=== Malcure Malware Shield — Removal, Repair, Monitor ===
Contributors: malcure,cybermalcure
Tags: malware scanner, antivirus, virus, security, vulnerability scanner
Requires at least: 6.2
Tested up to: 7.0
Requires PHP: 5.6
Stable tag: 19.9.5
License: MIT
License URI: https://opensource.org/licenses/MIT

Your WordPress site hacked? Malcure scans files AND database to find and help you remove malware casual scanners miss. Free. No bloat.

== Description ==

Is your website acting strangely? Seeing 'Deceptive Site Ahead' warnings, Japanese SEO hack, or random redirects? Time to fix and monitor your site with **Malcure Malware Shield**.

**Malcure Malware Shield scans for infections, runs silent scheduled scans, and sends alerts before threats spread — turning one-time cleanup into always-on protection.**

Malcure scans files, databases, and user accounts to find malware casual scanners miss — backdoors hidden in images, injections in your database, rogue, hidden admin accounts buried in your tables that don't show up in the admin area. Then it watches your site with scheduled scans and alerts, so one-time cleanup becomes always-on protection.

Detection runs against 50,000+ signatures with real-time threat intelligence — the same definitions for every user, free or paid. You see every infection with exact file paths and line numbers.

**Activate → Scan → Know → Monitor**

== What Our Users Say ==

Quotes are verbatim from WordPress.org support reviews, except for bracketed edits (for example, competitor names removed).

= Best by far, better than [competitor name removed] and other giants =
> "You can see it is a bunch of geeks that created this, with skill and visual creativity at that. I spent hours trying to find a plugin like this. So many options and such bad results until now. Great job guys. You deserve it. Simple and effective. (Disclaimer to other potential readers: there are many types of hacks/malware out there, every scenario is different, but start with the Malcure scan and see how it goes. 9/10 you won't be disappointed, my guess)" — [@dalingzaf](https://wordpress.org/support/topic/best-by-far-better-than-wordfence-and-other-giants/)

= The ONLY plugin that scans files... =
> "I am a web developer and have tried many malware removal plugins, including popular ones [competitor names removed]. However, none of them detected some unusual files that were actually malware causing regular attacks. Some of these files were in JPG format." — [@devzeeshanx](https://wordpress.org/support/topic/the-only-plugin-that-scans-files-in-real-time-2/)

= Best Malware Removal Plugin in just few minutes =
> "Most security plugins that are free only scan the code, but Malcure Malware Removal Plugin scans the wordpress database and the code files in few minutes. Accurately shows which Database table row is infected and it helps resolve the hacking attempt instantly. Saves a lot of time for the developers. Thank You Team Malcure" — [@s3630](https://wordpress.org/support/topic/best-malware-removal-plugin-in-just-few-minutes/)

= It's not just a "teaser" =
> "This plugin really found the malware, and removed it. Really for free. Thanks guys, I'm going to donate now!" — [@halucska](https://wordpress.org/support/topic/its-not-just-a-teaser/)

== What Malcure Does ==

**Detection**

-   **File Scan:** Core files, themes, plugins, images, uploads — backdoors, shells, obfuscated code, and malware hidden inside image files and archives.
-   **Database Scan:** Finds malicious injections, recurring malware, and SEO injection links that file-only scanners never see.
-   **User Scan:** Detects rogue admin accounts and compromised metadata, including application passwords that bypass your login page.
-   **DeepScan™:** Scans every file-type without skipping within resource-limits and hidden files where malware hides.
-   **Checksum Verification:** Compares your core, plugin, and theme files against official repository checksums. Tampered files are flagged based on the severify.
-   **SEO Hack Detection:** Catches Japanese Keyword Hack, Pharma Hack, and other SEO hacks in page titles and database records.
-   **Vulnerability Scanner:** Checks installed plugins and themes against a real-time vulnerability database.
-   **Ultra-High Precision:** Checksum-based intelligence dramatically reduces false alarms compared to heuristic-only scanners.
-   **50,000+ Signatures:** Detects known variants — C99, R57, RootShell, and many more — plus unknown threats via behavioral analysis.

**Monitoring & Alerts**

-   **Scheduled Scans:** Set a cadence — daily, weekly, or monthly. Runs silently in the background.
-   **Instant Alerts:** Email report on schedules scans — clean or infected. You always know.
-   **Event Log:** 100-day forensic record of every security event for root-cause analysis.

