Quttera ThreatSign – Web Malware Scanner for WordPress

by quttera

Description

Quttera ThreatSign protects your WordPress website with multi-layered security:

Malware Detection: Powered by Quttera’s AI-driven heuristic engine, the scanner detects malicious PHP, obfuscated JavaScript, hidden iframes, redirects, spam, SEO malware, and credit-card skimmers targeting checkout pages. The plugin performs on-demand scans directly from your WordPress admin and checks your domain against more than 40 global security authorities, including Google, McAfee, Norton, and Yandex. Detection capabilities are continuously enhanced using insights from Quttera’s worldwide threat intelligence network.

Brute Force Protection: Prevents unauthorized login attempts with IP locking, configurable rate limiting, and environment-aware protection policies. Supports both shared hosting (aggressive locking) and dedicated servers (progressive delays). Includes emergency bypass mechanism for critical situations.

Bot Protection: Layered defense against automated attacks using multi-stage risk evaluation, token-bucket rate limiting, and legitimate bot recognition (Googlebot, Bingbot, etc.). Protects REST API, XML-RPC, and WooCommerce endpoints with endpoint-specific risk scoring.

Admin User Monitoring: Real-time detection and alerting for unauthorized admin additions, removals, and role changes with database audit trail and snapshots.

For complete protection—including automated malware removal, scheduled scanning, WAF, and 24/7 monitoring—you can upgrade to a ThreatSign Website Security plan.

Malware Detection Features:

One-click on-demand scans from WP admin
0-day (unknown threat) detection via heuristic & behavioral analysis
Detection of malicious PHP (backdoors, shells, injections)
Detection of obfuscated or polymorphic JavaScript
Identification of malicious iframes, redirects & hidden links
Detection of spam & SEO malware
Checkout skimmer detection
Inspection of WordPress core file integrity
Detection of alien or unauthorized files in core directories
External links and outbound reference analysis
Blacklist checks across 40+ security authorities
Cloud-based scanning to reduce server resource load
Detailed investigation reports with severity levels

Brute Force Protection Features:

IP-based locking with configurable thresholds
Multi-stage failure detection with soft and hard locks
Environment-aware policies for shared hosting and dedicated servers
IP whitelist/blacklist with CIDR notation support
Emergency bypass mechanism via constant or filter
User account lockout alerts via email
Combo-lock (IP + username) detection
Rate limiting with progressive delays

Bot Protection Features:

Multi-stage risk evaluation with heuristic analysis
Token-bucket rate limiting across multiple lanes (global, REST, XML-RPC, checkout, cart)
Legitimate bot recognition (Googlebot, Bingbot with elevated rate limits)
REST API enumeration and authentication protection
WooCommerce endpoint protection (checkout & cart)
Configurable operation modes (Observe, Balanced, Aggressive)
Risk-based challenge mechanisms and exponential backoff

Admin User Monitoring Features:

Real-time detection of admin user additions and removals
Admin role change tracking
Database snapshot comparison for audit trail
WP-Cron scheduled checks (1-minute intervals)
Immediate detection via WordPress hooks
Email alerts for unauthorized changes
Comprehensive alarm system integration

If you need malware removal assistance, contact us at support@quttera.com or sign up for any
of our ThreatSign annual plans, which include cleanup & blacklist removal:
https://quttera.com/anti-malware-website-monitoring-signup

Credits

Quttera

Plugin’s other home

WordPress Malware Scanner

Installation

Download the plugin.
Go to the WordPress Plugins menu and activate it.
That’s it!

Screenshots

WordPress Malware Scanner dashboard showing external website scan summary and malware detection status.
Initial scanner dashboard before a scan is executed, displaying domain and scanner configuration.
High-sensitivity internal malware scan results showing detected malicious and suspicious files.
Standard malware scan results summarizing clean, suspicious, and malicious files detected on the website.
Detailed malware detection report displaying identified threats, file signatures, and malicious code indicators.
Malware Scanner configuration panel with scan mode selection, file system integrity controls, and scheduled scanning options.
Security dashboard displaying critical security alerts, external website scan results, and server-side malware scan statistics.
Security alerts panel listing detected bot attacks, security warnings, and active threat notifications.
Administrator access log showing successful and failed login attempts for privileged WordPress accounts.

