NinjaScanner – Virus & Malware scan


A lightweight, fast and powerful antivirus scanner for WordPress.

NinjaScanner is a lightweight, fast and powerful antivirus scanner for WordPress which includes many features to help you scan your blog for malware and virus.


  • File integrity checker.
  • File comparison viewer.
  • Exclusion filters.
  • File snapshot.
  • Database snapshot.
  • Anti-malware/Antivirus.
  • Sandbox for quarantined files.
  • Ignored files list.
  • Google’s Safe Browsing Lookup API.
  • Incremental scans.
  • Background scans.
  • Scheduled scans (Premium).
  • WP-CLI integration (Premium).
  • Debugging log.
  • Email report.
  • Integration with NinjaFirewall (WP and WP+ Edition).
  • Multi-site support.
  • Contextual help.
  • And many more…

File Integrity Checker

The File Integrity Checker will compare your WordPress core files as well as your plugin and theme files to their original package. Its File Comparison Viewer will show you the differences between any modified file and the original. You can also add your Premium themes and plugins to the File Integrity Checker. Infected or corrupted files can be easily restored with one click.

File Snapshot

The File Snapshot will show you which files were changed, added or deleted since the previous scan.

Database Snapshot

NinjaScanner will compare all published posts and pages in the database with the previous scan and will report if any of them were changed, added or deleted.

Anti-Malware Signatures

You can scan your blog for potential malware and virus using the built-in signatures. The scanning engine is compatible with Linux Malware Detect LMD (whose anti-malware signatures are included) and with some ClamAV signatures as well. You can even write your own anti-malware signatures.

Incremental Scan

If a scan is interrupted before completion (e.g., crash, error etc), it will restart automatically where it left off.

NinjaFirewall Integration

If you are running our NinjaFirewall (WP or WP+ Edition) web application firewall plugin, you can use this option to integrate NinjaScanner into its menu.

Fast and Lightweight Scanner

NinjaScanner has strictly no impact on your database. It only uses it to store its configuration (less than 1Kb). It saves the scan data, report, logs etc on disk only, makes use of caching to save bandwidth and server resources. It also includes a Garbage Collector that will clean up its cache on a regular basis.

Background Scans

Another great NinjaScanner feature is that it runs in the background: start a scan, let it run and keep working on your blog as usual. You can even log out of the WordPress dashboard while a scanning process is running! You don’t have to wait patiently until the scan has finished. Additionally, a scan report can be sent to one or more email addresses.

Sandbox for quarantined files

When moving a file to the quarantine folder, NinjaScanner can use a testing environment (a.k.a. sandbox) to make sure that this action does not crash your blog with a fatal error. If it does, it will warn you and will not quarantine the file. It is possible (but not recommended) to disable the sandbox.

Advanced Settings

NinjaScanner offers many advanced settings to finely tune it, such as exclusion filters, selection of the algorithm to use, a debugging log etc.

Privacy Policy

Your website can run NinjaScanner and be 100% compliant with the General Data Protection Regulation (GDPR):

We, the authors, do not collect, share or sell personal information. We don’t track or profile you. Our software does not collect any private data from you or your visitors.

Premium Features

Check out our NinjaScanner Premium Edition

  • Scheduled Scans: Don’t leave your blog at risk. With the scheduled scan option, NinjaScanner will run automatically hourly, twice daily or daily.
  • WP-CLI Integration: Do you own several blogs and prefer to manage them from the command line? NinjaScanner can nicely integrate with WP-CLI, using the ninjascanner command. You can use it to start or stop a scanning process, view its status, its report or log from your favourite terminal, without having to log in to the WordPress Admin Dashboard.
  • Dedicated Help Desk with Priority Support


  • Summary page.
  • Basic settings.
  • Advanced settings.
  • Nerds settings.
  • WP-CLI integration.
  • Report sample.
  • Viewing differences between the modified and the original files.
  • Debugging log.
  • Integration with NinjaFirewall.


