Deep Malware Cleaner

Deep Malware Cleaner is a lightweight deep malware scanner built for WordPress. It performs a thorough deep cleanup scan of your wp-content directory, detects backdoors, cleans injected site scripts, fixes redirect hacks, and triggers malware auto-purge — all from your WordPress admin dashboard with no external service, no subscription, and no data ever leaving your server.

Whether you’re dealing with a live attack, a hidden backdoor, or a redirect hack silently sending visitors to malicious sites, Deep Malware Cleaner gives you the tools to scan, alert, and act — fast.

Core Capabilities

Deep Cleanup Scan Walks your entire wp-content directory, inspecting PHP files plus the client-side formats most often used to deliver malware — JavaScript, HTML, SVG, and .htaccess — for known signatures, obfuscated code, and injected payloads. Results are sorted by severity so the worst threats surface first.

Pre-Install Upload Guard Scans plugins, themes, and risky media uploads (.php, .svg, .html, .js, .htaccess) in their temporary directory before WordPress moves them into place. If malware is detected the install or upload is aborted and an error is shown — stopping a compromised package before it ever touches your site. Can be toggled in Settings.

Database Scanner Inspects the most-targeted database tables — options, posts, comments, and post meta — for injected scripts, hidden iframes, and encoded payloads, using keyset pagination and a time budget so it stays safe on a live site.

Backdoor Fixer Detects PHP backdoors uploaded through vulnerable plugins or themes — including webshells, remote-execution scripts, and hidden PHP files inside the uploads folder where no PHP should ever exist.

Site Script Cleaner Identifies injected JavaScript and malicious <script> tags, hidden iframes, and obfuscated code blocks embedded in your theme or plugin files.

Redirect Hack Fix Flags the PHP patterns most commonly responsible for redirect hacks — including header() injection, variable-based shell execution, and compressed payload backdoors used to silently redirect visitors to attack sites.

Malware Auto-Purge Remove confirmed threats directly from the scan results screen without touching FTP or cPanel. Quarantine or delete flagged files in one click.

Login Protection Hardens your WordPress login against brute-force attacks and unauthorized access attempts — an essential layer of website protection alongside active scanning.

Instant Alerts Get notified the moment a scan finds a threat. Real-time alerts keep you informed so you can respond before an attack escalates.

What the Scanner Detects

• eval(base64_decode(…)) — the most widespread PHP malware obfuscation and attack vector.
• eval(gzinflate(…)) / eval(gzuncompress(…)) — compressed-payload backdoors.
• eval(str_rot13(…)) — rotation-cipher obfuscated malware.
• Shell execution with dynamic arguments — shell_exec, passthru, proc_open, popen, and system called with a variable, a classic attack pattern for remote code execution.
• Hidden iframes — <iframe> elements injected with display:none used to load malicious content invisibly.
• Long base64 strings — unusually large base64 blobs embedded in PHP, a common technique for hiding large attack payloads.
• Obfuscated JavaScript — eval(atob(...)) payload pairs and javascript-obfuscator (_0x hex identifier) fingerprints in JS, HTML, and SVG files.
• PHP files inside the uploads directory — any .php file in wp-content/uploads/ is flagged High severity; legitimate uploads are never PHP files.

Key Features

• Lightweight deep malware scanner — reads only the first 64 KB of each file and runs under a strict time budget, so it stays fast and safe on shared hosting.
• On-demand and scheduled scans — run manually with Start Scan, plus an optional automatic daily scan with email alerts.
• Deep Cleaner dashboard — at-a-glance stats: threats found, files scanned, time since last scan.
• Website Security & Website Protection — comprehensive coverage against the most common WordPress attack types.
• Troubleshoot mode — detailed per-file reporting to help you understand exactly what was found and why it was flagged.
• Secure login hardening included.
• All scan history stored in your own database — nothing leaves your server.
• No account, no API key, no external requests.
• Translatable — all strings are internationalised and ready for translation via WordPress.org.

Who Is This For?

• Site owners who received a “this site may be hacked” alert from Google.
• Developers who need to troubleshoot a suspected redirect hack or injected script.
• Agencies that manage multiple WordPress sites and need a fast, lightweight scanner with no SaaS dependency.
• Anyone who wants ongoing website security and website protection without a monthly fee.

Privacy

This plugin makes zero external HTTP requests. No data is sent to any third-party server. Scan results are stored only in your own WordPress database and are removed when you uninstall the plugin (if that option is enabled in Settings).