Faq

How is this plugin different from similar plugins?

This plugin uses Quttera’s unique, patented malware scanning and detection technology. Its multi-layered heuristic engine gathers intelligence from the analyzed system and digests it into weighted rules to detect malicious code. A self-learning mechanism updates the ruleset using Quttera’s worldwide threat intelligence network.

What does the plugin detect?

The scanner identifies a wide range of threats, including:

Obfuscated JavaScript
Injected or malicious PHP code
Hidden iframes, redirects, and links
Spam and SEO malware
Card skimmers targeting WooCommerce checkout pages
Suspicious external links
Backdoors and PHP shells
Infected or modified WordPress core files

Heuristic and AI-powered analysis enables detection of new or unknown malware, not just known signatures.

What do I get for free with the plugin?

The free version includes:

Malware Detection:
* On-demand scans from the WordPress admin
* Blacklist checks across 40+ services
* Malware detection (JS, PHP, backdoors, spam, iframes, skimmers, etc.)
* Investigation report with severity levels (Clean, Potentially Suspicious, Suspicious, Malicious)

Brute Force Protection:
* IP-based locking and failure detection
* User account lockout protection
* IP whitelist and blacklist management
* Email alerts for locked accounts

Bot Protection:
* Rate limiting and risk-based evaluation
* Legitimate bot recognition
* REST API and WooCommerce endpoint protection
* Configurable protection modes

Admin User Monitoring:
* Real-time detection of admin user changes
* Email alerts for additions, removals, and role changes
* Database audit trail with snapshots

To enhance protection with automated responses, scheduled scanning, and advanced WAF features, upgrade to ThreatSign Website Security.

What is the heuristic scan?

Traditional scanning uses signature matching. Heuristic scanning uses rules, weight-based systems, emulators, flow analyzers, and statistical methods to detect potentially malicious functionality, even in previously unknown threats.

What to do if plugin detects something suspicious?

Quttera’s severity levels indicate potential risk. If you’re unsure whether a detection is harmful, our team can help. Contact us via ticket at https://helpdesk.quttera.com, email support@quttera.com, or the plugin’s WordPress Support Forum.

Do you offer paid services?

Yes. Our ThreatSign Website Security plans provide:

Expert malware cleanup
Automatic malware removal
Continuous & scheduled scans
Web Application Firewall (WAF)
DDoS protection & mitigation
Blacklist removal (40+ authorities)
24/7 monitoring & protection

Learn more: https://quttera.com

Why does the screen freeze or go blank during scan?

This usually happens if your hosting assigns only one PHP worker. The scan process occupies the only worker, temporarily blocking the site until the scan completes.

Why when I click Scan Now nothing happens?

Ensure JavaScript is enabled and your firewall isn’t blocking plugin requests. The plugin communicates with the backend via JavaScript-generated HTTP requests.

How can I send you the investigation report?

Use the “Download Report” button, save the file, and send it to us via https://helpdesk.quttera.com/open.php.

Why does the internal scan show 0 scanned files?

Your hosting may not allow WordPress Cron to function properly.
You can enable an alternative cron method by adding this line to wp-config.php:

define(‘ALTERNATE_WP_CRON’, true);

How to submit undetected samples?

Submit them via: https://helpdesk.quttera.com/open.php

Questions about investigation process

For questions about investigation process please refer to http://quttera.com or post in the Support section here.

What is Brute Force Protection and how does it work?

Brute Force Protection defends against unauthorized login attempts by tracking failed logins per IP address and username combination. It applies progressive locking:
* Soft lock: Introduces account lockout after configurable failures
* Hard lock: Completely blocks the IP after repeated failures
* Emergency bypass: Can be enabled via constant QTR_BRUTEFORCE_BYPASS or filter hook for critical situations

The protection is environment-aware, with different strategies for shared hosting (aggressive locking) versus dedicated servers (progressive delays).

