Features/Security scanning

DEEPGUARD

Three-tier risk classification, WordPress.org checksum verification, 30+ malware signatures. Built to find real threats — without the false positives that cry wolf.

Scan my stack How it works

Scanned

Threats

Score

0/100

CRITICAL

XZ Backdoor

CVE-2024-3094 · web-prod-01

HIGH

Linux Kernel UAF

CVE-2024-1086 · api-prod-02

MED

OpenSSL DoS

CVE-2024-0727 · gateway

LOW

OpenSSH (regreSSHion)

CVE-2024-6387 · bastion

2026.05.30

4,200+

Sites secured

3-tier

Risk classification

30+

Malware patterns

99.4%

Real-threat accuracy

What you get

Built for the real work,
not just the demo.

Three-tier risk system

Verified · Modified · High Risk. No more "everything is NULLED" hysteria. Confidence scores you can act on.

WP.org checksum verify

Bit-perfect file integrity checks against the official WordPress.org repository. Catches tampering even when text is unchanged.

Malware signatures

Obfuscation, eval/base64, web shells, wp-vcd family — 30+ patterns updated as we see new threats in the wild.

License bypass detection

Premium plugins missing license code, hardcoded "valid" returns, removed activation hooks. Catches what others miss.

Server-side checks

SSL validity, HSTS, CSP, XML-RPC exposure, wp-config leaks. Probes from outside — no plugin required to scan.

CVE intelligence

Cross-references installed plugin versions against the latest disclosed CVEs. Get patched before you get pwned.

Three steps

From zero to insight in 60 seconds.

Connect a site

Install our plugin or just enter the URL for an external scan. We can do both — depth vs. zero-touch, you choose.

Run the scan

Combined file checksum + signature + license analysis runs in seconds. Server-side checks probe in parallel.

Act on the score

Each issue gets a confidence score and a clear recommendation. One-click reinstall clean from WP.org for verified plugins.

Detection philosophy

We do not call legitimate code malware to inflate our threat count.

WP.org repo check first

If a plugin is in the official directory, we trust it (WP.org rejects nulled submissions). No false flag on Contact Form 7.

Confidence scoring, not booleans

Every detection comes with a 0-100 confidence score. Below 25 = Verified, 25-65 = Modified, 65+ = High Risk.

Reason-explained signals

Every High Risk flag lists the specific signals that triggered it. No black-box "trust us, it is bad."

Self-aware detector

Our own plugin will never flag itself. Detection keywords are split-encoded so the scanner does not match its own pattern definitions.

Continuous signature updates

New malware patterns added monthly based on threats we see in real customer scans. Pushed automatically — no plugin update needed.

Patchstack CVE feed (PRO+)

Real-time vulnerability database integration. Know within hours of disclosure if your stack is affected.

"Caught two nulled plugins on a client site that other scanners missed completely. Saved us from a really uncomfortable conversation."

Sarah M.

Agency Owner · 18 WordPress sites

Sleep better. Scan smarter.

Get a real picture of your security posture in 60 seconds. No credit card to start.

Start free trial Talk to sales