plugin-icon

VulnTitan – Malware Scanner, Vulnerability Scanner & Security

Von Jaroslav Svetlik·
VulnTitan security toolkit for WordPress sites. Detect and remove malware, vulnerable plugins, risky file changes, and comment or form spam.
malware removal
malware scanner
vulnerability scanner
Bewertungen
5
Version
2.1.16
Aktive Installationen
10
Zuletzt aktualisiert
Mar 25, 2026
VulnTitan – Malware Scanner, Vulnerability Scanner & Security

VulnTitan is a WordPress security plugin focused on malware scanning and removal, vulnerability detection, file integrity monitoring, firewall protection, and anti-spam controls for comments and supported forms.

Instantly scan your WordPress site for malware infections and known vulnerabilities, review detailed results, and clean or remove malware safely using a guided fix workflow with automatic backups.

VulnTitan focuses on practical protection: vulnerability detection, malware scanning and removal, file integrity monitoring, firewall protection, anti-spam defense for comments and supported forms, hidden custom login access, and a weekly executive security digest every 7 days.

Malware Scanner

The WordPress malware scanner inspects your site files for suspicious code patterns and known malicious signatures.

  • Detect malware infections in core, plugins, and themes
  • Review problematic files with contextual code preview
  • Safe-fix workflow with automatic backups
  • Clear severity indicators and actionable recommendations

Vulnerability Scanner

The vulnerability scanner checks your installed WordPress core, plugins, and themes against a real-time vulnerability database powered by the VulnTitan API.

  • Detect vulnerable plugins and themes
  • Identify outdated components with known security risks
  • Real-time vulnerability intelligence
  • Clear risk explanations and remediation guidance

File Integrity Scanner

Monitor unauthorized file changes and unexpected modifications.

  • Baseline comparison for WordPress files
  • Queue-based processing for performance safety
  • Visual status legends for fast review
  • Actionable next steps for suspicious changes

Firewall, Login, Comment & Form Protection

VulnTitan includes firewall, WAF, login protection, and anti-spam controls to block common attack patterns and protect WordPress login, comment, and supported form submission surfaces.

  • Early MU-plugin runtime request guards
  • SQL injection (SQLi) payload protection
  • Command injection detection
  • Suspicious path traversal blocking
  • Endpoint whitelisting controls
  • Login lockout protection against brute-force attacks
  • TOTP-based two-factor authentication for selected roles
  • Recovery codes and trusted-device support for enrolled accounts
  • CAPTCHA protection for login, registration, lost-password, and optional comment forms
  • XML-RPC allow, disable, or rate-limit policy controls with IP allowlisting
  • Weak-password blocking during profile updates, password resets, and compatible registrations
  • Comment Shield with honeypot, submit-time validation, duplicate detection, guest link limits, and IP rate limiting
  • Form Shield for Contact Form 7 and Fluent Forms with honeypot, signed submit tokens, link heuristics, repeated-domain detection, and IP rate limiting
  • Form spam blocks are logged into the WAF/live feed with provider-aware source labels for easier review
  • Suspicious comments can be held for moderation or blocked immediately
  • Configurable custom login slug so administrators can use a private login URL instead of the default wp-login.php
  • Default wp-login.php and guest wp-admin access can be hidden behind a 404 response when custom login is enabled
  • Weekly executive security report email with 7-day firewall, login abuse, WAF, and comment spam statistics

Security-First Architecture

  • Secure storage and cleanup of scan queues and logs
  • Hardened backup handling outside ABSPATH by default
  • Adaptive performance tuning for safe large-site scanning

WP-CLI Support

VulnTitan supports WP-CLI commands for malware, integrity, and vulnerability scans so administrators can run checks from the terminal, scripts, or server automation.

  • wp vulntitan scan malware
  • wp vulntitan scan integrity
  • wp vulntitan scan vulnerability
  • wp vulntitan scan all
  • Optional flags: --scope=plugins, --format=json, --fail-on-findings

External services

This plugin connects to an external API at https://vulntitan.com/api/vulnerabilities to fetch up-to-date vulnerability data for WordPress core, plugins, and themes. This data is essential for detecting known vulnerabilities during scan operations.

When a vulnerability scan is performed, the following data is sent to the VulnTitan API: – The slug and version of each plugin – The slug and version of each theme – The WordPress core version

This data is transmitted only during scans initiated by the user or by scheduled scan settings. No personal, user-identifying, or sensitive site data is collected, transmitted, or stored.

The external service is provided and operated by VulnTitan.com.

  • Terms of Service: https://vulntitan.com/terms
  • Privacy Policy: https://vulntitan.com/privacy
Kostenlosmit kostenpflichtigen Tarifen
Jetzt starten
Mit deiner Installation stimmst du den Geschäftsbedingungen von WordPress.com sowie den Bedingungen für Drittanbieter-Plugins zu.
Getestet bis
WordPress 6.9.4
Dieses Plugin steht für deine -Website zum Download zur Verfügung.
Herunterladen