Descriere
VulnTitan is a lightweight WordPress malware scanner and malware removal tool that detects infected files and vulnerable plugins before they can be exploited.
Instantly scan your WordPress site for malware infections and known vulnerabilities, review detailed results, and clean or remove malware safely using a guided fix workflow with automatic backups.
Unlike heavy security suites, VulnTitan focuses on practical protection: vulnerability detection, malware scanning and removal, file integrity monitoring, essential firewall protection, and hidden custom login access — without unnecessary bloat.
Malware Scanner
The WordPress malware scanner inspects your site files for suspicious code patterns and known malicious signatures.
- Detect malware infections in core, plugins, and themes
- Review problematic files with contextual code preview
- Safe-fix workflow with automatic backups
- Clear severity indicators and actionable recommendations
Vulnerability Scanner
The vulnerability scanner checks your installed WordPress core, plugins, and themes against a real-time vulnerability database powered by the VulnTitan API.
- Detect vulnerable plugins and themes
- Identify outdated components with known security risks
- Real-time vulnerability intelligence
- Clear risk explanations and remediation guidance
File Integrity Scanner
Monitor unauthorized file changes and unexpected modifications.
- Baseline comparison for WordPress files
- Queue-based processing for performance safety
- Visual status legends for fast review
- Actionable next steps for suspicious changes
Firewall & Login Protection
VulnTitan includes lightweight firewall and WAF protection to block common attack patterns and protect the WordPress login surface.
- Early MU-plugin runtime request guards
- SQL injection (SQLi) payload protection
- Command injection detection
- Suspicious path traversal blocking
- Endpoint whitelisting controls
- Login lockout protection against brute-force attacks
- Configurable custom login slug so administrators can use a private login URL instead of the default
wp-login.php - Default
wp-login.phpand guestwp-adminaccess can be hidden behind a404response when custom login is enabled
Security-First Architecture
- Secure storage and cleanup of scan queues and logs
- Hardened backup handling outside
ABSPATHby default - Adaptive performance tuning for safe large-site scanning
External services
This plugin connects to an external API at https://vulntitan.com/api/vulnerabilities to fetch up-to-date vulnerability data for WordPress core, plugins, and themes. This data is essential for detecting known vulnerabilities during scan operations.
When a vulnerability scan is performed, the following data is sent to the VulnTitan API:
– The slug and version of each plugin
– The slug and version of each theme
– The WordPress core version
This data is transmitted only during scans initiated by the user or by scheduled scan settings. No personal, user-identifying, or sensitive site data is collected, transmitted, or stored.
The external service is provided and operated by VulnTitan.com.
- Terms of Service: https://vulntitan.com/terms
- Privacy Policy: https://vulntitan.com/privacy
Capturi ecran
WordPress malware and vulnerability scan dashboard overview. 
Malware detection results with safe-fix workflow and backup protection. 
Vulnerability scanner results showing vulnerable plugins and themes. 
File integrity scan results with baseline comparison. 
Firewall and WAF protection settings panel. 
Vulnerability scan progress bar. 
Firewall hidden custom login configuration and protected access screen.
Instalare
From your WordPress dashboard
- Navigate to Plugins > Add New
- Click Upload Plugin
- Upload the downloaded ZIP file
- Click Install Now, then Activate
From FTP or File Manager
- Upload the extracted
vulntitanfolder to the/wp-content/plugins/directory - Go to your WordPress dashboard
- Navigate to Plugins > Installed Plugins
- Find VulnTitan and click Activate
Once activated
- Go to VulnTitan in your admin menu
- Click Scan Now to run a malware and vulnerability scan
- Review detected vulnerabilities, malware infections, and file integrity issues
- Apply guided safe fixes where needed
Întrebări frecvente
-
Who owns the VulnTitan API?
-
The VulnTitan API is developed, owned, and maintained by the same team behind this plugin. It is not a third-party service. The API is operated solely to provide accurate and real-time vulnerability intelligence for WordPress sites.
-
What data does the plugin send to the API?
-
The plugin sends only non-personal technical information such as plugin slugs, theme slugs, and WordPress core version numbers. No personal data, login credentials, email addresses, or sensitive information is transmitted or stored.
-
Why is the API connection required?
-
The API provides up-to-date vulnerability data needed to detect known security issues affecting WordPress core, plugins, and themes. Without this connection, vulnerability detection would not function correctly.
-
Does VulnTitan remove malware?
-
Yes. When malware is detected, VulnTitan provides a guided safe-fix workflow with backup protection so you can review and safely remove infected files.
Recenzii
Contributori și dezvoltatori
„VulnTitan – Malware Scanner, Vulnerability Scanner & Security” este un software open-source. La acest modul au contribuit următoarele persoane.
Contributori
Tradu „VulnTitan – Malware Scanner, Vulnerability Scanner & Security” în limba ta.
Te interesează dezvoltarea?
Răsfoiește codul, vezi depozitarul SVN, sau abonează-te la jurnalul de dezvoltare prin RSS.
Istoric modificări
v2.0.6 – 12 Mar, 2026
- Added configurable custom login slug support so administrators can use a private login URL instead of the default
wp-login.phppath. - Hidden direct guest access to default
wp-login.phpandwp-adminentry points when custom login protection is enabled. - Reworked the Firewall page with a tabbed settings layout, a wider recent events section, and toast-style action feedback.
v2.0.4 – 10 Mar, 2026
- Redesigned the VulnTitan Dashboard into an elite, professional security command center layout.
- Redesigned the Firewall page into a professional command center layout.
- Removed the dashboard sidebar to keep the UI focused on scan operations.
- Redesigned the top navigation bar to match the new elite dashboard and firewall style.
- Fixed scan progress indicator layout in the redesigned dashboard.
v2.0.3 – 10 Mar, 2026
- Reduced false positives for benign decode-only utilities (e.g., base64 + gzuncompress).
- Reduced false positives for safe data:image/svg+xml;base64 payloads.
- Disabled auto-fix for low-risk malware findings to prevent accidental code removal.
v2.0.2 – 10 Mar, 2026
- Reduced malware scanner false positives for base64-decoded signature and key material.
- Avoided false positives from benign data:image base64 CSS payloads embedded in PHP/JS strings.
- Prevented false positives on large serialized option blobs without execution or file-write patterns.
v2.0.1 – 03 Mar, 2026
- Fixed Vulnerability scanner UI so the „Vulnerability Overview” section stays pinned at the top while results are scrolled.
- Reduced Malware scanner false positives for benign CSS
content:strings and similar static string-literal matches.
v2.0.0 – 25 Feb, 2026
- Major release with redesigned Malware, Vulnerability, and File Integrity scan UX.
- Improved malware scanner with detailed problematic-files panel and guided safe-fix actions.
- Enhanced vulnerability detection powered by updated API intelligence.
- Improved file integrity scanner with clearer legends and performance tuning.
- Added dedicated Firewall module with MU runtime guards and login lockout protection.
- Added WAF payload protection for SQL injection and command injection.
- Security hardening for backup storage and automated cleanup routines.
For full release history, see CHANGELOG.md included in the plugin package.