WP Security Plugin for WordPress

WP Security plugin for WordPress searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.

* This plugin does not remove anything. That is left to the user to do.

Features

Use with other security plugins for WordPress to Audit them

Automatically updates itself to be inline with the latest WordPress version running

View exploits and malware that can go undetected

Email-based plugin support from the team.

Interpreting the Results

It is likely that this scanner will find false positives (i.e. files which do not contain malicious code). However, it is best to be

on the side of caution; if you are unsure then ask our support. You should be most concerned if the scanner is:

making matches around unknown external links; finding base64 encoded text in modified core files or the wp-config.php file;

listing extra admin accounts; or finding content in posts which you did not put there.

Understanding the three different result levels:

Severe: results that are often strong indicators of a hack (though they are not definitive proof)

Warning: these results are more commonly found in innocent circumstances than Severe matches, but they should still be treated with caution

Note: lowest priority, showing results that are very commonly used in legitimate code or notifications about events such as skipped files

Requirements

PHP 5.4+

WordPress 4.6+

Instructions

Go to ‘Plugins’ -> ‘Add New’ -> ‘Upload plugin’ -> Choose the zip file on your computer and ‘Install Now’

Activate the plugin in the ‘Plugins’ -> ‘Installed Plugin’s in WordPress Admin.

The plugin will appear under the ‘Settings’ side menu, click on ‘***Shift Security’