What is Bot Protection and how does it work?

Bot Protection uses multi-stage risk evaluation to detect and rate-limit automated attacks. It examines:
* User-Agent signatures and heuristics
* Request rates and patterns across different endpoints
* Risk scores for specific endpoints (REST API, XML-RPC, WooCommerce, etc.)

Legitimate bots (Googlebot, Bingbot) are recognized and granted elevated rate limits. The system operates in three modes:
* Observe: Logs threats without blocking
* Balanced: Soft enforcement with fail-open for checkout (default)
* Aggressive: Hard enforcement on all endpoints

How do I enable Emergency Bypass if I’m locked out?

If you’re locked out by Brute Force Protection, you have two options:
1. Add to wp-config.php: define('QTR_BRUTEFORCE_BYPASS', true);
2. Or use the filter hook: apply_filters('qtr_bruteforce_emergency_bypass', false) returning true

After enabling bypass and regaining access, disable it and configure a proper IP whitelist.

What does Admin User Monitoring track?

Admin User Monitoring detects and alerts on:
* New admin users being added to the site
* Admin users being removed
* Administrator role being assigned or changed

The plugin creates database snapshots to compare with previous states, providing a comprehensive audit trail. Checks run automatically every minute via WP-Cron and also on every WordPress admin page load.

Can I customize hosting type settings for Brute Force Protection?

Yes. The plugin automatically detects your hosting environment and applies appropriate policies:
* Shared Hosting: Minimal delays (avoid blocking precious worker processes), aggressive locking
* Dedicated Server: Progressive delays, higher failure thresholds, more forgiving approach

You can also manually configure IP whitelists/blacklists regardless of hosting type.

How often are admin users checked for changes?

Admin user monitoring checks run:
* Every 1 minute (via scheduled WP-Cron)
* On every WordPress admin page load (via admin_init hook)
* Immediately when users are added, removed, or roles are changed (via WordPress hooks)

This multi-layered approach ensures rapid detection of unauthorized changes.

Reviews

Effective plugin for vulnerability detection

By romeroz on January 12, 2025

It just helps when you're having trouble. Nice cool job, thank you!

Highly recommended

By nmrockswp on April 11, 2024

Great tool that helps you quickly find out whether and which plugins could be affected by a data leak if you have numerous attacks on WordPress (e.g. on wp-admin). You can then replace all plugin folders with the original plugin files via FTP, done. Very good job, thank you!

Cleaned all my issues. Fantastic

By oscarma007 on February 10, 2023

It cleaned the malware on my website before it executed and gave me issues. top-notch product.

Saved my life

By rocky12 on November 5, 2022

I wasnt expecting anything from this plugin but it has saved my lots of time and money. First I removed some critical files by wordfence and tried almost all malware scanners but non of the scanners could detect the infected files, infact wordfence was showing no threat but my site was displaying the japanese letters snippet on google and had 62000 links indexed on google console. I would say Malcare did a good job in scanning the malware but it doesnt show any files because of paid service. After running this scanner it showed me some malicious files and I removed them from the control panel by myself. Book malware was disappeared scanner didnt showed site is hacked. Thanks alot guys

Useless Adware

By WilliamCampbell on June 2, 2022

Only tells you that it is paid once it has supposedly detected infectoin. This can't be trusted when the vendor is motivated to detect false positives.

Excellent

By dfyz1337 on September 16, 2021

Отличный плагин! Теперь я могу спать спокойно. Поддержка ответила очень быстро и даже просмотрела мои подозрительные файлы вручную!

Works well!

By Harald Wenzel (epiphanius1) on March 1, 2021

The Only thing is that one has to sort out and whitelist quite a lot. One remark to the review before this one: Probably Quttera is not prepared for a XXAMP-server. The problems might be caused by the different file systems on Windows.

