Quttera Web Malware Scanner


The Quttera Web Malware Scanner plugin will scan your website for malware, trojans, backdoors, worms, viruses, shells, spyware and other threats as well as JavaScript code obfuscation, exploits, malicious iframes, malicious code injection, malicious code obfuscation, auto-generated malicious content, redirects, hidden eval code and more. Also, it will check whether your website is blacklisted by Google and other blacklisting authorities. Help yourself to protect your website, your website users and your online reputation with a free Quttera Web Malware Scanner plugin.


  • One Click Scan
  • Unknown Malware Detection
  • External Links Detection
  • Blacklist Status
  • No Signatures or Patterns Updates
  • Artificial Intelligence Scan Engine
  • Cloud Technology
  • Detailed Investigation Report
  • Investigation of WordPress files
  • Detection of files infected by PHP malware
  • Detection of injected PHP shells

If you need a hand with malware removal please do not hesitate to contact us on support@quttera.com or sign-up to any of our annual plans which include malware cleanup and blacklist removal on https://quttera.com/anti-malware-website-monitoring-signup .


Plugin’s other home

Screenshot (schermate di esempio)

  • Quttera Web Malware Scanner for Word Press


  1. Download the plugin.
  2. Go to the WordPress Plugin menu and activate it.
  3. That’s it!


How is this plugin different from similar plugins?

This plugin uses Quttera’s unique, patented, malware scanning and detection technology. The scanning engine employs a multi-layered, heuristic approach to gather the intelligence from the analyzed system and digest it into weighted rules to flag a piece of code as malicious. A self-learning mechanism uses Quttera’s threats intelligence database crowd-sourced from a worldwide network to update the ruleset and improve detection with each subsequent run.

What is the heuristic scan?

Standard or traditional scanning relies on the signature matching mechanisms. In which the signature of the known threat or its polymorphed variant is compared with the contents (string, e.g.) of the examined file. This technique relies on the existence of the signature in the database to enable the detection. Heuristic approach implements rules, weight-based systems, emulators, flow analyzers, statistical and mathematical methods when probing specific instructions, commands or any other portion of the software. As a result, it allows detecting the potentially malicious functionality in new (previously unknown) malware.

What to do if plugin detects something suspicious?

Quttera technology encompasses heuristic and self-learning components. The severity of the detection depends on the danger it can potentially pause. Current implementation offers four (4) severity levels: Clean, Potentially Suspicious, Suspicious and Malicious. If you are not sure whether Potentially Suspicious or Suspicious detection is an actual threat, our team will help you with that. You can contact us via any of the following: a ticket at https://helpdesk.quttera.com, email to support@quttera.com or through the Support Forum .

Where can I get support for this plugin?

You can contact us via any of the following: a ticket at https://helpdesk.quttera.com, email to support@quttera.com or through the Support Forum .

What to do in case of False-Positives?

Report False-Positive to our helpdesk, and we will review and fix it within the 3-4 working days.

How to submit samples that plugin did not detect?

Please submit any missing detection to our helpdesk.

Why when I click Start Scan the screen freezes and then goes blank?

That usually occurs when there is only one PHP worker assigned to the site. When the plugin runs, it occupies one PHP worker for the scan. Since there are no extra PHP workers available, the plugin blocks the website until the scan is finished.

Do you offer paid services?

Yes, we offer website security plans to protect the sites from malware and blacklisting, fix hacking and improve the overall cybersecurity risks management for web assets.

Why when I click Scan Now nothing happens?

A front-end code interacts with the backend code of this plugin through the HTTP request sent by loaded JavaScript functionality (code). Please verify that you have JavaScript enabled and that the firewall doesn’t block these requests.

How can I send you the investigation report?

Click “Download Report” button to generate the report, store it as a text file and send it to us via helpdesk.

Why when I run an internal scan, the scanned files count shows 0 (zero)?

The plugin scheduler invocation is based on WordPress Cron mechanism.
Some web hostings and servers do not enable the functionality required for WordPress Cron mechanism to work correctly.
There is a way to overcome this limitation by using alternative WordPress Cron. To enable alternative Cron, please add the following line to wp-config.php

define(‘ALTERNATE_WP_CRON’, true);

Questions about investigation process

For questions about investigation process please refer to http://quttera.com or post in the Support section here.


9 Settembre 2019
Sorry to say it, but I have tried many security scanners, and this gives so many false positive, even when the log file is empty. this gives so much headache, please fix it, and give real results, you make people work for nothing.
2 Luglio 2019
What an awesome plugin, finds malware and assist's in removing them. Highly recommended! Donated, thanks for making this free!
8 Aprile 2019
It detects the malware other plugins like wordfence and sucuri couldn't. Problem solved. p.s. I still recommend using wordfence or any other security plugin but for scanning, quttera is a better one.
24 Gennaio 2019
Helped me alot after one of the websites got hacked in order to find infected files.
21 Novembre 2018
When scannig my wordpress-installation I was advised that due to high sensitivity the scan may also detect false positives. Interestingly enough, all files appear to be suspocious, for example wp-admin/widgets.php is considered an unknown file in the core directory. The files in the core directory of my site and in the latest wordpress verion I downloaded just now are 100% identical and in the identical location of both the downloaded WP-Package and my installation. Sorry, but in these cases the plugin should recognize the core files and not flag them. Other tools are way better here, although they costs someting.
Leggi tutte le recensioni di 36

Crediti e riconoscimenti

“Quttera Web Malware Scanner” è un software open source. Le persone che hanno contribuito allo sviluppo di questo plugin sono indicate di seguito.


Traduci “Quttera Web Malware Scanner” nella tua lingua.

Ti interessa lo sviluppo?

Esplora il Codice segui il Repository SVN iscriviti al Log delle Modifiche. Puoi farlo tramite RSS con un lettore di feed.

Changelog (registro delle modifiche)

  • Added capability for high sensitive and normal scans

  • Added new detection rules

  • Fixed presentation of investigation report

  • Added new SEO/malware/ransomware detections

  • Added admin user verification on internal scan

  • Added new SEO/malware/ransomware detections

  • Fixes for 4.8.2 and new backdoor samples

  • Added new malware/shell samples

  • Added new spam samples

  • Added new spam samples

  • Added new malware shell

  • Added new malicious ads detection


  • Initial public release