malCure Malware Removal & Firewall


Scans your WordPress files for malware, infections, security-threats, viruses, trojans, backdoors, malicious redirects, dolohen, code injections and other vunerabilities. It’s the most precise malware scanner yet light-weight, simple and easy-to-use.

Do you know? malCure is trusted by web-security agencies to eliminate even the most challenging infections from WordPress.

  • Checksum / integrity check of the WordPress core files, plugins.
  • File & database scan for viruses and infections using regularly updated malware signatures.
  • WP CLI support for scanning via commandline.
  • Got security warning from Google Search Console? Google Webmaster Tools? malcure integrates with Google™ Search Console to fetch security warnings or notices to warn you in time.
  • Ultra-high-precision results + Auto-sync with WordPress Checksum API.
  • Extremely Lightweight. Simple. Works out of the box. No third-party service required.

If your site is infected, here’s the steps to take.

Malware issues are time-sensitive and the fastest way to get support support from us is to leave a message on our website.

malCure Malware Removal & Firewall is sophisticated and extremely powerful yet does not require any third-party integration, does not send your files / data to external services etc. to work. It’s simple and does the job.

Features You’ll Love:

  • Ultra-high-precision results.
  • Auto-sync with WordPress Checksum API.
  • Verifies WordPress files integrity using checksums from WordPress Checksum API.
  • No need for third-party scanning.
  • Links to external tools for additional site diagnostics.
  • Checks for viruses and infections using malware definitions.
  • Hourly update of malware signatures.
  • Connects to definition update server to fetch latest definitions.

Extremely Lightweight

Works out of the box

Simple to configure

No third-party service required

No Malware – No Google Penalties. Give your SEO a solid boost.

NOTICE: This plugin make call to our malware definition api to check for latest malware signatures (pretty much like what WordPress does when checking your plugins and themes for new versions. Staying up-to-date is a security best-practice. malCure Malware Removal & Firewall will inform you when there are new definition updates available. If you’re allergic to “phone home” scripts then don’t use this plugin (or WordPress at all for that matter).


  • screenshot-1.png
  • screenshot-2.png
  • screenshot-3.png
  • screenshot-4.png
  • screenshot-5.png
  • screenshot-6.png
  • screenshot-7.png


Upload the plugin to your blog. Activate it. You may configure Firewall settings (optional). Create a support thread in case of any issues.

Perguntas frequentes

Ask away.


15 de Julho, 2019
Great to see the effort for clean code and a great plugin for detecting troublesome bugs from WordPress websites. Great Malware Detection and Protection. The signatures are updated quickly. The scanning database covers options that may contain issues and not just posts/pages like some others. Out of the box this is a very easy program to get used to using. Picks up on a lot that the others did not.
15 de Abril, 2019
Excellent plugin, fool proof scan. I've had issues with others when the scan breaks midway, but not this. I can even inspect the rogue files it flags.
Ler todas as 3 avaliações

Contribuidores e programadores

“malCure Malware Removal & Firewall” é software de código aberto. As seguintes pessoas contribuíram para este plugin:


Registo de alterações


  • Bugfix for regexes
  • Better form sanitization
  • WP Cli support. Now you can run scans from the commandline.


  • Bug fix: some files were ignored during scans
  • Preparing for WP CLI readiness


  • Fixed firewall notification
  • List hidden files and folders
  • List server IP:PORT
  • Added crypto function to prevent firewalls from breaking scan
  • UI Refresh
  • UI Fixes for file rescanning
  • Database Deep-Scanning


  • Refined WordPress title hack scanning.
  • Fixed minor bug in database scanning.
  • Fixed a major bug that prevented Firewall UI from saving.
  • Flag unknown files in wp-admin and wp-includes
  • Fixed some performance bottlenecks
  • Fixed firewall notification


  • Reverted title hack scanning due to a warning.


  • Implemented title hack detection.
  • Implemented attack prevention count.
  • Disabled JS confirm for missing definitions upon scan.
  • Bugfix: False definition update notice at times.
  • Removed redundant metaboxes (may be they can be reimplemented on a different screen).
  • Smoother Definition Update and UX.
  • Refined scrolling on various actions.


  • Made definition update requirements more prominent.
  • Implemented re-scanning of files that failed due to server timeout.
  • More user-friendly registration form fields.
  • Show more verbose data if core files are flagged and user doesn’t have latest definitions.
  • Shorter timeout for checksum transient.


  • Implemented confirmation prompt to confirm navigation during scan progress.
  • Implemented aggressive mode to detect even mildly suspicious files.
  • Implemented dynamic file count and progress update.
  • Updated branding.


  • Added advanced options for debugging/


  • Fixed scan button UI.
  • Updated branding to reflect new security features.
  • Bug Fix: Definition Upgrade URL incorrectly points to options-general.php.


  • Implemented Firewall.
  • Fixed bug in file inspector.


  • Fixed a PHP fatal error on Nginx.


  • Updated compatibility with PHP 5.6 and WordPress 5.2.


  • Fixed error due to definition syntax mismatch.


  • Minor fixes to readme.txt.


  • Database scan and infection detection.
  • Signatures for Yuzo redirect hack / infection.
  • Updated branding.
  • Several UI fixes.


  • Streamlined definition update system.
  • Definition update notifications.
  • Streamlined options.
  • Definition update check scheduling.


  • Implemented GOD mode: Advanced options when you know what you are doing.
  • CSS fixes: Several CSS fixes.


  • Fixed the sidebar support box.
  • Implemented external tools page.


  • Fixed minor bug with definition updates.
  • UX / UI Improvements.
  • Improved screenshots.


  • New branch with major feature improvement.
  • Inspect files.


  • New: Implemented plugin integrity check. Theme integrity coming soon.
  • Fixed: Sometimes infections are not reported.
  • Fixed: More thorough matching, error control, logging.


  • Optimized signature updation.
  • Ability to connect to Google Search Console to detect security notices.
  • Code refactoring.
  • Implemented verbose upgrade notice.


  • UX improvements.
  • Optimized for minimal server load due to too many definition update requests.


  • Updated progress tracking to report real-time scan-stats.


  • Optimized memory usage.
  • Fixed bug: newer definitions would not update due to caching.
  • UI improvements.
  • Updated UI progress status.
  • Implemented definition update status.


  • Updated tools page.
  • Updated UIIncluded Support Options.


  • Implemented definition updates.
  • More statistics.


  • UI Fixes.
  • Minor Bugfixes.


  • Fixed timing issues.
  • Skip /wp-content/ files by default.


  • Initial release.