WebDefender Security – Protection & AntiSpam


A Professional Security Protection Plugin for WP

The WebDefender was developed by a team of security experts and it incorporates professional security tools for the best all around WordPress website protection and prevention of threats. Includes GDPR compline module.

  • Smart Protection / Website Hide Function (Prevent Hacker Attack / Security) / Anti-Spam Protection / Brute Force Bot Attack Prevention / Smart Firewall
  • Detection / Antivirus Scanner / Database Malware / Adware, Spyware, Spam Links
  • Diagnostic / Vulnerabilities Detection / Blacklist Monitoring
  • Built-in Malware Removal Tool / Security Cleaning Tool
  • Security Hardening / Hosting Hardening Check / Automatic Updating Function
  • GDPR Tools / GDPR Compliance Function

All of these solution make the WebDefender one of the best all around security protection tools for your WordPress resource.

The WebDefender offers the following tools and protection measures

Primary Protection Function

Website Hide function that hides your WP site from crawlers spiders and bots.

  • Hides website from bots, hides the core WP website components, plugins and themes.
  • Fully automatic encryption of your website components.
  • Coding website without use of the .htaccess file.
  • One click installation.

Security Protection Functions

  • Smart Firewall that detects and blocks bot traffic. This is a perfect and powerful prevention tool.
  • Anti-Bot Protection – Monitors web traffic, filters out, and blocks bad bot traffic to a website.
  • Anti-SPAM Protection – Automatic detection of all comments insert by bots and their filtration.
  • Brute Force Bot Attack Prevention – Bots detection system to prevent attempts to crack a password (login security).

Antivirus Security Scanner

  • A professional Antivirus Scanner that will scan your website from external threats. Designed to detect adware and malware, backdoors, exploits, phishing code, trojans and viruses, include built-in malware removal tool.
  • Database Malware Scanning – A unique ability of our algorithm is scanning the website’s database. This function crucial as more and more hackers use SQL injection to infect the websites with malware.
  • Adware, Spyware and SPAM links detection – Protect you website from attached code attacks.
  • Vulnerabilities Detection – Plugins and themes security vulnerabilities, SQL, XSS injections, vulnerable and insecure scripts.
  • Blacklist Monitoring – Check your website reputation.

Security Hardening

  • Updater – an automatic functional tool for updating your WordPress Core versions, plugins and themes.
  • Hardening – Detect the hosting configuration security parameter.

Malware Removal Tool

Built-in file viewer and editor is an easy to use security cleaning tool for the removal of infected codes or its part depending on the type of infection.

GDPR Compliance Features

  • GDPR Consent management
  • Cookies and data collection privacy management
  • User data management
  • Privacy information should we provide to user
  • Personal data breaches

Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by May 25, 2018. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.

Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.

This plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR.

NOTE: Installing this plugin does not guarantee a full compliment with the GDPR. Please contact a GDPR consultant or a law firm to assess the necessary measures.

Technical Description

Hide Function – Perfect Security and Protection solution

A passive security mechanism for hack protection against crawlers spiders and bots. A fullprof function – one click and your website will become hidden from bots.

The Hider algorithm encrypts all layers of a website, thus hiding it from hackers by making existing vulnerabilities and other security risks invisible when searched and does not require manual configuration. Our encoding algorithm does not use the .htaccess file therefore there is no disruption to the operation of your website. This function will make your WordPress website totally invisible! A crucial step in improving your website security.

Smart Protection

A web application firewall filters, monitors, and blocks bad bot traffic to a website. It is deployed in “front” of a website and analyzes traffic – detecting and blocking anything malicious.


WebDefender includes a unique automatic algorithm for diagnosing the text entered on your website (forum, forms, comments and etc,) where made by a human or a bot. Bots won’t be allowed to enter text on your website. This is a unique algorithm, providing a unique solution to our clients.
The crisis is a time when almost every site is faced with a flurry of unwanted emails from reverse forms, posts and comments. Robots literally attack corporate e-mails, because of which sometimes valuable applications can be missed. But putting a captcha on the site you risk losing customer loyalty, as poorly readable images annoy 90% of users. Therefore, we offer a solution developed by WEbdefender specialists to protect the site from spam robots .

