported official WordPress, plugin, and theme files.
AI-assisted malware triage with OpenAI-compatible providers.
Professional reporting workflows for agencies and client work.