AVOID, CONTINUOUS FALSE POSITIVES

By Andrés Sorolla (andresgs) on September 26, 2020

This security plugin is a complete fraud. Once installed on my website and performed a high sensitivity test it found no less than 5 MALICIOUS FILES, 8 POTENTIALLY SUSPICIOUS FILES AND THE WORST 1381 SUSPICIOUS FILES!!!! Suspecting that this was not true, I proceeded to perform the following test. On a computer with a freshly installed copy of the original W10, all the updates done, an updated antivirus and without any virus detection, I installed a local copy of the latest version of WordPress in XAMPP. I named this local version of WordPress Quttera in honor of these gentlemen. I installed only the Quttera plugin and performed a high-sensitivity scan on this completely new installation of wordpress and then found: 3 MALICIOUS FILES and 8 POTENTIALLY SUSPICIOUS FILES !!!! Funny, isn't it? I proceeded to install the Elementor plugin and then changed the report to: 3 MALICIOUS ARCHIVES and 11 POTENTIALLY SUSPECTIVE ARCHIVES !!!! I proceeded to perform a third test.I installed the plugin Duplicator by Snap Creek and RANK MATH SEO this time the report was: 5 MALICIOUS AND 11 POTENTIALLY SUSPICIOUS FILES !!!! These results appear in a clean WordPress installation, with no post, image, or page created, nothing! I am completely convinced that this plugin is a scam. Quttera's owners scare you with false positives and countless suspicious files with the sole aim of making you pay for disinfecting something that is not infected and fattening Quttera's wallet. I hope this test will save users the time lost trying to clean something from viruses that is definitely not infected. Wordpress should remove this plugin from its list

Worth your time and money! HIGHLY RECOMMENDED

By Faststores (faststores) on August 27, 2020

I'd like to thank the Quttera team to fix our malware issues that other great security plugins doesn't detect. The premium price is worth every penny. You don't deserve to get 1 star rating. Highly recommended so thank you very much!!

Waste of time

By pdpiotr on August 17, 2020

It see malware, but not removes until you pay. waste of time and scam like malware.

Changelog

4.0.0.9

Added new detection rules

4.0.0.1

Major: Added Brute Force Protection system with configurable policies
Major: Added Bot Protection with token-bucket rate limiting
Major: Added Admin User Monitoring with real-time alerts
Added Emergency Bypass mechanism for Brute Force Protection
Added environment-aware policies for shared hosting and dedicated servers
Added comprehensive alarm system with email notifications
Added HowTo guides and improved dashboard
Added separated pages for blocked IPs (Bot vs Brute Force)
Added admin account lockout alerts
Fixed alarm flooding and improved alarm management
Improved code organization with dedicated modules
Added new detection rules

3.5.2.1

Fixed vulnerability type: Stored XSS Administrator+ role Affected Plugin. Thanks to Artyom Krugov for reporting and helping to improve our plugin.
Fixed vulnerability type: Server-Side Request Forgery. Thanks to Jonas Benjamin Friedli for reporting and helping to improve our plugin. CVE-2025-8013.

3.5.1.41

Added new detection rules

3.5.0.1

Added new detection rules
Added new GUI

3.4.2.1

Added new detection rules
Fixed vulnerability types: Directory Listing and Path Traversal. Thanks to Dmitrii Ignatyev for reporting and helping to improve our plugin.

3.4.0.1

Added capability to ignore specific files or directories

3.3.0.22

Added capability for high sensitive and normal scans

3.2.1.97

Added new detection rules

3.1.1.0

Fixed presentation of investigation report

3.0.21.17

Added new SEO/malware/ransomware detections

3.0.9.1

Added admin user verification on internal scan

3.0.8.65

Added new SEO/malware/ransomware detections

3.0.8.1

Fixes for 4.8.2 and new backdoor samples

3.0.7.45

Added new malware/shell samples

3.0.7.22

Added new spam samples

3.0.7.21

Added new spam samples

3.0.7.20

Added new malware shell

3.0.7.0

Added new malicious ads detection

1.0.0

Initial public release