Brute Force Attack Protection

Hackers frequently use automatic bot systems to Brute force a website. Our algorithm detects those bots and prevents attempts of a password crack.

The “WebDefender” Antivirus Scanner

The builtin professional and multi-functional antivirus scanner offers top of the line security features and advanced functions for viruses and vulnerabilities detection. The scanner incorporates a user friendly malware removal tool. The diagnostic is performed by using a known database of virus signatures as well as Cobweb-Security’s Heuristic algorithm that can detected previously unknown virus signatures and zero-day vulnerabilities thus providing enterprise-level security capabilities.

WebDefender Antivirus Features

  • Virus and malware antivirus scanner
  • Database security scanning (exclusive function)
  • ZIP file scanning (exclusive function)
  • Adware, Spyware and SPAM links detection
  • Powerful and easy to use malware removal tool
  • Security hardening analytics and recommendations
  • Real-time malware signature updates (Professional or Premium)
  • Scanner scheduler’s settings (Professional or Premium)

Database Malware Scanning

An unique ability of our algorithm is scanning the website’s database. This function crucial as more and more hackers use SQL injection to infect the websites with malware.

Adware, Spyware and SPAM links detection

The WebDefender Scanner successfully detects:

  • SEO & SPAM links
  • Doorway pages (SEO)
  • iFrame injections
  • Black-hat SEO infections

Vulnerabilities Detection

One of the most important parts of your website security and protection is a well-timed analysis for plugin, CMS and database vulnerabilities. These security vulnerabilities are an easy way for a hacker to crawl into your website. That’s why a well-timed diagnosis and update are vital for hardening the protection of the website.

Our security scanner is able to find:

  • Plugins and themes vulnerabilities
  • SQL, XSS malicious injections

Blacklist Monitoring

The WebDefenders’ Blacklist Monitoring scanner checks IP addresses and website domains in the 10 most popular security blacklists and safe browsing databases.

Real-time Blacklists or Blackhole lists – also called DNS-based Blackhole Lists – are lists of IP addresses published through DNS. Often there are listed computers or networks that may spam or consist malware in such lists. Many secure corporate mail servers are configured to reject or flag messages which have been sent from IP addresses listed in one of these security blacklists.

Leading email systems like Gmail, Yahoo and Hotmail also use security blacklists to filter emails by addresses. If your network’s IP addresses end up in a blacklist, you and your customers can experience problems sending and receiving emails. It can significantly damage your business.

WebDefender Blacklist Monitoring scanner will automatically alert you if your website addresses or domains become listed in any of the widely used URL blacklists.

The Updater – WP Core, plugin and theme automatic update

The importance of using the latest updated version of the WP core, plugins and themes is understandable to everyone and not only for the increase in functionality but in no small degree for the security of the website.

To make it easier to keep track of update releases for WordPress Core, plugins and themes and installing them automatically, CobWeb-Security has introduced the Security Updater to the functionality of the WebDefender plugin.

The Updater will enable you to keep track of:

  • WordPress Core Updates
  • WordPress Plugin Updates
  • WordPress Theme Updates

The Updater has three separate blocks for managing themes, plugins, and WordPress core settings.

You can choose to update only individual plugins or themes or you can choose to update all of the installed themes and plugins. The Updater will also mark with different colors the importance of an update ( red to green)

Security Hardening

This function detects the hosting configuration security parameters.

Malware Removal Tool, Powerful & Easy To Use

The WebDefender Security Scanner will not only help you find all of the viruses and malicious code on your website but we will also help you remove the malware easily. Our built-in file viewer and editor is an easy to use security cleaning tool for the removal of infected codes or its part depending on the type of infection. The cleaning process is fairly simple, but it requires some knowledge in coding.

