FAIR

Federated and Independent Repositories

BrandBees Malware Guardian

Plugin Banner

BrandBees Malware Guardian

by BrandBees

Download
Description

BrandBees Malware Guardian is a powerful, easy-to-use local malware detection and removal tool for WordPress. It scans your WordPress installation’s filesystem and database for malicious code, injected scripts, backdoors, and other security threats. The plugin provides automated cleanup capabilities with automatic backups and rollback support.

Key Features:

  • Filesystem Scanning – Scans themes, plugins, and uploads directories for malicious PHP, JavaScript, HTML, and CSS files
  • Database Scanning – Scans posts, pages, options, widgets, and comments for injected scripts, spam links, and malicious shortcodes
  • Signature-Based Detection – Uses comprehensive malware signature database to identify known threats
  • Pattern Matching – Detects obfuscated code, base64-encoded payloads, eval() usage, and other suspicious patterns
  • One-Click Cleanup – Automated patching with automatic backup creation before any changes
  • Rollback Support – Restore original content from backups if needed
  • Scheduled Scans – Daily or weekly automatic scans via WP-Cron
  • Email Alerts – Receive notifications when new threats are detected
  • Incremental Scanning – Only scan changed files and database records for faster performance
  • Progress Tracking – Real-time progress updates during scans

How It Works:

  1. Navigate to BrandBees Malware Guardian in your WordPress admin menu
  2. Click Start Scan to begin scanning your site
  3. Review detected threats in the dashboard
  4. Use Clean button to automatically remove threats (with automatic backup)
  5. Configure scheduled scans and email alerts in settings

Use Cases:

  • WordPress site owners monitoring their site security
  • Web development agencies maintaining client sites
  • WordPress maintenance providers
  • Security-conscious website administrators
  • Post-infection cleanup and verification

Support

For support requests, please use the WordPress.org support forum.

Website: brandbees.net/contact-us

Developer Documentation

Hooks & Filters

The plugin provides filters for customization. Full developer docs: BrandBees Malware Guardian documentation.

Actions

There are no custom do_action hooks prefixed for this plugin at this time. Integrate via filters below or standard WordPress hooks.

Filters

  • bbmg_malware_scan_post_types – Adjust which post types are included in database content scanning (array of post type slugs).
  • bbmg_malware_scan_file_roots – Adjust absolute filesystem roots scanned for a given scope (array of paths, plus scan scope context).
  • bbmg_malware_excluded_file_extensions – Change which file extensions are skipped during file scanning (array).
  • bbmg_checksum_trust_scan_enabled – Enable or disable checksum-based trust optimizations during file scanning (boolean).
  • bbmg_pattern_risk_score_threshold – Override the internal pattern risk score threshold used by the matcher (integer).
  • bbmg_detection_risk_score – Adjust the computed risk score for a detection ($score, $signature_id, $category, $signature).
  • bbmg_stale_db_heartbeat_seconds – Seconds of grace before treating a DB scan heartbeat as stale (integer).
  • bbmg_stale_running_scan_grace_seconds – Grace period for a running scan before stale handling (integer).
  • bbmg_stale_zero_progress_grace_seconds – Grace period when scan progress is zero before stale handling (integer).
  • bbmg_signature_feed_url – Provide or override the remote URL used to load the malware signature JSON feed (string).
  • bbmg_signature_remote_fetch_disabled – Return true to disable remote signature feed fetching (boolean).
  • bbmg_signature_feed_ttl – Override cache TTL (seconds) for a successful remote signature feed response (integer).
  • bbmg_signature_feed_cron_first_delay – Override delay (seconds) before the first scheduled signature feed sync after setup (integer).

For deeper integration (REST routes, database tables, scan lifecycle), see the developer documentation site.

External services

This plugin can optionally use the following third-party services when you enable and configure them. No data is sent to any external service unless you explicitly enable the integration and provide your own API key.

  • PhishTank (Operated by Cisco Talos) – Used to check URLs against a database of known phishing sites. When enabled, the plugin downloads the PhishTank data feed (online-valid list) from PhishTank’s servers. No URLs from your site are sent to PhishTank; the feed is stored and used locally for lookups. Data is requested when you update the PhishTank database (manual or scheduled). Terms of use: https://phishtank.org/terms.php. Privacy policy: https://www.phishtank.org/privacy.php.

