close
WordPress.org
Get WordPress
WordPress.org

Plugin Directory

Quttera ThreatSign – Web Malware Scanner for WordPress

Image
Image

Quttera ThreatSign – Web Malware Scanner for WordPress

By quttera
Download

Description

Quttera ThreatSign protects your WordPress website with multi-layered security:

Malware Detection: Powered by Quttera’s AI-driven heuristic engine, the scanner detects malicious PHP, obfuscated JavaScript, hidden iframes, redirects, spam, SEO malware, and credit-card skimmers targeting checkout pages. The plugin performs on-demand scans directly from your WordPress admin and checks your domain against more than 40 global security authorities, including Google, McAfee, Norton, and Yandex. Detection capabilities are continuously enhanced using insights from Quttera’s worldwide threat intelligence network.

Brute Force Protection: Prevents unauthorized login attempts with IP locking, configurable rate limiting, and environment-aware protection policies. Supports both shared hosting (aggressive locking) and dedicated servers (progressive delays). Includes emergency bypass mechanism for critical situations.

Bot Protection: Layered defense against automated attacks using multi-stage risk evaluation, token-bucket rate limiting, and legitimate bot recognition (Googlebot, Bingbot, etc.). Protects REST API, XML-RPC, and WooCommerce endpoints with endpoint-specific risk scoring.

Admin User Monitoring: Real-time detection and alerting for unauthorized admin additions, removals, and role changes with database audit trail and snapshots.

For complete protection—including automated malware removal, scheduled scanning, WAF, and 24/7 monitoring—you can upgrade to a ThreatSign Website Security plan.

Malware Detection Features:

  • One-click on-demand scans from WP admin
  • 0-day (unknown threat) detection via heuristic & behavioral analysis
  • Detection of malicious PHP (backdoors, shells, injections)
  • Detection of obfuscated or polymorphic JavaScript
  • Identification of malicious iframes, redirects & hidden links
  • Detection of spam & SEO malware
  • Checkout skimmer detection
  • Inspection of WordPress core file integrity
  • Detection of alien or unauthorized files in core directories
  • External links and outbound reference analysis
  • Blacklist checks across 40+ security authorities
  • Cloud-based scanning to reduce server resource load
  • Detailed investigation reports with severity levels

Brute Force Protection Features:

  • IP-based locking with configurable thresholds
  • Multi-stage failure detection with soft and hard locks
  • Environment-aware policies for shared hosting and dedicated servers
  • IP whitelist/blacklist with CIDR notation support
  • Emergency bypass mechanism via constant or filter
  • User account lockout alerts via email
  • Combo-lock (IP + username) detection
  • Rate limiting with progressive delays

Bot Protection Features:

  • Multi-stage risk evaluation with heuristic analysis
  • Token-bucket rate limiting across multiple lanes (global, REST, XML-RPC, checkout, cart)
  • Legitimate bot recognition (Googlebot, Bingbot with elevated rate limits)
  • REST API enumeration and authentication protection
  • WooCommerce endpoint protection (checkout & cart)
  • Configurable operation modes (Observe, Balanced, Aggressive)
  • Risk-based challenge mechanisms and exponential backoff

Admin User Monitoring Features:

  • Real-time detection of admin user additions and removals
  • Admin role change tracking
  • Database snapshot comparison for audit trail
  • WP-Cron scheduled checks (1-minute intervals)
  • Immediate detection via WordPress hooks
  • Email alerts for unauthorized changes
  • Comprehensive alarm system integration

If you need malware removal assistance, contact us at support@quttera.com or sign up for any
of our ThreatSign annual plans, which include cleanup & blacklist removal:
https://quttera.com/anti-malware-website-monitoring-signup

Credits

Plugin’s other home

Screenshots

  • Image

    WordPress Malware Scanner dashboard showing external website scan summary and malware detection status.

  • Image

    Initial scanner dashboard before a scan is executed, displaying domain and scanner configuration.

  • Image

    High-sensitivity internal malware scan results showing detected malicious and suspicious files.

  • Image

    Standard malware scan results summarizing clean, suspicious, and malicious files detected on the website.

  • Image

    Detailed malware detection report displaying identified threats, file signatures, and malicious code indicators.

  • Image

    Malware Scanner configuration panel with scan mode selection, file system integrity controls, and scheduled scanning options.

  • Image

    Security dashboard displaying critical security alerts, external website scan results, and server-side malware scan statistics.

  • Image

    Security alerts panel listing detected bot attacks, security warnings, and active threat notifications.

  • Image

    Administrator access log showing successful and failed login attempts for privileged WordPress accounts.

Installation

  1. Download the plugin.
  2. Go to the WordPress Plugins menu and activate it.
  3. That’s it!

FAQ

How is this plugin different from similar plugins?