Preparing you website for the General Data Protection Regulation (GDPR)

This extension for our security plugin helps the website owner or company Data Protection Officer (DPO), Controller, Data Processor employees to fit the web application with the obligations and rights enacted under the GDPR requirement.

Professional Upgrade

Enhance the security of your website with our Professional upgrade. The Professional package will provide our clients with these additional features:

  1. FireWall:
    • Real-time firewall rules updates
    • Real-time IP Blacklists
  2. Hide Function:
    • New mask codes for updating the Hide function online
  3. Scanner:
    • Real-time malware signature updates
    • Scanner scheduler settings (Professional or Premium)

Premium Program

We also offer a Professional WebDefender key that will give you:

  • Scanner scheduler’s settings
  • Upgrade to Premium support
  • Database malware scan (WebDefender exclusive function)
  • Scanner report export function

A 100% protection – your website’s security in our hands. Our team will monitor your website online 24/7, in case of a hacker attack or malware injection, we will clean and repair you website.

You can click here to sign-up for WebDefender Professional or Premium now.

Cookies set by the Plugin and WordPress

This plugin keeps track of user consent by saving them to the database. We can only do that for logged in users. For visitors, however, we track their concent by creating a cookie and storing their preferences there. The same logic applies for cookies. We set a cookie named gdpr that stores that information.

WordPress also stores cookies on log in or commenting on a post. You can learn more about WordPress cookies here


  • WordPress version 2.8 or higher
  • PHP version 4.1.0 or higher

Final Notes


  • WebDefender Security Dashboard Control Panel
  • WebDefender Security Scanner Page
  • Blacklist Monitoring (Web Trust Check)
  • Security Hardening Analytics & Recommendations
  • Antivirus Scanner & Scheduler Settings Page
  • GDPR Dashboard Control Panel


To install the plugin and get it working:

  1. Login into your WordPress administration panel
  2. Navigate to Plugins option in WordPress navigation menu, and select Add New
  3. Please type WebDefender in the Search Plugins box (or upload plugin to the /wp-content/plugins/ directory)
  4. Select Install Now and than choose to Activate the plugin (or activate the plugin through the Plugins menu in WordPress)
  5. Navigate to WebDefender Security option in the navigation menu, and click Start Scan button
  6. During the registration, plugin securely sends the data to company’s server: name, email and website’s domain.


Is the WebDefender Security free to use?

Yes, WebDefender is completely free to use. If you need to enable additional features, Professional or Premium plans are available.

Is the WebDefender plugin secure?

No sensitive data is sent to our servers. However, during the initial registration, the plugin securely sends encrypted data to the company’s server: your name, email address and website’s domain.

Will the WebDefender Security protect my site from being hacked?

Yes. The WebDefender is the complete package. It incorporates all the main security elements needed to protect your website: a passive WAF, an antivirus scanner and an automatic Updater of the sites’ elements.

Will the plugin impact the performance of my website?

No, it will not. We’ve performed extensive tests and the plugin had no visible effect on the performance of websites.

Does the scanner stores logs in my websites’ database?

No, it does not. Unlike most scanners we store our logs as text files which has no effect on the speed of a website.

Are there any issues installing this plugin on any hosts?

Not that we are aware of. After thousands of installations we have yet to experience issues with installing the plugin. However, we are constantly modifying our plugin introducing new and improving on existing features, so if you experiencing trouble installing please contact us at cwis@cobweb-security.com