**Hardening & Firewall**

-   **Block Path Traversal:** Stops attackers from accessing sensitive system files.
-   **Block PHP Uploads:** Prevents malicious scripts from being uploaded.
-   **Stop User Enumeration:** Blocks bots from fishing for usernames.
-   **REST API Protection:** Prevents user data leakage via the WP REST API.

**Incident Response**

-   **Session Nuke:** Force-logout every user instantly to kick out intruders.
-   **Salt Shuffler:** One-click rotation of [security keys (salts)](https://malcure.com/?p=5230) to invalidate all browser cookies.

**Real-Time Threat Intelligence**

-   **Zero-Day:** Threat definitions served in real time via the Malcure Cloud. No days-long delay.
-   **Google Search Console:** Connect directly to fetch security warnings and blacklist status.
-   **Privacy:** Scans send file checksums and your site's domain to Malcure servers. No sensitive user data is transmitted. Use of the API is subject to our [Terms of Use](https://malcure.com/?p=1720) and [Privacy Policy](https://malcure.com/?p=3).
-   **Lightweight:** Runs only on demand or on schedule. No persistent background processes. No bloat.

== Who This Plugin Is For ==

**Site owners** who want clear results — what was flagged, exactly where. **Agencies and developers** who need fast triage across multiple sites. **WooCommerce, membership, and lead-gen sites** where downtime and SEO damage are expensive.

= How It Works (Scan → Review → Clean → Monitor) =

1.  **Scan** — Open **Malcure Scanner** in your Admin Dashboard. Run a scan to check files, database, users, and more.
2.  **Review** — Every finding comes with an exact location: file path, line number, or database record. Decide what to repair, delete, or keep.
3.  **Clean & Recover** — Shows every infection so you can clean it yourself. Advanced Edition adds repair tools, file operations, whitelisting, and WP-CLI automation.
4.  **Monitor** — Set up scheduled scans. Get email alerts the moment a threat is found.

= Is It Free? =

We believe in 100% transparency.

*   **Free Forever:** Professional-grade Detection (Knowledge). You see every infected file and database row (exact file path & line number), so you can clean it yourself for free.
*   **Free Forever:** Real-time Threat Intelligence & Monitoring.
*   **Pro Upgrade:** Whitelisting, Advanced Scan Filters, File Operations, WP CLI Automation, Deployment, Bulk Client-Servicing Features, Background Scan & Premium Support (Expertise).

**You are never forced to pay to *find* a hack.**

[youtube https://www.youtube.com/watch?v=EbSbxiTOc8k]

= Advanced Edition =

For when cleanup is not enough — you need to stay clean.

-   **1-Click Repairs:** Inspect, delete, or repair infected files instantly.
-   **Whitelisting:** Suppress alarms on specific files and database records.
-   **Background Scans:** Trigger a deep scan and walk away. It emails you when it's done.
-   **WP-CLI Integration:** Full command-line control — async scans, definitions sync, checksum refresh, reporting.
-   **Automatic Definition Updates:** Definitions stay current without manual intervention.
-   **Advanced Scan Filters:** Include or exclude specific files.
-   **File Operations:** Delete, repair, and manage infected files directly.
-   **Bulk Reporting:** Copy scan results to generate client reports.
-   **Premium Support:** Direct access to our security analysts.

[**Get Malcure Advanced Edition**](https://malcure.com/?p=116)

= Expert Malware Removal Service =

In over your head? Our security analysts will clean your site for you — 100% removal guarantee, same-day service, blacklist removal, and 15-day post-cleanup cover.

[**Book Expert Malware Removal**](https://malcure.com/?p=107)

== Installation ==

1.  Upload the `wp-malware-removal` folder to the `/wp-content/plugins/` directory.
2.  Activate the plugin through the 'Plugins' menu in Admin Dashboard.
3.  Go to the Malcure menu to start your first scan.

== Frequently Asked Questions ==

= My site is hacked. What should I do? =

Option 1: If you are tech-savvy, you can use this plugin, analyse the results and remove malware yourself.

Option 2: You can file a service request with us. Don't delay—malware spreads fast! Our service includes malware cleanup and blacklist removal by our security analysts. [Please click here to file a support request](https://malcure.com/?p=107).

= How to remove malware from website? =

Please see [How to use Malcure Malware Shield Plugin for website Malware Removal](https://malcure.com/?p=9094) and [10-Step Guide to Removing Malware from Your Site](https://malcure.com/?p=1). Follow these steps for a permanent fix to secure your site and recover lost traffic.