This plugin uses Quttera’s unique, patented malware scanning and detection technology. Its multi-layered heuristic engine gathers intelligence from the analyzed system and digests it into weighted rules to detect malicious code. A self-learning mechanism updates the ruleset using Quttera’s worldwide threat intelligence network.

What does the plugin detect?

The scanner identifies a wide range of threats, including:

  • Obfuscated JavaScript
  • Injected or malicious PHP code
  • Hidden iframes, redirects, and links
  • Spam and SEO malware
  • Card skimmers targeting WooCommerce checkout pages
  • Suspicious external links
  • Backdoors and PHP shells
  • Infected or modified WordPress core files

Heuristic and AI-powered analysis enables detection of new or unknown malware, not just known signatures.

What do I get for free with the plugin?

The free version includes:

Malware Detection:
* On-demand scans from the WordPress admin
* Blacklist checks across 40+ services
* Malware detection (JS, PHP, backdoors, spam, iframes, skimmers, etc.)
* Investigation report with severity levels (Clean, Potentially Suspicious, Suspicious, Malicious)

Brute Force Protection:
* IP-based locking and failure detection
* User account lockout protection
* IP whitelist and blacklist management
* Email alerts for locked accounts

Bot Protection:
* Rate limiting and risk-based evaluation
* Legitimate bot recognition
* REST API and WooCommerce endpoint protection
* Configurable protection modes

Admin User Monitoring:
* Real-time detection of admin user changes
* Email alerts for additions, removals, and role changes
* Database audit trail with snapshots

To enhance protection with automated responses, scheduled scanning, and advanced WAF features, upgrade to ThreatSign Website Security.

What is the heuristic scan?

Traditional scanning uses signature matching. Heuristic scanning uses rules, weight-based systems, emulators, flow analyzers, and statistical methods to detect potentially malicious functionality, even in previously unknown threats.

What to do if plugin detects something suspicious?

Quttera’s severity levels indicate potential risk. If you’re unsure whether a detection is harmful, our team can help. Contact us via ticket at https://helpdesk.quttera.com, email support@quttera.com, or the plugin’s WordPress Support Forum.

Do you offer paid services?

Yes. Our ThreatSign Website Security plans provide:

  • Expert malware cleanup
  • Automatic malware removal
  • Continuous & scheduled scans
  • Web Application Firewall (WAF)
  • DDoS protection & mitigation
  • Blacklist removal (40+ authorities)
  • 24/7 monitoring & protection

Learn more: https://quttera.com

Why does the screen freeze or go blank during scan?

This usually happens if your hosting assigns only one PHP worker. The scan process occupies the only worker, temporarily blocking the site until the scan completes.

Why when I click Scan Now nothing happens?

Ensure JavaScript is enabled and your firewall isn’t blocking plugin requests. The plugin communicates with the backend via JavaScript-generated HTTP requests.

How can I send you the investigation report?

Use the “Download Report” button, save the file, and send it to us via https://helpdesk.quttera.com/open.php.

Why does the internal scan show 0 scanned files?

Your hosting may not allow WordPress Cron to function properly.
You can enable an alternative cron method by adding this line to wp-config.php:

define(‘ALTERNATE_WP_CRON’, true);

How to submit undetected samples?

Submit them via: https://helpdesk.quttera.com/open.php

Questions about investigation process

For questions about investigation process please refer to http://quttera.com or post in the Support section here.

What is Brute Force Protection and how does it work?

Brute Force Protection defends against unauthorized login attempts by tracking failed logins per IP address and username combination. It applies progressive locking:
* Soft lock: Introduces account lockout after configurable failures
* Hard lock: Completely blocks the IP after repeated failures
* Emergency bypass: Can be enabled via constant QTR_BRUTEFORCE_BYPASS or filter hook for critical situations

The protection is environment-aware, with different strategies for shared hosting (aggressive locking) versus dedicated servers (progressive delays).

What is Bot Protection and how does it work?

Bot Protection uses multi-stage risk evaluation to detect and rate-limit automated attacks. It examines:
* User-Agent signatures and heuristics
* Request rates and patterns across different endpoints
* Risk scores for specific endpoints (REST API, XML-RPC, WooCommerce, etc.)

Legitimate bots (Googlebot, Bingbot) are recognized and granted elevated rate limits. The system operates in three modes:
* Observe: Logs threats without blocking
* Balanced: Soft enforcement with fail-open for checkout (default)
* Aggressive: Hard enforcement on all endpoints

How do I enable Emergency Bypass if I’m locked out?

If you’re locked out by Brute Force Protection, you have two options:
1. Add to wp-config.php: define('QTR_BRUTEFORCE_BYPASS', true);
2. Or use the filter hook: apply_filters('qtr_bruteforce_emergency_bypass', false) returning true

After enabling bypass and regaining access, disable it and configure a proper IP whitelist.

