Quttera Web Malware Scanner


The Quttera Web Malware Scanner plugin will scan your website for malware, trojans, backdoors, worms, viruses, shells, spyware and other threats as well as JavaScript code obfuscation, exploits, malicious iframes, malicious code injection, malicious code obfuscation, auto-generated malicious content, redirects, hidden eval code and more. Also, it will check whether your website is blacklisted by Google and other blacklisting authorities. Help yourself to protect your website, your website users and your online reputation with a free Quttera Web Malware Scanner plugin.


  • One Click Scan
  • Unknown Malware Detection
  • External Links Detection
  • Blacklist Status
  • No Signatures or Patterns Updates
  • Artificial Intelligence Scan Engine
  • Cloud Technology
  • Detailed Investigation Report
  • Investigation of WordPress files
  • Detection of files infected by PHP malware
  • Detection of injected PHP shells

If you need a hand with malware removal please do not hesitate to contact us on support@quttera.com or sign-up to any of our annual plans which include malware cleanup and blacklist removal on https://quttera.com/anti-malware-website-monitoring-signup .


Plugin’s other home


  • Quttera Web Malware Scanner for Word Press


  1. Download the plugin.
  2. Go to the WordPress Plugin menu and activate it.
  3. That’s it!


How is this plugin different from similar plugins?

This plugin uses Quttera’s unique, patented, malware scanning and detection technology. The scanning engine employs a multi-layered, heuristic approach to gather the intelligence from the analyzed system and digest it into weighted rules to flag a piece of code as malicious. A self-learning mechanism uses Quttera’s threats intelligence database crowd-sourced from a worldwide network to update the ruleset and improve detection with each subsequent run.

What is the heuristic scan?

Standard or traditional scanning relies on the signature matching mechanisms. In which the signature of the known threat or its polymorphed variant is compared with the contents (string, e.g.) of the examined file. This technique relies on the existence of the signature in the database to enable the detection. Heuristic approach implements rules, weight-based systems, emulators, flow analyzers, statistical and mathematical methods when probing specific instructions, commands or any other portion of the software. As a result, it allows detecting the potentially malicious functionality in new (previously unknown) malware.

What to do if plugin detects something suspicious?

Quttera technology encompasses heuristic and self-learning components. The severity of the detection depends on the danger it can potentially pause. Current implementation offers four (4) severity levels: Clean, Potentially Suspicious, Suspicious and Malicious. If you are not sure whether Potentially Suspicious or Suspicious detection is an actual threat, our team will help you with that. You can contact us via any of the following: a ticket at https://helpdesk.quttera.com, email to support@quttera.com or through the Support Forum .

Where can I get support for this plugin?

You can contact us via any of the following: a ticket at https://helpdesk.quttera.com, email to support@quttera.com or through the Support Forum .

What to do in case of False-Positives?

Report False-Positive to our helpdesk, and we will review and fix it within the 3-4 working days.

How to submit samples that plugin did not detect?

Please submit any missing detection to our helpdesk.

Why when I click Start Scan the screen freezes and then goes blank?

That usually occurs when there is only one PHP worker assigned to the site. When the plugin runs, it occupies one PHP worker for the scan. Since there are no extra PHP workers available, the plugin blocks the website until the scan is finished.

Do you offer paid services?

Yes, we offer website security plans to protect the sites from malware and blacklisting, fix hacking and improve the overall cybersecurity risks management for web assets.

Why when I click Scan Now nothing happens?

A front-end code interacts with the backend code of this plugin through the HTTP request sent by loaded JavaScript functionality (code). Please verify that you have JavaScript enabled and that the firewall doesn’t block these requests.

How can I send you the investigation report?

Click “Download Report” button to generate the report, store it as a text file and send it to us via helpdesk.

Why when I run an internal scan, the scanned files count shows 0 (zero)?

The plugin scheduler invocation is based on WordPress Cron mechanism.
Some web hostings and servers do not enable the functionality required for WordPress Cron mechanism to work correctly.
There is a way to overcome this limitation by using alternative WordPress Cron. To enable alternative Cron, please add the following line to wp-config.php

define(‘ALTERNATE_WP_CRON’, true);

Questions about investigation process

For questions about investigation process please refer to http://quttera.com or post in the Support section here.


April 11, 2024
Great tool that helps you quickly find out whether and which plugins could be affected by a data leak if you have numerous attacks on WordPress (e.g. on wp-admin). You can then replace all plugin folders with the original plugin files via FTP, done. Very good job, thank you!
November 5, 2022
I wasnt expecting anything from this plugin but it has saved my lots of time and money. First I removed some critical files by wordfence and tried almost all malware scanners but non of the scanners could detect the infected files, infact wordfence was showing no threat but my site was displaying the japanese letters snippet on google and had 62000 links indexed on google console. I would say Malcare did a good job in scanning the malware but it doesnt show any files because of paid service. After running this scanner it showed me some malicious files and I removed them from the control panel by myself. Book malware was disappeared scanner didnt showed site is hacked. Thanks alot guys
June 2, 2022 1 reply
Only tells you that it is paid once it has supposedly detected infectoin. This can’t be trusted when the vendor is motivated to detect false positives.
September 16, 2021
Отличный плагин! Теперь я могу спать спокойно. Поддержка ответила очень быстро и даже просмотрела мои подозрительные файлы вручную!
March 1, 2021 1 reply
The Only thing is that one has to sort out and whitelist quite a lot. One remark to the review before this one: Probably Quttera is not prepared for a XXAMP-server. The problems might be caused by the different file systems on Windows.
Read all 46 reviews

Contributors & Developers

“Quttera Web Malware Scanner” is open source software. The following people have contributed to this plugin.



  • Added new detection rules

  • Added new detection rules
  • Added new GUI

  • Added new detection rules
  • Fixed vulnerability types: Directory Listing and Path Traversal. Thanks to Dmitrii Ignatyev for reporting and helping to improve our plugin.

  • Added capability to ignore specific files or directories

  • Added capability for high sensitive and normal scans

  • Added new detection rules

  • Fixed presentation of investigation report

  • Added new SEO/malware/ransomware detections

  • Added admin user verification on internal scan

  • Added new SEO/malware/ransomware detections

  • Fixes for 4.8.2 and new backdoor samples

  • Added new malware/shell samples

  • Added new spam samples

  • Added new spam samples

  • Added new malware shell

  • Added new malicious ads detection


  • Initial public release