= Why should I use Malcure Malware Shield? =

Several reasons:

a) Malcure Malware Shield scans all: database, vulnerabilities, files, even images and archives so deep hidden malware is also easily detected.

b) Checks all core, theme and plugin files for integrity.

c) Scans over 50,000+ known malware including variants like C99, R57, RootShell, dolohan, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx, obfuscated code and many more known and unknown variants.

d) Hybrid scan ensures unknown threats are also identified.

In short, Malcure Malware Shield detects everything. It's fast, simple to use and extremely thorough. With improved security, your site remains trustworthy, boosting SEO rankings, user confidence, and conversions.

= What support options are available for Malcure Malware Shield users? =

Providing excellent support is extremely important to us. You can report the issue at [Malcure forums](https://malcure.com/?p=5677) and our dedicated web-security specialist will ensure that the matter is resolved to your satisfaction.

= What makes Malcure Malware Shield different from other security plugins? =

Malcure Malware Shield is a local website Shield with comprehensive file and database scanning capabilities. Malcure Malware Shield does its job very well. If you have feedback, please do not hesitate to share with us.

Also Malcure Malware Shield scans every file regardless of whether it's an image, archive etc. Modern malware hides in unsuspicious, genuine looking files and Malcure Malware Shield makes sure those are not missed. Malcure Malware Shield is extremely thorough and leaves no aspect of the site to speculation. Try Malcure Malware Shield to experience exceptional thoroughness and speed in removing website malware and ongoing security.

= Will Malcure Malware Shield impact the performance of my website? =

Malcure Malware Shield only runs when you want it to or when it is scheduled to utilizing minimal resources. At all other times it sleeps silently. The firewall triggers extremely quickly and is optimized for performance.

= Where can I find the Malcure Terms of Use and Privacy Policy? =

These are available on our website: [Terms of Use](https://malcure.com/?p=1720) and [Privacy Policy](https://malcure.com/?p=3)

= Will this slow down my website? =
No. Malcure is engineered to be lightweight. We don't run heavy background processes that eat up your server CPU like other "bloated" security plugins. Malcure runs only when you trigger a scan or schedule one.

= Can I clean my hacked site for free? =
Yes. The free version identifies every single infection (file path & line number). You can use this report to manually clean your site. The premium Malcure Advanced version offers deletion of irreparable files if you want to save time.

= How is this different from other plugins? =
Malcure is focused on simplicity and performance. We don't have days of delay on detection signatures—you get updated signatures instantly for free. We also scan your database for hacks, which many file-only scanners miss.

= Does it match "False Positives" like other scanners? =
Malcure Malware Shield uses intelligent checksum verification against the official core/plugin/theme files. This drastically reduces false alarms. We focus on being precise so you don't get false alerts and anxiety.

= Why do I need to register? =
Registration connects your site to the Malcure API enabling real-time threat intelligence. It's free and ensures you get the best protection.

= Does this plugin remove malware automatically? =
The free version detects malware with high precision and allows repair of official core/plugin/theme files. The [Advanced Edition](https://malcure.com/?p=116) offers deletion, whitelisting as well as advanced features for infected files.

= What data is sent to the Malcure API? =
To perform scans, the plugin sends file checksums and your site's domain to Malcure servers. No sensitive user data or file contents are transmitted unless you explicitly use the "Inspect File" feature.

= What's the difference between Free and Advanced? =
Both editions scan files and the database, verify core/plugins/themes integrity, and include firewall/hardening features.

The Advanced Edition adds Whitelisting, Advanced Scan Filters, File Operations, WP CLI Automation, Deployment, Bulk Client-Servicing Features, Background Scan & Premium Support (Expertise), and high-priority support.

= How should I interpret results like "infected" vs "suspicious"? =
"Infected" generally means that Malcure has high confidence the code matches malicious patterns.

"Suspicious" can indicate risky/obfuscated behavior or something that warrants review (for example, heavily minified code or unusual PHP patterns). If you're unsure, use Inspect (Advanced) or [contact support](https://malcure.com/?p=157).

== Troubleshooting ==

= Some files are detected by Malcure Malware Shield as "suspicious". What gives? =

Malcure's DeepScan checks each file for malware. However some files aren't pure malware but may contain code that is suspicious and could potentially do nasty things. You should carefully review and analyse them to see if they indeed do anything nasty.

= I can't get Malcure Malware Shield to work. It hangs / doesn't complete the scan / breaks for some reason. =

If you think that the plugin is broken, [please report it here](https://malcure.com/?p=5677).

Malcure Malware Shield (or for that matter other plugins) may break on malware affected / broken websites. [Malcure Advanced Edition](https://malcure.com/?p=116) integrates with WP CLI and allows you to complete the scan from WP CLI even when the site is blocked by the webhost or when you are unable to login to the website.

= My site is infected however Malcure Malware Shield doesn't detect the infection. =

Malware keeps evolving. If you come across malware that Malcure Malware Shield is not able to identify, you may [please report it here](https://malcure.com/?p=157).

= The scan gets stuck midway. What should I do? =

In case of such an event, please file a support request with us and we'll be more than happy to troubleshoot the issue.

Please visit [this page](https://malcure.com/?p=5677).

= I cleaned my site but it got infected again. What should I do? =

Malware cleanup is a waste of time and effort unless you find the root cause behind the malware infection and monitor for recurrence. How was someone able to infect your website? Have you plugged in that security hole?

Please read [Why Do Websites Get Hacked](https://malcure.com/blog/security/why-do-wordpress-websites-get-hacked/).

= Google Safe Browsing site status (or some other scanner) still shows my site as infected. What should I do? =

First make sure you purge your site cache. Second, Google (and other scanners) cache the results for some time. You'll need to force or refresh the scan. You can also file a request with us to [get your site off any blacklists](https://malcure.com/?p=107).

= I found a suspicious file, what now? =

If Malcure flags it, it's likely malicious. You can inspect the file content using our built-in inspector. If you're unsure, consider our [Expert Malware Removal Service](https://malcure.com/?p=107).

== Screenshots ==

1. Start a scan in one click. Simple.
2. Scan in progress, detecting malware.
3. Finds Hidden Database Malware others miss.
4. Real-time Monitoring.
5. Event Log showing security-relevant site activity (updates and actions).
6. Scan filters to help narrow results by type and severity.
7. File Inspector to review suspicious or infected files.
8. Scan Log / activity history to track what ran and when.
9. Hardening settings and firewall rules.
10. Running scans via WP-CLI.
11. Reviewing scan results via WP-CLI.

== Changelog ==

= 19.9.5 =
* Bugfix: Fixed scanner not auto-updating definitions before scans.
* Feature: Email notification preferences.

= 19.9.4.1 =
* Bugfix: Fixed fatal javascript error.

= 19.9.4 =
* Feature: User Account Audit results in scans.
* Feature: SaaS-Served File Whitelist.
* Improvement: Enhanced Event Logging.
* Improvement: First-run UX performance optimisation.
* Bugfix: Some UI elements were not styled correctly under certain conditions.
* Bugfix: Cleaned results would not reflect in Stateful scanner.

= 19.9.3 =
* Improvement: Stateful scanner now self-heals its monitor cron if WordPress cron is lost (e.g. after a server reboot).

= 19.9.2 =
* Hardening: Strengthens scan input validation and database-query sanitisation for safer scans.
* Stability: Improves runtime handling and diagnostics reliability during scans.

= 19.9.1 =
* Bugfix: Smaller files were being ignored during monitoring / scheduled scans.
* Improvement: Improved `wp malcure sync --mcforce` feedback and live definitions refresh behavior.
* Stability: More reliable definitions updates across admin and WP-CLI workflows.
* UX: Clearer manual definitions update errors in the admin UI.
* Feature: Added WP-CLI definitions export and import commands for moving definitions between environments.
* Feature: Added `wp malcure refresh-checksums` for on-demand official core, plugin, and theme checksum refresh.
* Feature: Added `wp malcure start-async-scan`, `cancel-async-scan`, and `status-async-scan`, with text and JSON status output.
* Improvement: CLI commands are properly documented.

= 19.9 =
* Feature: Malware definitions are now checked hourly for faster threat-intelligence updates.
* Stability: Reduced unnecessary SaaS requests with smarter local freshness checks before contacting the API.
* Improvement: Admin and WP-CLI now use the same definitions-check flow and record the last successful definitions check for more consistent refresh behavior.
* Improvement: Diagnostics now flag MySQL settings that can interrupt large definition updates and database scans.

= 19.8 =
* Bugfix: Scheduled scanning wouldn't ignore whitelisted items.
* Several UI fixes.

= 19.7 =
* Major Bugfix: In certain conditions unknown files inside core directories were never reported.
* Bugfix: Fixed styles for Monitoring UI.

= 19.6 =
* Fixed issues not clearing when initializing scan.
* Fixed low confidence issues being saved.
* Fixed database issues not being saved.
* Fixed compatibility testing transients.
* Minor UI improvements.
* Updated readme with respect to recent features, functionality and updates.

= 19.5 =
* New: Clearer admin UI labeling.
* Bugfix: Styles not loading on Scan Scheduler page.
* Stability: Several other stability fixes.