16 Luulyo, 2021
Annoying advertising and SCAM. Not trustworthy.
3 Maajo, 2020 2 replies
couple of years ago i tried their plugin and made a huge mistake i gave them and payed with credit card more then 4 years every year twice or more they try to charge me althouge i tried to contact them in every way there is and didnt get answers or any responce scammers!!!! becarfull!!!!
4 Abriil, 2020 1 reply
This plugin does not nothing unless you buy it, near $100 bucks a year. Another liar claiming free. It’s only a 30 day trial and you must sign up now to even scan anything much less detection and removal. Too bad there is no zero rating.
7 Febraayo, 2020
Thank you for providing this plugin. With Smart Protection > Anti-Bot, Anti-Spam, and Brute Force Protection enabled spam has dropped by about 95% across dozens of sites. Better results than any other plugin I’ve tried (and I’ve tried many). I’m amazed this plugin doesn’t have a million active installations. Best kept secret on WordPress. *Note, be careful with the hide function – it’s a nice feature but can cause problems on some sites and is not necessary if all you want is the anti-spam functions.
5 Maarso, 2020
Amazing Plugin, it’s really worth having. I always use it against malwares 🙂
Akhri dhammaan 18 dibu-eegis

Ka-qaybgalayaasha & Horumariyayaasha

“WebDefender Security – Protection & AntiSpam” waa softiweer il furan. Dadka soo socda ayaa wax ku biiriyay kaabahan.



  • Fixed issue with dropdown menu after license key entering (or credentials for free license)

  • Plugin core rewriting
  • Design optimization
  • Bugfix: fixed small functionality issues
  • Fixed issue with ipv6 IPs processing

  • Bugfix: fixed bug of registration of Trial version

  • Updated Angular lib
  • Bugfix: interface
  • Change Plugin working method – work only after customer registration
  • Bugfix: fixed bugs of registration of Trial version

  • Set autostart enabled by default

  • Aded Multiple files actions on Scan Results screen
  • Files in quarantine are excluded from scanning Results
  • Updated Signatures file
  • Updated jQuery to latest version
  • Updated Angular lib
  • Bugfix: after deleting a file to quarantine, the information in the results is not updated
  • Bugfix: in file quarantine: to restore the file, you need to click the restore button several times
  • Bugfix: crash and stop when scanning
  • Bugfix: with the number of files in the menu on the left of the scan results page
  • Bugfix: bug in file quarantine: file editor did not open
  • Bugfix: some files could not be restored from quarantine

  • PHP 8 compatibility bug fixed


  • Update versions PHP8


  • Added a set of new anti-virus signatures


  • Added a set of new anti-virus signatures

  • Malware signature and vulnerabilities list updates


  • New security vulnerabilities in WordPress plugins

  • Improved encoding of executable files pathnames
  • New malware signatures (obfuscated loader and backdoor)


  • Added new signatures of backdoor PHP webshells
  • The list of known vulnerabilities has been updated

  • Fixed an issue with License Key client-side manager

  • Issues with delayed loading of the Defender Settings


  • Added a new option IP Filter (Whitelist & Blacklist)

  • Option to export or save the user data in PDF format
  • GDPR cookies and data collection privacy management


  • General Data Protection Regulation (GDPR) features


  • JSON API capabilities are no longer removed
  • A modified Base64-variant only with URL-safe chars
  • Fixed issues with invalid JSON server responses

  • Fixed an issue with the temporary files directory
  • Optimized list of known plugins vulnerabilities


  • Added REST Nonce (beta feature, used in SaaS Dashboard)


  • The email address setting is now auto-synchronized


  • WebDefender Security status dashboard widget added

  • Added new signatures of backdoor trojan files
  • Updated list of known WP-plugins vulnerabilities
  • Minor improvements in Guarder URL Convertor


  • Added a separate option “Anti-Bot Protection”
  • Improved scan results editor, minor bug fixes


  • Dedicated page “Smart Protection” with settings and statistics
  • A new scanner setting “Check PHP-files for potential security vulnerabilities using static code analysis”
  • New malware signatures (webshells and viruses)


  • Added a new tool called Log File Viewer
  • URL encoder regex performance optimizations

