malCure Malware Scanner & Firewall


No. 1 Plugin for cleaning up hacked websites. Scans your WordPress files and database for malware, infections, security-threats, viruses, trojans, backdoors, malicious redirects, dolohen, code injections and other vulnerabilities. It’s the most precise WordPress malware scanner yet light-weight, extremely simple and easy-to-use.

No false positives. Now remove malware with confidence.

Do you know? malCure is extremely easy to use. You can now remove malware yourself.

  • Extremely powerful but lightweight, simple & works out of the box.
  • Checksum / integrity check of the WordPress core files, plugins.
  • File & database scan for viruses and infections using regularly updated WordPress malware signatures.
  • WP CLI support for scanning via commandline.
  • Got security warning from Google Search Console? Google Webmaster Tools? malcure integrates with Google™ Search Console to fetch security warnings or notices to warn you in time.
  • Ultra-high-precision results + Auto-sync with WordPress Checksum API.

If your site is infected, here’s the steps to take.

Malware issues are time-sensitive and the fastest way to get support from us is to file a support ticket on our website.

malCure WordPress Malware Scanner & Firewall is sophisticated and extremely powerful. It’s simple and does the job.

Features You’ll Love:

  • Ultra-high-precision results.
  • Auto-sync with WordPress Checksum API.
  • Verifies WordPress files integrity using checksums from WordPress Checksum API.
  • Links to external tools for additional site diagnostics.
  • Checks for viruses and infections using malware definitions.
  • Latest and regularly updated WordPress malware signatures.
  • Connects to definition update server to fetch latest definitions.

Extremely Lightweight

Works out of the box

Simple to configure

No Malware – No Google Penalties. Give your SEO a solid boost.

NOTICE: This plugin make call to our malware definition api to check for latest WordPress malware signatures (pretty much like what WordPress does when checking your plugins and themes for new versions. Staying up-to-date is a security best-practice. malCure WordPress Malware Scanner & Firewall will inform you when there are new definition updates available. If you’re allergic to “phone home” scripts then don’t use this plugin (or WordPress at all for that matter).


  • screenshot-1.png
  • screenshot-2.png
  • screenshot-3.png
  • screenshot-4.png
  • screenshot-5.png
  • screenshot-6.png
  • screenshot-7.png


Upload the plugin to your blog. Activate it. You may configure Firewall settings (optional). Create a support thread in case of any issues.


My site is hacked. What should I do?

Option 1: If you are tech-savvy, you can use this plugin, analyse the site and remove malware yourself.

Option 2: You can file a service request with us. Our service includes malware cleanup and blacklist removal by our security analysts. Please click here to file a support request.

Why should I use malCure WordPress malware scanner?

Several reasons: a) malCure scans all files, even images and archives so deep hidden malware isi also easily detected. b) Checks all WordPress and repo plugins for checksums. c) Scans over 50,000+ known malware including variants like C99, R57, RootShell, dolohan, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many more. d) Hybrid scan ensures unknown threats are also identified.

In short, nothing escapes malCure. It’s fast, simple to use and extremely thorough.

What support options are available for malCure users?

Providing excellent support is extremely important to us. You can file a ticket at malCure website and our dedicated web-security specialist will ensure that the matter is resolved to your satisfaction.

Some files are detected by malCure as „suspicious“. What gives?

malCure’s SmartScan checks each file for malware. However some files aren’t pure malware but may contain code that is suspicious and could do nasty things. You should carefully review and analyse them to see if they indeed do anything nasty.

I can’t get malCure to work. It hangs / doesn’t complete the scan / breaks for some reason.

If you think that the plugin is broken, please report it here.

malCure (or for that matter other plugins) may break on malware affected / broken websites. malCure Advanced Edition integrates with WP CLI and allows you to complete the scan from WP CLI.

My site is infected however malCure doesn’t detect the infection.

Malware keeps evolving. If you come across malware that malCure is not able to identify, you may please report it here.

Is malCure better than Sucuri / Wordfence / Quttera (insert favourite plugin here)?