What does Admin User Monitoring track?

Admin User Monitoring detects and alerts on:
* New admin users being added to the site
* Admin users being removed
* Administrator role being assigned or changed

The plugin creates database snapshots to compare with previous states, providing a comprehensive audit trail. Checks run automatically every minute via WP-Cron and also on every WordPress admin page load.

Can I customize hosting type settings for Brute Force Protection?

Yes. The plugin automatically detects your hosting environment and applies appropriate policies:
* Shared Hosting: Minimal delays (avoid blocking precious worker processes), aggressive locking
* Dedicated Server: Progressive delays, higher failure thresholds, more forgiving approach

You can also manually configure IP whitelists/blacklists regardless of hosting type.

How often are admin users checked for changes?

Admin user monitoring checks run:
* Every 1 minute (via scheduled WP-Cron)
* On every WordPress admin page load (via admin_init hook)
* Immediately when users are added, removed, or roles are changed (via WordPress hooks)

This multi-layered approach ensures rapid detection of unauthorized changes.

Reviews

Image

Highly recommended

April 11, 2024
Great tool that helps you quickly find out whether and which plugins could be affected by a data leak if you have numerous attacks on WordPress (e.g. on wp-admin). You can then replace all plugin folders with the original plugin files via FTP, done. Very good job, thank you!
Image

Saved my life

November 5, 2022
I wasnt expecting anything from this plugin but it has saved my lots of time and money. First I removed some critical files by wordfence and tried almost all malware scanners but non of the scanners could detect the infected files, infact wordfence was showing no threat but my site was displaying the japanese letters snippet on google and had 62000 links indexed on google console. I would say Malcare did a good job in scanning the malware but it doesnt show any files because of paid service. After running this scanner it showed me some malicious files and I removed them from the control panel by myself. Book malware was disappeared scanner didnt showed site is hacked. Thanks alot guys
Image

Useless Adware

June 2, 2022 1 reply
Only tells you that it is paid once it has supposedly detected infectoin. This can’t be trusted when the vendor is motivated to detect false positives.
Image

Excellent

September 16, 2021
Отличный плагин! Теперь я могу спать спокойно. Поддержка ответила очень быстро и даже просмотрела мои подозрительные файлы вручную!
Read all 46 reviews

Contributors & Developers

“Quttera ThreatSign – Web Malware Scanner for WordPress” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Quttera ThreatSign – Web Malware Scanner for WordPress” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

4.0.0.3

  • Added new detection rules

4.0.0.1

  • Major: Added Brute Force Protection system with configurable policies
  • Major: Added Bot Protection with token-bucket rate limiting
  • Major: Added Admin User Monitoring with real-time alerts
  • Added Emergency Bypass mechanism for Brute Force Protection
  • Added environment-aware policies for shared hosting and dedicated servers
  • Added comprehensive alarm system with email notifications
  • Added HowTo guides and improved dashboard
  • Added separated pages for blocked IPs (Bot vs Brute Force)
  • Added admin account lockout alerts
  • Fixed alarm flooding and improved alarm management
  • Improved code organization with dedicated modules
  • Added new detection rules

3.5.2.1

  • Fixed vulnerability type: Stored XSS Administrator+ role Affected Plugin. Thanks to Artyom Krugov for reporting and helping to improve our plugin.
  • Fixed vulnerability type: Server-Side Request Forgery. Thanks to Jonas Benjamin Friedli for reporting and helping to improve our plugin. CVE-2025-8013.

3.5.1.41

  • Added new detection rules

3.5.0.1

  • Added new detection rules
  • Added new GUI

3.4.2.1

  • Added new detection rules
  • Fixed vulnerability types: Directory Listing and Path Traversal. Thanks to Dmitrii Ignatyev for reporting and helping to improve our plugin.

3.4.0.1

  • Added capability to ignore specific files or directories

3.3.0.22

  • Added capability for high sensitive and normal scans

3.2.1.97

  • Added new detection rules

3.1.1.0

  • Fixed presentation of investigation report

3.0.21.17

  • Added new SEO/malware/ransomware detections

3.0.9.1

  • Added admin user verification on internal scan

3.0.8.65

  • Added new SEO/malware/ransomware detections

3.0.8.1

  • Fixes for 4.8.2 and new backdoor samples

3.0.7.45

  • Added new malware/shell samples

3.0.7.22

  • Added new spam samples

3.0.7.21

  • Added new spam samples

3.0.7.20

  • Added new malware shell

3.0.7.0

  • Added new malicious ads detection

1.0.0

  • Initial public release

Meta

Ratings

3.9 out of 5 stars.

Add my review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum