malCure Malware Removal & Firewall


No. 1 Plugin for cleaning up hacked websites. Scans your WordPress files for malware, infections, security-threats, viruses, trojans, backdoors, malicious redirects, dolohen, code injections and other vulnerabilities. It’s the most precise malware scanner yet light-weight, simple and easy-to-use.

No false positives. Now remove malware with confidence.

Do you know? malCure is trusted by web-security agencies to eliminate even the most challenging infections from WordPress.

  • Extremely powerful but lightweight, simple & works out of the box. No third-party service required.
  • Checksum / integrity check of the WordPress core files, plugins.
  • File & database scan for viruses and infections using regularly updated malware signatures.
  • WP CLI support for scanning via commandline.
  • Got security warning from Google Search Console? Google Webmaster Tools? malcure integrates with Google™ Search Console to fetch security warnings or notices to warn you in time.
  • Ultra-high-precision results + Auto-sync with WordPress Checksum API.

If your site is infected, here’s the steps to take.

Malware issues are time-sensitive and the fastest way to get support from us is to leave a message on our website.

malCure Malware Removal & Firewall is sophisticated and extremely powerful yet does not require any third-party integration, does not send your files / data to external services etc. to work. It’s simple and does the job.

Features You’ll Love:

  • Ultra-high-precision results.
  • Auto-sync with WordPress Checksum API.
  • Verifies WordPress files integrity using checksums from WordPress Checksum API.
  • No need for third-party scanning.
  • Links to external tools for additional site diagnostics.
  • Checks for viruses and infections using malware definitions.
  • Hourly update of malware signatures.
  • Connects to definition update server to fetch latest definitions.

Extremely Lightweight

Works out of the box

Simple to configure

No third-party service required

No Malware – No Google Penalties. Give your SEO a solid boost.

NOTICE: This plugin make call to our malware definition api to check for latest malware signatures (pretty much like what WordPress does when checking your plugins and themes for new versions. Staying up-to-date is a security best-practice. malCure Malware Removal & Firewall will inform you when there are new definition updates available. If you’re allergic to “phone home” scripts then don’t use this plugin (or WordPress at all for that matter).

malCure Advanced Edition

  • Full integration with WP CLI.
  • One-click setup.
  • Use custom definitions and patterns to scan for new virus strains.
  • Get detailed debug info.
  • Absolutely blazing-fast performance on CLI.
  • Scan humongous sites without pain.
  • Skip / Scan specific files and directories to save time.
  • Auto-Update definitions from CLI.
  • Schedule periodically recurring automatic scans with system cron.
  • Combine with CLI piping for an unmatched power-combination.

Get malCure Advanced Edition →

Tangkapan Layar

  • screenshot-1.png
  • screenshot-2.png
  • screenshot-3.png
  • screenshot-4.png
  • screenshot-5.png
  • screenshot-6.png
  • screenshot-7.png


Upload the plugin to your blog. Activate it. You may configure Firewall settings (optional). Create a support thread in case of any issues.


1. My website is detected by malCure as malicious. What next?

Option 1: Please follow the steps here to analyse and remove malware yourself.

Option 2: You can file a service request with us. Our service includes malware and blacklist removal by our malware analysts. Please click here to file a support request.

2. Some files are detected by malCure as “suspicious”. What gives?

malCure’s SmartScan checks each file for malware. However some files aren’t pure malware but may contain code that is suspicious and could do nasty things. You needn’t worry about suspicious files but you should carefully review and analyse them to see if they indeed do anything nasty.

3. I can’t get malCure to work. It hangs / doesn’t complete the scan / breaks for some reason.

malCure (or for that matter other plugins) may break on malware affected / broken websites. malCure Advanced Edition integrates with WP CLI and allows you to complete the scan from WP CLI. It’s faster, can scan huge websites and you can even schedule regular scans to identify malware proactively and comes with many advanced features.

4. My site is infected however malCure doesn’t detect the infection.

Malware keeps evolving. If you come across malware that malCure is not able to identify, you may please report it here.

5. How do I use malCure Advanced Edition?

Click here to visit the malCure Advanced Edition guide.

6. Should I buy malCure Advanced Edition?

malCure Advanced Edition will not auto-magically solve all issues. It’s not meant for:

  • Automatic malware cleanup.
  • End-user or website owners.
  • One-time use.
  • Protection.

malCure Advanced Edition is meant for:

  1. Web-Security professionals & agencies.
  2. Web-Security analysts, educationists & students.
  3. Professionals who need advanced power and control.
  4. Routine security servicing.
  5. Automation.
  6. WP CLI integration.
  7. Fixing broken installs when website access is revoked.

malCure Free Edition detects the same number of malware / threats as the paid version. You pay for convenience & control, not the end-result.

If you are not familiar with the above, you’ll not be able to utilize the potential of the Advanced Edition. Click here to read more about it.

