The CleanTalk Malware Scanner for WordPress


The Malware Scanner (short for Malicious Software Scanner) is a tool of the CleanTalk Security Plugin.

It will check all your website files and show you what files were changed, deleted or added. It could be used to find a code of viruses, worms, Trojans, ransomware, spyware, adware, scareware and other malicious programs.


Please, follow this guide to install the CleanTalk Security Plugin to be able to use the Malware Scanner:


After the Security Plugin installation, go to the WordPress Admin Page —> Settings —> Security by CleanTalk —> "Malware Scanner" tab —> Perform Scan.

Security Malware scanner


Give the Scanner some time to check all necessary files on your website.

Upon finishing the scan you will see the results in 6 different categories:

  • Unknown (Unknown executable files spotted in the system. These files don't come with WordPress by default. It could be anything.)
  • Compromised (Modified executable files of the system.)
  • Critical (Modified executable files of the system with very dangerous functions — 99,5% that this is malware!)
  • Dangerous (Modified executable files of the system with dangerous functions that could harm your website.)
  • Suspicious (Modified executable files of the system with suspicious function names. WordPress does NOT use such functions.)
  • Outbound links (Outbound links from your website. Recommend to scan all of the found files to make sure the website is secure.)


Each category will contain the list of files, if any, that require your attention. Click the category name to open it.

When you decide what to do with the found files, click the blue button "Security Control Panel" near the "Malware Scanner" tab to go to your CleanTalk Security Dashboard.

Malware scan results


Then go to Log —> Malware Scans Log.

Malware scans log


On your Malware Scans Log page you will see the list of all scans that were performed for your website.

  • If the scanner found something then the column "Result" will be showing FAILED line.
  • If the scanner didn't find any new, deleted or changed files then the column "Result" will be showing PASSED line.

Click "Details" button to see what files were found.

Malware scans log


The CleanTalk Cloud saves the list of the found files for you to know where to look them for.

Malware scan details



Outbound Links Scanner


This option allows you to know the number of outgoing links in your website and website addresses they are leading to. All websites will be checked through the CleanTalk Database and you will see the results if they were used as links in spam messages.

To enable this option, please, do the following:

  1. Go to your WordPress Administrator Panel —> Settings —> Security by CleanTalk.
  2. Go to the tab "General Settings".
  3. Enable the option "Scan links" and click the button "Save Changes".


Malwware scan options



Heuristic Check


This option allows you to check plugins and themes files with heuristic analysis. Probably it will find more than you expect.

The core files are files that go with WordPress archive. Any other PHP files in WordPress directory (except /wp-content/) are unknown and should be properly scanned. Even if we found something in these files they will also be shown in the "Unknown" category so that you would be aware that they came from third-parties.

Every file in /wp-content/* will be checked heuristically. This check could find many interesting stuff. If you see there are too many finds, don't panic, it shows you only possible weak spots.

Heuristic analyses the code by simplifying it and looking for suspicious functions and constructs that are usually used by hackers. For example eval construct [ ] and many other suspicious stuff.



Scanning For SQL Injections


What is an SQL injection?

This is an attack on database that gives access to the intruder to perform some actions that were not planned by the script creator.

SQL injection is one of the most accessible ways to hack a website. Using it, hackers "read" the content of any tables, delete, modify or add information to the database, overwrite the content of local files and give commands to execute arbitrary actions. In other words, they completely intercept the management of the attacked site. The essence of such injections is introduction of arbitrary SQL code into data (transmitted via GET, POST requests or Cookie values). If a website is vulnerable and performs such injections, then in fact there is an opportunity to create anything from the database (most often it's MySQL).

The CleanTalk Malware Scanner allows you to find such code of SQL injections. It is the problem that the scanner solves.



Security Dashboard button



Perhaps it would also be interesting