  1. Upload the ninjascanner folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ page in WordPress.
  3. Plugin settings are located in the ‘Tools > NinjaScanner’ sub-menu.


6 Agost 2019
Thanks for breaking my site. I hope wordpress delete this plugin very soon.
11 julhet 2018
Great product! Many times helped to understand the vector of attack and protect the site! I put on all my projects and recommend to clients!
Read all 10 reviews

Contributors & Developers

“NinjaScanner – Virus & Malware scan” is open source software. The following people have contributed to this plugin.


“NinjaScanner – Virus & Malware scan” has been translated into 1 locale. Thank you to the translators for their contributions.

Translate “NinjaScanner – Virus & Malware scan” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Fixed a bug where NinjaScanner original menu was not removed from the dashboard left frame after integrating it with NinjaFirewall v4.0+.


  • Added an option to delete the scan report and its corresponding snapshot. You can use it to clear the whole cache and its data if the snapshot was corrupted instead of having to delete the files manually over FTP. See « Settings > Advanced Users Settings > Nerds Settings > Clear snapshot and scan report ».
  • Added better HTTP headers than WordPress default ones to all AJAX requests.


  • Added a new user interface for the scanner report: nicer UI with a separate section for each items, row action links etc.
  • Added some options to configure the scanner report UI. See « Settings > Advanced Users Settings > Scan report ».
  • New UI is now fully compatible with portable devices.
  • Added an ignored files list: all files moved to that list will be ignored by the scanner, unless they are modified or removed from the list.
  • Improved the file viewer.
  • Added more AJAX actions. All Javascript code was rewritten.
  • Better handling of errors.
  • Added more verbosity below the progress bar when a scan is running.
  • Added HTTP referrer to satisfy Google Safe Browsing application restriction.


  • Compatibility with WordPress 5.2.
  • Updated checksum hashes.


  • Added an option to check the site against Google’s Safe Browsing Lookup API. See « Settings > Advanced Users Settings > Google Safe Browsing ».
  • Added an option for HTTP basic authentication: if the site is password-protected, you can add the username and password to the « Settings > Advanced Users Settings > Nerds Settings > HTTP basic authentication » option.
  • When attempting to view a file, NinjaScanner will return an error if it is a binary file.
  • Small fixes and adjustements.


  • Added an exclusion list to avoid false positives when checking user roles and capabilities if the blog is running plugins that add new roles in the database (e.g., WooCommerce).


  • NinjaScanner will now also check if some important WordPress options in the database have been tampered with (e.g., user roles and capabilities).


  • Fixed a potential « Undefined variable: version » PHP notice when writing to the scanner log.
  • Fixed a potential « Failed to open stream » PHP warning when a temporary file was deleted right after the scanner built the list of files.
  • Added the values of « memory_limit » and « max_execution_time » to the scanner log for debugging purposes.
  • Increased the height of the textarea in the « Log » and « Quarantine » pages.
  • Small fixes and adjustements.


  • When viewing a file marked as suspicious by the antimalware scanner, the suspicious code will be highlighted in yellow.
  • When comparing two files, the full path and filename will be displayed at the top.
  • The scanner’s antimalware signatures are now digitally signed to make sure they weren’t tampered with.
  • The scanning process forking method will be set to AJAX instead of WP_CRON by default.
  • Small fixes and adjustements.


  • Improved the anti-malware engine processing speed.


  • Added a new option to fork the scanning process using WordPress built-in AJAX feature instead of the default WP-CRON. Use this alternate option if the scan does not start and throws an error. See « Settings > Advanced Users Settings > Scanning process > Fork process ».
  • Various fixes and adjustements.


  • Added a new option to detect and report all published pages and posts that were changed, added or deleted in the database since last scan. See « Settings > Advanced Users Settings > Database snapshot ».
  • Various fixes and adjustements.


  • Fixed an issue where the scanner might not able to verify a plugin integrity even it is was available in the repo because it was not properly « tagged » by its author. If the problem occurs, NinjaScanner will download the plugin from its « trunk » folder as a last resort.


