外掛標籤
開發者團隊
原文外掛簡介
BrandBees Malware Guardian is a powerful WordPress security plugin that helps you detect, review, and safely clean malware from your website. It scans both your files and database for malicious code, spam injections, and defacement patterns, making it ideal for website owners who want clear, practical protection without complexity.
With BrandBees Malware Guardian, you get a structured and easy-to-understand malware detection experience. Instead of overwhelming you with technical logs, the plugin highlights real threats with clear severity levels, confidence scores, and actionable recommendations, so you can focus on what actually matters.
The plugin performs deep scans across your WordPress environment, including core files, themes, plugins, and database content. It identifies suspicious PHP, JavaScript, and HTML code, as well as SEO spam and hidden injections that can harm your website’s performance and search rankings.
BrandBees Malware Guardian is built to reduce false positives and noise. Its risk-based detection model prioritizes critical and high-risk issues, helping you respond faster and avoid wasting time on low-impact warnings. Each detected threat includes detailed insights and guided remediation steps, allowing you to clean your site safely without breaking functionality.
The plugin also supports scheduled scans and updated malware signatures, ensuring ongoing protection as new threats emerge. With a simple admin dashboard, you can monitor scan results, review incidents, and take action, all from one place.
Designed for both technical and non-technical users, BrandBees Malware Guardian makes WordPress malware detection and cleanup accessible, efficient, and reliable.
Key Features
Malware signature scanning for PHP, JavaScript, HTML, SEO spam, and defacement indicators
Local file scanning with threat matching and confidence scoring
Database scanning for malicious or injected content patterns
Risk-based detection model to reduce noisy/low-value alerts
Threat details with severity, confidence, and remediation steps
Signature feed support for ongoing rule updates
Admin dashboard for scan visibility and incident review
Scheduler support for recurring scans and alerting workflow
Backup/patch workflow components for safer cleanup operations
Built for WordPress administrators with clear, non-technical controls
Ideal Audience
Small to mid-size WordPress site owners
Agencies managing multiple client WordPress websites
Internal website admins who need practical security monitoring
Non-technical teams needing clear malware alerts and next steps
Core Value Propositions
Early detection of common WordPress malware patterns
Clear prioritization (critical/high/medium) to focus on real risk
Faster incident response with actionable cleanup guidance
Ongoing protection through updateable signature intelligence
Typical Workflow
Open BB Malware Guard in wp-admin
Choose a scan type (quick routine scan or deeper scan depending on your need)
Run a scan now, or enable scheduling so scans run automatically
Review results grouped by severity and confidence (start with critical/high)
Open any finding to see what was detected, where it was found, and why it matters
Apply the recommended cleanup action (safe workflows and backups where applicable)
Re-scan to verify the issue is resolved
Keep scheduled scans enabled to catch new issues early
Support
For support requests, please use the WordPress.org support forum.
Website: brandbees.net/contact-us
Developer Documentation
Hooks & Filters
The plugin provides filters for customization. Full developer docs: BrandBees Malware Guardian documentation.
Actions
There are no custom do_action hooks prefixed for this plugin at this time. Integrate via filters below or standard WordPress hooks.
Filters
bbmg_malware_scan_post_types – Adjust which post types are included in database content scanning (array of post type slugs).
bbmg_malware_scan_file_roots – Adjust absolute filesystem roots scanned for a given scope (array of paths, plus scan scope context).
bbmg_malware_excluded_file_extensions – Change which file extensions are skipped during file scanning (array).
bbmg_checksum_trust_scan_enabled – Enable or disable checksum-based trust optimizations during file scanning (boolean).
bbmg_pattern_risk_score_threshold – Override the internal pattern risk score threshold used by the matcher (integer).
bbmg_detection_risk_score – Adjust the computed risk score for a detection ($score, $signature_id, $category, $signature).
bbmg_stale_db_heartbeat_seconds – Seconds of grace before treating a DB scan heartbeat as stale (integer).
bbmg_stale_running_scan_grace_seconds – Grace period for a running scan before stale handling (integer).
bbmg_stale_zero_progress_grace_seconds – Grace period when scan progress is zero before stale handling (integer).
bbmg_signature_feed_url – Provide or override the remote URL used to load the malware signature JSON feed (string).
bbmg_signature_remote_fetch_disabled – Return true to disable remote signature feed fetching (boolean).
bbmg_signature_feed_ttl – Override cache TTL (seconds) for a successful remote signature feed response (integer).
bbmg_signature_feed_cron_first_delay – Override delay (seconds) before the first scheduled signature feed sync after setup (integer).
For deeper integration (REST routes, database tables, scan lifecycle), see the developer documentation site.
External services
This plugin can optionally use third-party threat intelligence services. Core local file/database scanning works without these services.
PhishTank (Cisco Talos): Optional phishing feed source used for local URL reputation checks when enabled.
Terms: https://phishtank.org/terms.php
Privacy: https://www.phishtank.org/privacy.php
VirusTotal: Optional URL reputation lookup used only when VirusTotal integration is enabled and configured.
Terms: https://www.virustotal.com/gui/terms-of-service
Privacy: https://www.virustotal.com/gui/privacy-policy
Google Safe Browsing API: Optional threat lookup used only when Safe Browsing integration is enabled and configured.
Terms: https://developers.google.com/safe-browsing/v4/terms
Privacy: https://policies.google.com/privacy
WordPress.org update APIs may also be contacted by WordPress itself for update/metadata checks.
Privacy Policy
BrandBees Malware Guardian is designed for privacy-conscious operations:
Core scanning is performed locally on your server
Scan results are stored locally in your WordPress database
Optional external integrations are disabled by default and used only when enabled/configured
Backups created by cleanup workflows are stored on your server
Credits
Developed by Brand Bees
Contributor profile: Hassan Ejaz (@genius786)