We can’t comment on other plugins but malCure is a local WordPress scanner which means its way ahead of remote scanners. malCure does its job very well. If you have feedback, please do not hesitate to share with us.

Also malCure scans every file regardless of whether it’s an image, archive etc. Modern malware hides in unsuspicious files and malCure makes sure those are not missed. malCure is extremely thorough and leaves no aspect of the site to speculation.

Will malCure impact the performance of my website?

malCure only runs when you want it to. At all other times it sleeps silently. The firewall triggers extremely quickly and is optimized for performance.

The scan gets stuck midway. What should I do?

In case of such an event, please file a support request with us and we’ll be more than happy to troubleshoot the issue.

Please visit this page.

I cleaned my site but it got infected again. What should I do?

Malware cleanup is a waste of time and effort until you find the root cause behind malware infection. How was someone able to infect your website? Have you plugged in that security hole?

Please read Why Do WordPress Websites Get Hacked.

Google Safe Browsing site status (or some other scanner) still shows my site as infected. What should I do?

First make sure you purge your site cache. Second, Google (and other scanners) cache the results for some time. You’ll need to force or refresh the scan.

Where can I find the malCure Terms of Use and Privacy Policy?

These are available on our website: Terms of Use and Privacy Policy


9. Dezember 2019
Installes the plugin, afterwards I had a new menu entry and a note that I need to update the definitions. Unfortunately when you click on the link nothing happens. Same with the scan, clicking on the entry in the menu does.... nothing. nada. no reaction at all. No progress windows or any reaction.
4. Dezember 2019
I have been trying to remove dirty files from a hack of my domain from three years ago. I noticed my site had dropped in search engine ranking. I also found when I posted links on the social media sites, ads and garbage normally came up. After running malCure daily over a period of two weeks, I have been able to remove or edit all of the damaging files. What a great plugin this is. I will have malCure installed on all websites I run for now on. It's an essential tool for any web designer or host running WordPress. Very user friendly and very straight forward in identifying nasty critters that need to be removed to maintain a healthy site.
28. Oktober 2019
Really nice to have this awesome plugin and support in critical moments.
15. Juli 2019
Great to see the effort for clean code and a great plugin for detecting troublesome bugs from WordPress websites. Great Malware Detection and Protection. The signatures are updated quickly. The scanning database covers options that may contain issues and not just posts/pages like some others. Out of the box this is a very easy program to get used to using. Picks up on a lot that the others did not.
15. April 2019
Excellent plugin, fool proof scan. I've had issues with others when the scan breaks midway, but not this. I can even inspect the rogue files it flags.
Lies alle 6 Rezensionen

Mitwirkende & Entwickler

„malCure Malware Scanner & Firewall“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:




  • Disabled paranoid mode by default.
  • Scan comments for malware-spam.


  • Optimised scan for filesize.
  • Added signature reporting in WP CLI.
  • Minor bugfix in database scan.


  • Bugfix: Typo in variable name.


  • Feature: Malware scan logs for last 30 days.
  • Implemented help section.
  • Included links to T&C and privacy policy.
  • Better first-run experience.
  • Optimized memory usage.


  • Linked results to infection details.
  • Implemented notice before navigating away from results.


  • Bugfix: Scan breaks if path has non-Latin1 characters.
  • Bugfix: Force a premium checksum update on license activation.
  • Bugfix: File name and path doesn’t change in file inspector.


  • Bugfix: Definition check times-out.
  • UI updates.


  • Fixed a bug that would break results in case of invalid response.


  • Added infection details.
  • Optimized performance.


  • UX Revamp from the ground up.


  • Bugfix: File scan results wouldn’t show up sometimes.


  • Fixed: Scroll to results wouldn’t work when infnection is detected.
  • Updated default no. of files per batch for faster scans.


  • Bugfix: Definition update won’t trigger sometimes.
  • Bugfix: Result actionable wouldn’t trigger sometimes.
  • Bugfix: Plugin throws php warnings due to typo in function definition.


  • Updated firewall settings.
  • Ability to reset plugin data.
  • Compatibility with WordPress 5.3.