  • Support for external URLs in Guarder URL Convertor


  • Prevented infinite recursion in the vulnerability scanner

  • Website anti-bot protection improvements


  • Enhanced Brute Force Login protection


  • New results category “Potentially vulnerable” contains the potentially vulnerable PHP code
  • Malware signatures and scan speed optimizations


  • Fixed an issue with child themes protection
  • Antivirus Scanner performance improvements
  • Fixed compatibility issues with some cache plugins

  • Improved support for relative CSS/JS paths
  • Updated list of known WP & plugins vulnerabilities


  • Caching WP plugins and themes autoupdate settings
  • Translate provider fix (default language set to ‘en’)
  • Popular social networks added to URL ignore list

  • Fixed compatibility issues with plugin JCH Optimize Pro
  • Anti-bot cross-browser compatibility and caching issues


  • Added anti-bot protection, based on user behavior analysis


  • Fixed recursive pathnames encoding (issue with the WP Rocket)
  • Updated list of known WordPress plugins vulnerabilities


Release Date – 31st January, 2018

  • Integrations with the CobWeb Security Defender and rebranding

  • Improved detection of some backdoor signatures

  • New malware signatures (installers, trojans and viruses)


  • The Professional Features panel is added to the dashboard

  • New malware signatures and known vulnerabilities

  • CPU benchmarking dynamic correction improved


  • Cached AJAX responses: improvements and bug fixes
  • New setting “File extensions to exclude from scanning”

  • New signatures detects Monero (XMR) CPU miner
  • Updated list of known WordPress plugins vulnerabilities

  • New malware signatures (total 4248 so far)

  • Fixed a weird bug with dropdown translations mechanism


  • New logo for CobWeb Security, improvements in sitecheck’s module
  • Setting “Custom Path” now can be switched between two modes


Release Date – 16th August, 2017

  • CWIS Antivirus Plugin Celebrates Its One Year Anniversary!
  • Improved database scan with large MySQL tables and with PHP memory limited size
  • Minor improvements to the email reports

  • Support for automatic background updates of all types (including configuration via wp-config.php file)


  • Improved scan algorithm with memory limited size
  • Reduced server load during intensive scanning


  • A new security hardening feature “CWIS Updater” (navigate to Settings option in WordPress navigation menu)


  • Scan results filtering feature with regex support
  • Fixed issue with binary files content filtering


  • Into file viewer added support for database browsing
  • File viewer automatically highlights the marker line on content load
  • Added menu item into the WordPress Admin bar


  • Major improvements to the email reports

  • Minor improvements and bug fixes
  • The list of known vulnerabilities is up-to-date


  • Maintenance release, new malware signatures

  • Vulnerabilities and URL ignore list updates

  • Added the “Quarantine Manager” tool with description
  • Enabled option to restore quarantined files


  • New dashboard element: “Scanner Feature Status”
  • Scan-level limits were removed from the Free version


  • New PHP webshells signatures (total 3937 so far)
  • Vulnerabilities and URL ignore list optimizations


  • Security and maintenance release

  • Client side user interface improvements

  • Database scanner now uses the list of detected CMS
  • Try new dashboard’s “Extra Options” to find out more…


  • New features of the Task Scheduler Manager
  • Improved white list management via AngularJS


  • Now using a local whitelist (useful for manual checking)
  • Fixed portability issues with ctype_xdigit and iconv


  • Updated list of known vulnerabilities
  • Removed deprecated result keys and methods

  • Compatability issues fix (path query in socket requests)
  • New defacement signatures (total 3915 so far)

  • Cronjob Scheduler and Site Check code optimizations
  • The scan path displayed during the scanning process


  • Maintenance release (total 3871 signatures)
  • Improvements in WordPress & CMS plugins detectors

  • New WordPress plugin vulnerabilities
  • SSL check results added to the dashboard


  • New malware and viruses signatures (total 3811 so far)
  • Speed optimizations of built-in cron job scheduler

  • Added MxToolBox’s blacklist lookup results
  • SSL Certificate check, HTTP status and load time