  • VirusTotal – Optional URL scanning. When you enable VirusTotal and enter your API key, the plugin may send URLs you choose to scan to VirusTotal’s API to get threat reports. Data is sent only when a scan uses the VirusTotal integration (e.g. when you run a scan that includes URL checks). Terms of service: https://www.virustotal.com/gui/terms-of-service. Privacy policy: https://www.virustotal.com/gui/privacy-policy.

  • Google Safe Browsing API – Optional URL threat lookup. When you enable it and provide an API key, the plugin may send URL hashes (not full URLs) to Google’s Safe Browsing API to check against Google’s threat lists. Data is sent only when a scan uses the Safe Browsing integration. Terms of service: https://developers.google.com/safe-browsing/v4/terms. Google privacy policy: https://policies.google.com/privacy.

WordPress.org APIs (e.g. core/plugin version checks) are used only to fetch update information; see WordPress.org privacy and terms for those services.

Privacy Policy

BrandBees Malware Guardian respects user privacy:

  • Local scanning only: All scanning is performed locally on your server
  • No external data transmission: Scan results are not sent to external servers unless you enable optional integrations (see External services above)
  • Optional API integrations: PhishTank, Google Safe Browsing, and VirusTotal are optional and require your API keys where applicable
  • Data storage: Scan results are stored locally in your WordPress database
  • Backup storage: Backups are stored locally in wp-content/uploads/bbmg-backups/

Credits

Developed by Brand Bees

Contributor profile: Hassan Ejaz (@genius786)

  1. Upload the brandbees-malware-guardian folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Navigate to BrandBees Malware Guardian in the admin menu to start scanning
  1. Dashboard - Overview of site security status and scan controls

    Dashboard - Overview of site security status and scan controls

  2. Scan progress - Real-time progress updates during scanning

    Scan progress - Real-time progress updates during scanning

  3. Threat detection - Detailed view of detected malware and threats

    Threat detection - Detailed view of detected malware and threats

  4. Cleanup interface - One-click cleanup with backup management

    Cleanup interface - One-click cleanup with backup management

  5. Scan history - Review past scans and results

    Scan history - Review past scans and results

  6. Settings - Configure scheduled scans and email alerts

    Settings - Configure scheduled scans and email alerts

What does the scanner check?

The scanner performs comprehensive checks on:
1. PHP files in themes, plugins, and uploads directories
2. JavaScript, HTML, and CSS files for injected code
3. WordPress database (posts, pages, options, widgets, comments)
4. Known malware signatures and patterns
5. Suspicious code patterns (eval, base64, obfuscation)

Does this scanner modify my files?

The scanner only reads files and database content by default. It will only modify files when you explicitly click the “Clean” button to remove detected threats. Before any modification, an automatic backup is created that you can restore from.

Is this scanner safe to use?

Yes. The scanner uses WordPress’s built-in WP_Filesystem API for all file operations, follows WordPress security best practices, and never modifies WordPress core files. All changes are backed up automatically before patching.

Can I schedule automatic scans?

Yes. You can configure daily or weekly automatic scans in the plugin settings. The plugin will send email alerts when new threats are detected.

What happens if a scan finds malware?

The scanner will display all detected threats in the dashboard with details about location, severity, and type. You can then choose to clean individual threats or clean all safe-to-remove threats at once. All cleanup operations create automatic backups.

Does the plugin store scan results?

Yes. Scan results are stored in the database so you can review scan history, compare results over time, and track security improvements.

What are the server requirements?

  • WordPress 5.8 or higher
  • PHP 7.4 or higher
  • Sufficient disk space for backups (recommended: 100MB+ free space)

1.0.0

  • Initial release
  • Filesystem scanning (PHP, JS, HTML, CSS)
  • Database scanning (posts, options, widgets, comments)
  • Malware signature database
  • Pattern matching engine
  • One-click cleanup with automatic backups
  • Rollback support
  • Scheduled scans via WP-Cron
  • Email alerts for new threats
  • Incremental scanning
  • Admin dashboard with real-time progress
  • Comprehensive threat detection and reporting
Back to top