  • Added a new option: « Advanced Users Settings > Incremental scan > Attempt to force-restart the scan using an alternate method ». Because some hosts may kill PHP scripts if they take too long to run, this option will attempt to force-restart the scan using an alternate method. Enable it only if the scan hangs or does not seem to terminate.
  • The scan report will no longer suggest to install NinjaFirewall if the server is running Microsoft Windows Server OS.
  • Fixed a potential « Zend OPcache API » warning message when moving a file to the quarantine folder.
  • Minor fixes and adjustments.


  • Added an option to apply the files & folders exclusion list to the file integrity checker. This option can be useful if you have themes or plugins that create temporary or cached files inside their own installation folder, and want them to be excluded from the file integrity checker (see « NinjaScanner > Settings > Basic Settings > Ignore files/folders > Apply the exclusion list to the file integrity checker »).
  • Replaced the animated GIF with a progress bar when a scan is running.


  • Fixed a fatal error with non UTF-8 chars when calling the json_decode() function.
  • Makes sure the destination folder is writable before restoring a file.
  • Added a « GDPR Compliance » link in the « About » page.


  • Added a sandbox to the quarantine option: When moving a file to the quarantine folder, NinjaScanner can use a testing environment (a.k.a. sandbox) to make sure that this action does not crash your blog with a fatal error. If it does, it will warn you and will not quarantine the file. The sandbox option can be disabled from the « Nerds Settings » menu. See also our blog:
  • Added support for chrooted ABSPATH (« / »).
  • When moving a file to the quarantine folder, an error message will be returned if the source file is not writable and cannot be deleted.


  • You can now restore modified files (WordPress core, plugin and theme) or quarantine other files with one click while viewing the scan report: select the file in the listbox, and click the corresponding button below.
  • Added a new « Quarantine » tab. It displays the list of quarantined files, if any, and can be used to managed them.
  • Added a diagnostics button to help detect potential errors (« NinjaScanner > Settings > Advanced Users Settings > Nerds Settings > Debugging > Run diagnostics »).
  • Better error handling (memory allocation errors etc).
  • Added a new « System » section to the scan report. It will be used to perform various system tests.
  • Minor fixes and adjustments.


  • The File Comparison Viewer will always attempt to retrieve the original core, plugin or theme file from the local cache first and, if not found, it will download it from rather than returning an error message.
  • Fixed a bug where some errors occurring while checking the core files integrity (e.g., connection errors, time-out) were not mentioned in the email report.


  • Fixed a bug where the scan report was sent by email regardless of the user settings.
  • Fixed an issue with non-en_US locale WordPress installations: the « File Integrity Checker » could wrongly report that bundled translation files (.mo and .po) were modified because it was using outdated cached copies of the files.
  • By default, the Garbage Collector will run hourly instead of daily. You can also run it manually to flush the cache immediately (see « NinjaScanner > Settings > Advanced Users Settings > Nerds Settings > Run the garbage collector »).


  • Added the option to send the email report depending on the scan results (e.g., only if a critical or important problem was detected). See the « NinjaScanner > Settings > Send the scan report » option.
  • Improved the detection of backdoors in the root (ABSPATH) of the blog installation.
  • Fixed a bug that could wrongly flag a cached file as suspicious when a caching plugin was installed.
  • Minor fixes and adjustments.


  • The scanning process can be started even when DISABLE_WP_CRON is set (note that a cron job is still needed to run scheduled scans and the garbage collector).
  • Fixed a bug in the file comparison viewer that would skip some empty lines.


  • Fixed an issue with non-en_US locale WordPress installations: the « File Integrity Checker » could wrongly report that some files (wp-config-sample.php, version.php and readme.html) were modified.
  • Increased remote connections timeout from 10 to 60 seconds.
  • Added a warning if the report was created with a different version of NinjaScanner.


  • Initial released.