  • Fixed scanner stability issues on some busy/shared servers
  • Max file size been increased, prescan depth was limited

  • New server malware, phishing and viruses signatures
  • Scan settings sync fix, CSS styling and JS improvements

  • Optimized virus signatures of type “JS/redirector”
  • To prevent blocking, i18n JSON-files renamed to JS-files

  • Hack detection improvements (malicious code in .htaccess)

  • Updated list of known CMS/plugin/theme vulnerabilities


  • Security and maintenance release
  • Fixed issues with paused scan, database scan and site check


  • Quick rescan now being done significantly faster
  • Fixed incompatibility issues with the POSTed parameters


  • Rescan progress percent now calculated correctly

  • Improved rescan process (has been split into two phases)

  • Improvements in heuristic analysis algorithm (hacker nick names)
  • Whitelist and URL ignore list updates (tested on 1000+ plugins)

  • Malware signatures optimized, total 3709 signatures known
  • Fixed bug in recently updated UI-Bootstrap accordion


  • Delayed autostart on load and automatic retry on error
  • Improved handling of broken/unstable Internet connection
  • Sub-categories added to the WordPress admin menu

  • Scheduling periodic rescan using WordPress cron
  • Whitelist optimizations, new malware signatures


  • Forced restarting of stuck/incomplete rescan


Release Date – 2nd February, 2017

  • The first stable release of CWIS-3.0 is out!
  • CSS/JS optimizations, temporary files folders fix
  • Whitelist and URL ignore list updates (tested on 900 plugins)
  • Improved “iFrame injections” detector (PRO level)


  • Security patch, mail sender bug fix, new signatures, and more…


  • Testing completely redesigned interface written in pure AngularJS


  • LTS (Long-term support) version release
  • Quick Rescan and Scheduler bug fixes

  • Compatability with WordPress 4.7.2
  • System info reporting improvements


  • Updated URL ignore-list and known vulnerabilities list

  • Security and maintenance release


  • Validation improvements, updated list of vulnerabilities

  • Whitelist and URL ignore list updates (tested on 700 plugins)

  • New server malware signatures, total 3697 signatures known
  • Updated list of known plugins and themes vulnerabilities

  • Correct calculations of rescan speed and time left in Quick Rescan mode
  • Filenames queue list split by volumes, quick rescan of modified files
  • URL-ignore list optimizations (automatically adding the WWW prefix)

  • Incorrect date check results resolved using a timezone offset

  • Whitelist updates, client-side improvements in License Manager

  • CMS plugins detector now supported the one-file-plugins

  • Whitelist and URL ignore list updates (tested on 300 plugins)
  • Memory and signatures optimizations, CMS detector bug fix

  • CSS improvements, bug fix in suspicious redirect detector
  • Weekly notice: “To make your site as secure as possible…”


  • New signatures, code improvements and optimizations, bug fixes
  • Complemented list of latest known vulnerabilities across WordPress Core, plugins and themes

  • New server malware signatures, total 3587 signatures known

  • Unset UA warning fix, default date timezone is set to UTC
  • Removed some low quality signatures which caused false positives

  • Added the most recent high-profile plugins vulnerabilities
  • Added a signature of fake plugin named “WordPress Researcher”
  • Empty threat categories in the scan results are also displayed

  • Simulate function error_get_last() for PHP 5 < 5.2.0
  • Scanner whitelist’s function fread() PHP warning (bug fix)

  • Support for the latest version check on core-level

  • Updated security list of known vulnerabilities (WordPress plugins)


  • New backdoor and server malware signatures, total 3581 signatures known
  • Scanner skips automatically files caused to compile-time parse errors


  • Security and maintenance release
  • Added prescan status “completed”, new Potentially Malicious signatures
  • Now possible simultaneous scanning of different/mixed paths