= 19.4 =
* Major Bugfix: Fatal error during auto-upgrade.
* Updated readme.

= 19.3 =
* Major Bugfix: The very initial database record was never scanned.
* Feature: New DB-record inspection + (Advanced Edition) DB-record whitelisting.
* Improvement: Smart Checksum Refresh — Updates only modified components during upgrades for faster performance.
* Major: Checksum system overhaul: more robust payload handling, better core vs non-core validation, and automatic checksum refresh after WP/plugin/theme upgrades.

= 19.2 =
* Feature: Major performance optimization for checksums.
* Feature: Enhanced SaaS API integration with signature verification.
* Feature: Compatibility check for plugin version.
* UX: Improved license validation and error messages.
* UX: Better handling of database vs file infections in UI.

= 19.1 =
* Feature: Introducing enhanced cleanup operations.

= 19.0 =
* Bugfix: Enhanced detection of suspicious empty files in core directories.

== Upgrade Notice ==

= 19.9.5 =
* Bugfix: Fixed scanner not auto-updating definitions before scans.
* Feature: Email notification preferences.

= 19.9.4.1 =
* Bugfix: Fixed fatal javascript error.

= 19.9.4 =
* Feature: User Account Audit results in scans.
* Feature: SaaS-Served File Whitelist.
* Improvement: Enhanced Event Logging.
* Improvement: First-run UX performance optimisation.
* Bugfix: Some UI elements were not styled correctly under certain conditions.
* Bugfix: Cleaned results would not reflect in Stateful scanner.

= 19.9.3 =
* Improvement: Stateful scanner now self-heals its monitor cron if WordPress cron is lost (e.g. after a server reboot).

= 19.9.2 =
* Hardening: Strengthens scan input validation and database-query sanitisation for safer scans.
* Stability: Improves runtime handling and diagnostics reliability during scans.

= 19.9.1 =
* Bugfix: Smaller files were being ignored during monitoring / scheduled scans.
* Improvement: Improved `wp malcure sync --mcforce` feedback and live definitions refresh behavior.
* Stability: More reliable definitions updates across admin and WP-CLI workflows.
* UX: Clearer manual definitions update errors in the admin UI.
* Feature: Added WP-CLI definitions export and import commands for moving definitions between environments.
* Feature: Added `wp malcure refresh-checksums` for on-demand official core, plugin, and theme checksum refresh.
* Feature: Added `wp malcure start-async-scan`, `cancel-async-scan`, and `status-async-scan`, with text and JSON status output.
* Improvement: CLI commands are properly documented.

= 19.9 =
* Feature: Malware definitions are now checked hourly for faster threat-intelligence updates.
* Stability: Reduced unnecessary SaaS requests with smarter local freshness checks before contacting the API.
* Improvement: Admin and WP-CLI now use the same definitions-check flow and record the last successful definitions check for more consistent refresh behavior.
* Improvement: Diagnostics now flag MySQL settings that can interrupt large definition updates and database scans.

= 19.8 =
* Bugfix: Scheduled scanning wouldn't ignore whitelisted items.
* Several UI fixes.

= 19.7 =
* Major Bugfix: In certain conditions unknown files inside core directories were never reported.
* Bugfix: Fixed styles for Monitoring UI.

= 19.6 =
* Fixed issues not clearing when initializing scan.
* Fixed low confidence issues being saved.
* Fixed database issues not being saved.
* Fixed compatibility testing transients.
* Minor UI improvements.
* Updated readme with respect to recent features, functionality and updates.

= 19.5 =
* New: Clearer admin UI labeling.
* Bugfix: Styles not loading on Scan Scheduler page.
* Stability: Several other stability fixes.

= 19.4 =
* Major Bugfix: Fatal error during auto-upgrade.
* Updated readme.

= 19.3 =
* Major Bugfix: The very initial database record was never scanned.
* Feature: New DB-record inspection + (Advanced Edition) DB-record whitelisting.
* Improvement: Smart Checksum Refresh — Updates only modified components during upgrades for faster performance.
* Major: Checksum system overhaul: more robust payload handling, better core vs non-core validation, and automatic checksum refresh after WP/plugin/theme upgrades.

= 19.2 =
* Feature: Major performance optimization for checksums.
* Feature: Enhanced SaaS API integration with signature verification.
* Feature: Compatibility check for plugin version.
* UX: Improved license validation and error messages.
* UX: Better handling of database vs file infections in UI.

= 19.1 =
* Feature: Introducing enhanced cleanup operations.

= 19.0 =
* Bugfix: Enhanced detection of suspicious empty files in core directories.
