malCure Malware Removal & Firewall


Malware scan, detection, file inspection for your WordPress site from malware, infections, security-threats, viruses, trojans, backdoors, malicious javascript redirects, code injections and other vulnerabilities. It’s the most precise malware scanner, yet light-weight, simple, easy-to-use and has a built-in firewall. You can also inspect suspicious / flagged files.

Built in firewall to protect from the most common attacks.

  • Checks integrity of the WordPress core files.
  • Checks integrity of plugins installed from the repo.
  • Scans the database for infections / injections.
  • Checks for viruses and infections using regularly updated malware signatures.
  • Supports auto-check of malware signatures.
  • Supports connecting to Google™ Search Console to fetch any warnings or notices issued by Google™
  • Ultra-high-precision results.
  • Auto-sync with WordPress Checksum API.
  • Verifies WordPress files integrity using checksums from WordPress Checksum API.
  • No need for third-party scanning.
  • Links to external tools for additional site diagnostics.
  • Connects to definition update server to check latest definitions.
  • Extremely Lightweight.
  • Works out of the box.
  • Simple to configure.
  • No third-party service required.
  • Built-in Firewall to protect your site from rogue attacks.
  • No Malware – No Google Penalties. Give your SEO a solid boost.

Malware issues are time-sensitive and the fastest way to get support support from me is to leave a message on developer website.

In case you find any issues with the plugin itself, pplease create a support thread in WordPress Support Forums. We want to make this better and help out everyone.

malCure Malware Removal & Firewall is sophisticated and extremely powerful yet does not require any third-party integration, does not send your files / data to external services etc. to work. It’s simple and does the job.

NOTICE: This plugin make call to the developer’s site to check for latest malware signatures (pretty much like what WordPress does when checking your plugins and themes for new versions. Staying up-to-date is a security best-practice. malCure Malware Removal & Firewall will inform you when there are new definition updates available. If you’re allergic to “phone home” scripts then don’t use this plugin (or WordPress at all for that matter).


  • screenshot-1.png
  • screenshot-2.png
  • screenshot-3.png


Upload the plugin to your blog. Activate it. You may configure Firewall settings (optional). Create a support thread in case of any issues.

Vanliga frågor

Ask away.


juli 15, 2019
Great to see the effort for clean code and a great plugin for detecting troublesome bugs from WordPress websites. Great Malware Detection and Protection. The signatures are updated quickly. The scanning database covers options that may contain issues and not just posts/pages like some others. Out of the box this is a very easy program to get used to using. Picks up on a lot that the others did not.
april 15, 2019
Excellent plugin, fool proof scan. I've had issues with others when the scan breaks midway, but not this. I can even inspect the rogue files it flags.
Läs alla 3 betyg

Bidragsgivare och utvecklare

”malCure Malware Removal & Firewall” är programvara med öppen källkod. Följande personer har bidragit till detta tillägg.

Bidragande personer



  • Refined WordPress title hack scanning.
  • Fixed minor bug in database scanning.
  • Fixed a major bug that prevented Firewall UI from saving.
  • Flag unknown files in wp-admin and wp-includes
  • Fixed some performance bottlenecks
  • Fixed firewall notification


  • Reverted title hack scanning due to a warning.


  • Implemented title hack detection.
  • Implemented attack prevention count.
  • Disabled JS confirm for missing definitions upon scan.
  • Bugfix: False definition update notice at times.
  • Removed redundant metaboxes (may be they can be reimplemented on a different screen).
  • Smoother Definition Update and UX.
  • Refined scrolling on various actions.


  • Made definition update requirements more prominent.
  • Implemented re-scanning of files that failed due to server timeout.
  • More user-friendly registration form fields.
  • Show more verbose data if core files are flagged and user doesn’t have latest definitions.
  • Shorter timeout for checksum transient.


  • Implemented confirmation prompt to confirm navigation during scan progress.
  • Implemented aggressive mode to detect even mildly suspicious files.
  • Implemented dynamic file count and progress update.
  • Updated branding.


  • Added advanced options for debugging/


  • Fixed scan button UI.
  • Updated branding to reflect new security features.
  • Bug Fix: Definition Upgrade URL incorrectly points to options-general.php.


  • Implemented Firewall.
  • Fixed bug in file inspector.


  • Fixed a PHP fatal error on Nginx.


  • Updated compatibility with PHP 5.6 and WordPress 5.2.


  • Fixed error due to definition syntax mismatch.


  • Minor fixes to readme.txt.


  • Database scan and infection detection.
  • Signatures for Yuzo redirect hack / infection.
  • Updated branding.
  • Several UI fixes.


  • Streamlined definition update system.
  • Definition update notifications.
  • Streamlined options.
  • Definition update check scheduling.


  • Implemented GOD mode: Advanced options when you know what you are doing.
  • CSS fixes: Several CSS fixes.


  • Fixed the sidebar support box.
  • Implemented external tools page.


  • Fixed minor bug with definition updates.
  • UX / UI Improvements.
  • Improved screenshots.


  • New branch with major feature improvement.
  • Inspect files.


  • New: Implemented plugin integrity check. Theme integrity coming soon.
  • Fixed: Sometimes infections are not reported.
  • Fixed: More thorough matching, error control, logging.


  • Optimized signature updation.
  • Ability to connect to Google Search Console to detect security notices.
  • Code refactoring.
  • Implemented verbose upgrade notice.


  • UX improvements.
  • Optimized for minimal server load due to too many definition update requests.


  • Updated progress tracking to report real-time scan-stats.


  • Optimized memory usage.
  • Fixed bug: newer definitions would not update due to caching.
  • UI improvements.
  • Updated UI progress status.
  • Implemented definition update status.


  • Updated tools page.
  • Updated UIIncluded Support Options.


  • Implemented definition updates.
  • More statistics.


  • UI Fixes.
  • Minor Bugfixes.


  • Fixed timing issues.
  • Skip /wp-content/ files by default.


  • Initial release.