  • Whitelist optimizations, URL ignore list been updated
  • New backdoor signatures added, total 3568 signatures known
  • Some of Server Malware signatures were skipped because of the bug


  • Doorways detection algorithm has been greatly improved (Professional Mode)
  • Scanning quality has been greatly improved (Basic Check and Recommended Mode)

  • Bug fixed in AJAX request’s timeout check (time limit has been doubled)
  • Last time rendering improved as scanner now ignores additional AJAX requests


  • Bug in the method detecting rescan status has been detected and fixed
  • The DRY philosophy has been applied to the scanner’s check code


  • Optimized some signatures in category “Potentially malicious”
  • Bootstrap popovers on hover explaining the scan modes and levels
  • Scan levels simplified: “Basic Check”, “Recommended” and “Professional”

  • List of known vulnerabilities (CMS and plugins) is up to date


  • Client-side now handling correctly an empty server response
  • PDO class file is loaded once now (additional check added)

  • New signatures added into category “Server malware”

  • API mode with log messages turned off

  • Prevented duplicate result entries

  • “Database Scan” may be enabled/disabled on-the-fly

  • Whitelist optimizations, URL ignore list been updated
  • cURL timeout has been increased from 3 to 5 seconds


  • Some regexps were moved to a more appropriate category “Potentially malicious”

  • Fixed mistakenly popping dialog


  • New shell signatures, scan results explanation notice added

  • Total 3544 signatures known (adware, phishing, viruses etc)

  • A new signature added, extended messaging in the paused scan state

  • Whitelist updates, JS stability issues, and a new banner image


  • The scanner stopped after receiving an error from the server, fixed
  • Disk free space check added with response “Possibly out of free disk space”
  • Total 3534 signatures known (adware, phishing, viruses etc)

  • Improvements in alerting system (stripped HTML tags and JSON parser fix)


  • MIME types are used now to detect and skip binary files in “Paranoid” mode

  • Ability to add a database check in the middle of an already running scan


  • Code refactoring, improved scanner stability on slow servers

  • Improper progress data is now being recovering silently
  • The list of vulnerabilities is extended and covers the last 4 years
  • Total 3477 signatures known (adware, phishing, viruses etc)


  • Scanner code has been refactored, improved performance

  • Quick rescan was failed on empty files list (bug fix)

  • Database scan was reset at each page refresh (bug fix)

  • Upload directory detection code compatability improvements

  • Whitelist updates and false AJAX timeouts fix

  • Support for files with no content (bug fix)


  • Client side user interface improvements

  • Added timeout check for lengthy AJAX requests

  • Whitelisted bunch of WordPress 4.6.0 and plugins files (nearly 500)
  • Whitelist check has been optimized, category “Encrypted files” now checked too
  • Plugins detector bug fixed (when empty array passed from the CMS detector)

  • SEO links detection improved (PHP-code in anchor is now skipped)
  • Scan result handling has been improved, empty names bug fixed
  • Client entered in loop in specific conditions, fixed


  • Database scanning control via new “DB Scan” button
  • Updated list of vulnerable CMS and plugins versions
  • Memory limit set to “1536M”, added new signatures

Release Date – 16th August, 2016

  • The plugin is listed in the official WordPress Plugin Directory
  • Added check for usage of unknown types for PHP extensions in .htaccess file


  • Delayed autostart on the first run (in 5 sec)
  • Improved WordPress version and CMS plugins detectors
  • Fixed issue with report shuffling after quick rescan


  • Improvements in built-in mechanism of translations
  • Autostart option is turned off on the very first run


  • Errors handling and translation quality improvements
  • Uploads directory used wp_upload_dir($this->plugin_name));


  • Thread-safe atomic file reading and writing solution
  • Basic scan level’s critical entries RegExp bug fixed


  • Scripts and styles included using the action hook


  • Activator and deactivator classes enabled
  • Scanner files upgraded to the latest version


  • Main file containing passwords now updated automatically
  • AJAX options now automatically generated and stored