Deep Malware Cleaner

Deep Malware Cleaner is a lightweight deep malware scanner built for WordPress. It performs a thorough deep cleanup scan of your wp-content directory, detects backdoors, cleans injected site scripts, fixes redirect hacks, and triggers malware auto-purge — all from your WordPress admin dashboard with no external service, no subscription, and no data ever leaving your server.

Whether you’re dealing with a live attack, a hidden backdoor, or a redirect hack silently sending visitors to malicious sites, Deep Malware Cleaner gives you the tools to scan, alert, and act — fast.

Core Capabilities

Deep Cleanup Scan
Walks your entire wp-content directory, inspecting every PHP file for known malware signatures, obfuscated code, and injected payloads. Results are sorted by severity so the worst threats surface first.

Backdoor Fixer
Detects PHP backdoors uploaded through vulnerable plugins or themes — including webshells, remote-execution scripts, and hidden PHP files inside the uploads folder where no PHP should ever exist.

Site Script Cleaner
Identifies injected JavaScript and malicious <script> tags, hidden iframes, and obfuscated code blocks embedded in your theme or plugin files.

Redirect Hack Fix
Flags the PHP patterns most commonly responsible for redirect hacks — including header() injection, variable-based shell execution, and compressed payload backdoors used to silently redirect visitors to attack sites.

Malware Auto-Purge
Remove confirmed threats directly from the scan results screen without touching FTP or cPanel. Quarantine or delete flagged files in one click.

Login Protection
Hardens your WordPress login against brute-force attacks and unauthorized access attempts — an essential layer of website protection alongside active scanning.

Instant Alerts
Get notified the moment a scan finds a threat. Real-time alerts keep you informed so you can respond before an attack escalates.

What the Scanner Detects

• eval(base64_decode(…)) — the most widespread PHP malware obfuscation and attack vector.
• eval(gzinflate(…)) / eval(gzuncompress(…)) — compressed-payload backdoors.
• eval(str_rot13(…)) — rotation-cipher obfuscated malware.
• Shell execution with dynamic arguments — shell_exec, passthru, proc_open, popen, and system called with a variable, a classic attack pattern for remote code execution.
• Hidden iframes — <iframe> elements injected with display:none used to load malicious content invisibly.
• Long base64 strings — unusually large base64 blobs embedded in PHP, a common technique for hiding large attack payloads.
• PHP files inside the uploads directory — any .php file in wp-content/uploads/ is flagged High severity; legitimate uploads are never PHP files.

Key Features

• Lightweight deep malware scanner — scans up to 500 files per run in under 25 seconds, safe on shared hosting.
• On-demand scan — runs only when you click Start Scan, never in the background.
• Deep Cleaner dashboard — at-a-glance stats: threats found, files scanned, time since last scan.
• Website Security & Website Protection — comprehensive coverage against the most common WordPress attack types.
• Troubleshoot mode — detailed per-file reporting to help you understand exactly what was found and why it was flagged.
• Secure login hardening included.
• All scan history stored in your own database — nothing leaves your server.
• No account, no API key, no external requests.
• Translatable — full .pot file included.

Who Is This For?

• Site owners who received a “this site may be hacked” alert from Google.
• Developers who need to troubleshoot a suspected redirect hack or injected script.
• Agencies that manage multiple WordPress sites and need a fast, lightweight scanner with no SaaS dependency.
• Anyone who wants ongoing website security and website protection without a monthly fee.

Privacy

This plugin makes zero external HTTP requests. No data is sent to any third-party server. Scan results are stored only in your own WordPress database and are removed when you uninstall the plugin (if that option is enabled in Settings).