Quttera ThreatSign – Web Malware Scanner for WordPress
<p>WordPress Malware Scanner dashboard showing external website scan summary and malware detection status.</p>
Quttera ThreatSign protects your WordPress website with multi-layered security:
Malware Detection: Powered by Quttera’s AI-driven heuristic engine, the scanner detects malicious PHP, obfuscated JavaScript, hidden iframes, redirects, spam, SEO malware, and credit-card skimmers targeting checkout pages. The plugin performs on-demand scans directly from your WordPress admin and checks your domain against more than 40 global security authorities, including Google, McAfee, Norton, and Yandex. Detection capabilities are continuously enhanced using insights from Quttera’s worldwide threat intelligence network.
Brute Force Protection: Prevents unauthorized login attempts with IP locking, configurable rate limiting, and environment-aware protection policies. Supports both shared hosting (aggressive locking) and dedicated servers (progressive delays). Includes emergency bypass mechanism for critical situations.
Bot Protection: Layered defense against automated attacks using multi-stage risk evaluation, token-bucket rate limiting, and legitimate bot recognition (Googlebot, Bingbot, etc.). Protects REST API, XML-RPC, and WooCommerce endpoints with endpoint-specific risk scoring.
Admin User Monitoring: Real-time detection and alerting for unauthorized admin additions, removals, and role changes with database audit trail and snapshots.
For complete protection—including automated malware removal, scheduled scanning, WAF, and 24/7 monitoring—you can upgrade to a ThreatSign Website Security plan.
Malware Detection Features:
- One-click on-demand scans from WP admin
- 0-day (unknown threat) detection via heuristic & behavioral analysis
- Detection of malicious PHP (backdoors, shells, injections)
- Detection of obfuscated or polymorphic JavaScript
- Identification of malicious iframes, redirects & hidden links
- Detection of spam & SEO malware
- Checkout skimmer detection
- Inspection of WordPress core file integrity
- Detection of alien or unauthorized files in core directories
- External links and outbound reference analysis
- Blacklist checks across 40+ security authorities
- Cloud-based scanning to reduce server resource load
- Detailed investigation reports with severity levels
Brute Force Protection Features:
- IP-based locking with configurable thresholds
- Multi-stage failure detection with soft and hard locks
- Environment-aware policies for shared hosting and dedicated servers
- IP whitelist/blacklist with CIDR notation support
- Emergency bypass mechanism via constant or filter
- User account lockout alerts via email
- Combo-lock (IP + username) detection
- Rate limiting with progressive delays
Bot Protection Features:
- Multi-stage risk evaluation with heuristic analysis
- Token-bucket rate limiting across multiple lanes (global, REST, XML-RPC, checkout, cart)
- Legitimate bot recognition (Googlebot, Bingbot with elevated rate limits)
- REST API enumeration and authentication protection
- WooCommerce endpoint protection (checkout & cart)
- Configurable operation modes (Observe, Balanced, Aggressive)
- Risk-based challenge mechanisms and exponential backoff
Admin User Monitoring Features:
- Real-time detection of admin user additions and removals
- Admin role change tracking
- Database snapshot comparison for audit trail
- WP-Cron scheduled checks (1-minute intervals)
- Immediate detection via WordPress hooks
- Email alerts for unauthorized changes
- Comprehensive alarm system integration
If you need malware removal assistance, contact us at [email protected] or sign up for any
of our ThreatSign annual plans, which include cleanup & blacklist removal:
https://quttera.com/anti-malware-website-monitoring-signup