🎉 Use coupon MYXERO to enjoy 20% recurring discount on any plan. View Pricing
XeroWP
VulnTitan – Malware Scanner, Vulnerability Scanner & Security
VulnTitan – Malware Scanner, Vulnerability Scanner & Security

VulnTitan – Malware Scanner, Vulnerability Scanner & Security

5/5 (1 ratings) 20 active installs Updated Mar 31, 2026
malware removalmalware scannervulnerability scanner
Download v2.1.17 Plugin Website
WordPress malware and vulnerability scan dashboard overview.

WordPress malware and vulnerability scan dashboard overview.

VulnTitan is a WordPress security plugin focused on malware scanning and removal, vulnerability detection, file integrity monitoring, firewall protection, and anti-spam controls for comments and supported forms.

Instantly scan your WordPress site for malware infections and known vulnerabilities, review detailed results, and clean or remove malware safely using a guided fix workflow with automatic backups.

VulnTitan focuses on practical protection: vulnerability detection, malware scanning and removal, file integrity monitoring, firewall protection, anti-spam defense for comments and supported forms, hidden custom login access, and a weekly executive security digest every 7 days.

Malware Scanner

The WordPress malware scanner inspects your site files for suspicious code patterns and known malicious signatures.

  • Detect malware infections in core, plugins, and themes
  • Review problematic files with contextual code preview
  • Safe-fix workflow with automatic backups
  • Clear severity indicators and actionable recommendations

Vulnerability Scanner

The vulnerability scanner checks your installed WordPress core, plugins, and themes against a real-time vulnerability database powered by the VulnTitan API.

  • Detect vulnerable plugins and themes
  • Identify outdated components with known security risks
  • Real-time vulnerability intelligence
  • Clear risk explanations and remediation guidance

File Integrity Scanner

Monitor unauthorized file changes and unexpected modifications.

  • Baseline comparison for WordPress files
  • Queue-based processing for performance safety
  • Visual status legends for fast review
  • Actionable next steps for suspicious changes

Firewall, Login, Comment & Form Protection

VulnTitan includes firewall, WAF, login protection, and anti-spam controls to block common attack patterns and protect WordPress login, comment, and supported form submission surfaces.

  • Early MU-plugin runtime request guards
  • SQL injection (SQLi) payload protection
  • Command injection detection
  • Suspicious path traversal blocking
  • Endpoint whitelisting controls
  • Login lockout protection against brute-force attacks
  • TOTP-based two-factor authentication for selected roles
  • Recovery codes and trusted-device support for enrolled accounts
  • CAPTCHA protection for login, registration, lost-password, and optional comment forms
  • XML-RPC allow, disable, or rate-limit policy controls with IP allowlisting
  • Weak-password blocking during profile updates, password resets, and compatible registrations
  • Comment Shield with honeypot, signed tokens, submit-time validation, duplicate detection, guest link limits, IP rate limiting, and moderation-aware logging
  • Form Shield for Contact Form 7 and Fluent Forms with honeypot, signed submit tokens, link heuristics, repeated-domain detection, and IP rate limiting
  • Form spam blocks are logged into the WAF/live feed with provider-aware source labels for easier review
  • Suspicious comments can be held for moderation or blocked immediately
  • REST comments can enforce signed anti-spam tokens and CAPTCHA when anonymous REST commenting is enabled elsewhere
  • Configurable custom login slug so administrators can use a private login URL instead of the default wp-login.php
  • Default wp-login.php and guest wp-admin access can be hidden behind a 404 response when custom login is enabled
  • Weekly executive security report email with 7-day firewall, login abuse, WAF, form spam, and comment moderation statistics

Security-First Architecture

  • Secure storage and cleanup of scan queues and logs
  • Hardened backup handling outside ABSPATH by default
  • Hardened malware and integrity scan actions with stricter capability checks and in-root path validation
  • Adaptive performance tuning for safe large-site scanning

WP-CLI Support

VulnTitan supports WP-CLI commands for malware, integrity, and vulnerability scans so administrators can run checks from the terminal, scripts, or server automation.

  • wp vulntitan scan malware
  • wp vulntitan scan integrity
  • wp vulntitan scan vulnerability
  • wp vulntitan scan all
  • Optional flags: --scope=plugins, --format=json, --fail-on-findings

External services

This plugin connects to an external API at https://vulntitan.com/api/vulnerabilities to fetch up-to-date vulnerability data for WordPress core, plugins, and themes. This data is essential for detecting known vulnerabilities during scan operations.

When a vulnerability scan is performed, the following data is sent to the VulnTitan API:
– The slug and version of each plugin
– The slug and version of each theme
– The WordPress core version

This data is transmitted only during scans initiated by the user or by scheduled scan settings. No personal, user-identifying, or sensitive site data is collected, transmitted, or stored.

The external service is provided and operated by VulnTitan.com.

  • Terms of Service: https://vulntitan.com/terms
  • Privacy Policy: https://vulntitan.com/privacy