7. Where can I get help?
  1. Click Here For Plugin Support.
  2. Click Here For Malware / Infection Support.


15 Juli 2019
Great to see the effort for clean code and a great plugin for detecting troublesome bugs from WordPress websites. Great Malware Detection and Protection. The signatures are updated quickly. The scanning database covers options that may contain issues and not just posts/pages like some others. Out of the box this is a very easy program to get used to using. Picks up on a lot that the others did not.
15 April 2019
Excellent plugin, fool proof scan. I've had issues with others when the scan breaks midway, but not this. I can even inspect the rogue files it flags.
Baca semua 3 tinjauan

Kontributor & Pengembang

“malCure Malware Removal & Firewall” adalah perangkat lunak sumber terbuka. Berikut ini mereka yang sudah berkontribusi pada plugin ini.

Para Kontributor

Log Perubahan


  • Fixed a chehcksum bug caused by a typo


  • Fixed a bug when checksums would break.
  • UX Updates


  • Fixed a bug in UI if definitions are not updated.


  • Updated UI
  • Ability to run file scan and database scan independently
  • Decoupled DB Scan and File Scan


  • Fixed CTAs


  • Optimized memory consumption
  • Better UX for CLI
  • Code optimizations for speedy load
  • Several other bugfixes
  • Added FAQs


  • Better error handling on broken installs
  • Better scaling


  • Fixed: Firewall doesn’t log certain attack typeps
  • UI Uplift
  • Solid WP CLI Integration


  • Bugfix for regexes
  • Better form sanitization
  • WP Cli support. Now you can run scans from the commandline.


  • Bug fix: some files were ignored during scans
  • Preparing for WP CLI readiness


  • Fixed firewall notification
  • List hidden files and folders
  • List server IP:PORT
  • Added crypto function to prevent firewalls from breaking scan
  • UI Refresh
  • UI Fixes for file rescanning
  • Database Deep-Scanning


  • Refined WordPress title hack scanning.
  • Fixed minor bug in database scanning.
  • Fixed a major bug that prevented Firewall UI from saving.
  • Flag unknown files in wp-admin and wp-includes
  • Fixed some performance bottlenecks
  • Fixed firewall notification


  • Reverted title hack scanning due to a warning.


  • Implemented title hack detection.
  • Implemented attack prevention count.
  • Disabled JS confirm for missing definitions upon scan.
  • Bugfix: False definition update notice at times.
  • Removed redundant metaboxes (may be they can be reimplemented on a different screen).
  • Smoother Definition Update and UX.
  • Refined scrolling on various actions.


  • Made definition update requirements more prominent.
  • Implemented re-scanning of files that failed due to server timeout.
  • More user-friendly registration form fields.
  • Show more verbose data if core files are flagged and user doesn’t have latest definitions.
  • Shorter timeout for checksum transient.


  • Implemented confirmation prompt to confirm navigation during scan progress.
  • Implemented aggressive mode to detect even mildly suspicious files.
  • Implemented dynamic file count and progress update.
  • Updated branding.


  • Added advanced options for debugging/


  • Fixed scan button UI.
  • Updated branding to reflect new security features.
  • Bug Fix: Definition Upgrade URL incorrectly points to options-general.php.


  • Implemented Firewall.
  • Fixed bug in file inspector.


  • Fixed a PHP fatal error on Nginx.


  • Updated compatibility with PHP 5.6 and WordPress 5.2.


  • Fixed error due to definition syntax mismatch.


  • Minor fixes to readme.txt.


  • Database scan and infection detection.
  • Signatures for Yuzo redirect hack / infection.
  • Updated branding.
  • Several UI fixes.


  • Streamlined definition update system.
  • Definition update notifications.
  • Streamlined options.
  • Definition update check scheduling.


  • Implemented GOD mode: Advanced options when you know what you are doing.
  • CSS fixes: Several CSS fixes.


  • Fixed the sidebar support box.
  • Implemented external tools page.


  • Fixed minor bug with definition updates.
  • UX / UI Improvements.
  • Improved screenshots.


  • New branch with major feature improvement.
  • Inspect files.


  • New: Implemented plugin integrity check. Theme integrity coming soon.
  • Fixed: Sometimes infections are not reported.
  • Fixed: More thorough matching, error control, logging.


  • Optimized signature updation.
  • Ability to connect to Google Search Console to detect security notices.
  • Code refactoring.
  • Implemented verbose upgrade notice.


  • UX improvements.
  • Optimized for minimal server load due to too many definition update requests.


  • Updated progress tracking to report real-time scan-stats.


  • Optimized memory usage.
  • Fixed bug: newer definitions would not update due to caching.
  • UI improvements.
  • Updated UI progress status.
  • Implemented definition update status.


  • Updated tools page.
  • Updated UIIncluded Support Options.


  • Implemented definition updates.
  • More statistics.


  • UI Fixes.
  • Minor Bugfixes.


  • Fixed timing issues.
  • Skip /wp-content/ files by default.


  • Initial release.