WordPress Malware & Vulnerability Scanner – VulnTitan

by Jaroslav Svetlik

Description

VulnTitan is a lightweight WordPress malware scanner and malware removal tool that detects infected files and vulnerable plugins before they can be exploited.

Instantly scan your WordPress site for malware infections and known vulnerabilities, review detailed results, and clean or remove malware safely using a guided fix workflow with automatic backups.

Unlike heavy security suites, VulnTitan focuses on practical protection: vulnerability detection, malware scanning and removal, file integrity monitoring, and essential firewall protection — without unnecessary bloat.

Malware Scanner

The WordPress malware scanner inspects your site files for suspicious code patterns and known malicious signatures.

Detect malware infections in core, plugins, and themes
Review problematic files with contextual code preview
Safe-fix workflow with automatic backups
Clear severity indicators and actionable recommendations

Vulnerability Scanner

The vulnerability scanner checks your installed WordPress core, plugins, and themes against a real-time vulnerability database powered by the VulnTitan API.

Detect vulnerable plugins and themes
Identify outdated components with known security risks
Real-time vulnerability intelligence
Clear risk explanations and remediation guidance

File Integrity Scanner

Monitor unauthorized file changes and unexpected modifications.

Baseline comparison for WordPress files
Queue-based processing for performance safety
Visual status legends for fast review
Actionable next steps for suspicious changes

Firewall & Login Protection

VulnTitan includes lightweight firewall and WAF protection to block common attack patterns.

Early MU-plugin runtime request guards
SQL injection (SQLi) payload protection
Command injection detection
Suspicious path traversal blocking
Endpoint whitelisting controls
Login lockout protection against brute-force attacks

Security-First Architecture

Secure storage and cleanup of scan queues and logs
Hardened backup handling outside ABSPATH by default
Adaptive performance tuning for safe large-site scanning

External services

This plugin connects to an external API at https://vulntitan.com/api/vulnerabilities to fetch up-to-date vulnerability data for WordPress core, plugins, and themes. This data is essential for detecting known vulnerabilities during scan operations.

When a vulnerability scan is performed, the following data is sent to the VulnTitan API:
– The slug and version of each plugin
– The slug and version of each theme
– The WordPress core version

This data is transmitted only during scans initiated by the user or by scheduled scan settings. No personal, user-identifying, or sensitive site data is collected, transmitted, or stored.

The external service is provided and operated by VulnTitan.com.

Installation

From your WordPress dashboard

Navigate to Plugins > Add New
Click Upload Plugin
Upload the downloaded ZIP file
Click Install Now, then Activate

From FTP or File Manager

Upload the extracted vulntitan folder to the /wp-content/plugins/ directory
Go to your WordPress dashboard
Navigate to Plugins > Installed Plugins
Find VulnTitan and click Activate

Once activated

Go to VulnTitan in your admin menu
Click Scan Now to run a malware and vulnerability scan
Review detected vulnerabilities, malware infections, and file integrity issues
Apply guided safe fixes where needed

Screenshots

WordPress malware and vulnerability scan dashboard overview.
Malware detection results with safe-fix workflow and backup protection.
Vulnerability scanner results showing vulnerable plugins and themes.

Faq

Who owns the VulnTitan API?

The VulnTitan API is developed, owned, and maintained by the same team behind this plugin. It is not a third-party service. The API is operated solely to provide accurate and real-time vulnerability intelligence for WordPress sites.

What data does the plugin send to the API?

The plugin sends only non-personal technical information such as plugin slugs, theme slugs, and WordPress core version numbers. No personal data, login credentials, email addresses, or sensitive information is transmitted or stored.

Why is the API connection required?

The API provides up-to-date vulnerability data needed to detect known security issues affecting WordPress core, plugins, and themes. Without this connection, vulnerability detection would not function correctly.

Does VulnTitan remove malware?

Yes. When malware is detected, VulnTitan provides a guided safe-fix workflow with backup protection so you can review and safely remove infected files.

Reviews

Excellent vulnerability scanner!

By componentz on May 17, 2025

I’ve been using VulnTitan for a few weeks now and I’m genuinely impressed. The plugin is fast, lightweight, and managed to detect vulnerabilities I had completely overlooked in some of my plugins.

I especially like the file integrity and malware scanning features – they provide great peace of mind.

The interface is clean and easy to use, and the reports are clear and helpful.
Highly recommended for anyone serious about securing their WordPress site!

Changelog

v2.0.1 – 03 Mar, 2026

Fixed Vulnerability scanner UI so the “Vulnerability Overview” section stays pinned at the top while results are scrolled.
Reduced Malware scanner false positives for benign CSS content: strings and similar static string-literal matches.

v2.0.0 – 25 Feb, 2026

Major release with redesigned Malware, Vulnerability, and File Integrity scan UX.
Improved malware scanner with detailed problematic-files panel and guided safe-fix actions.
Enhanced vulnerability detection powered by updated API intelligence.
Improved file integrity scanner with clearer legends and performance tuning.
Added dedicated Firewall module with MU runtime guards and login lockout protection.
Added WAF payload protection for SQL injection and command injection.
Security hardening for backup storage and automated cleanup routines.

For full release history, see CHANGELOG.md included in the plugin package.