Use coupon code EARLY30 at checkout for 30% off — while redemptions last.

Always protected.
No compromises.

Shield your projects from common threats. Fix database and core vulnerabilities in seconds — keeping clients safe and sites online.

acme.com
Security Scan
62/100
Security
5 issues
Core3
Malware2
Core integrity (3)
wp-includes/functions.phpRepair
wp-admin/edit.phpRepair
wp-includes/version.phpRepair
Malware (2)
wp-content/uploads/2024/cache.phpQuarantine
wp-content/plugins/old/base64.phpQuarantine

Protect every WordPress site from one place. WP Smart runs full scans on core files, malware, and the database — fix issues in one click without opening the site backend.

WordPress core integrity

Verify core files match the official release — restore corrupted files in one click.

Malware scan

Heuristic file analysis to find backdoors, PHP shells, and malicious code — quarantine or trust suspicious files.

Database audit

Inspect wp_options for SQL injections or unauthorized scripts — clean the database in one action.

Quarantine management

Suspicious files move to quarantine — not executable, but still reviewable before permanent deletion.

Disable XML-RPC

XML-RPC is a common brute-force and DDoS vector — WP Smart disables it in one click via WordPress settings.

Hide WordPress version

Remove the WordPress version from HTML source so attackers see less recon data.

wp-config.php permissions

Check and fix wp-config.php permissions (600 or 640) — protect the site’s most sensitive file.

Disable file editor

Turn off the theme/plugin file editor in wp-admin — a recommended WordPress hardening step.

14 best practices

Automatically verify 14 WordPress security settings: SSL, DB prefix, directory listing, HTTP headers, WAF signals, and more.

Automatic fixes

For fixable issues, a “Fix” button applies the secure configuration — no manual file edits.

Trusted file whitelist

Mark modified files as trusted so scans ignore them — reset the whitelist anytime.

Scan every site

Manage security for dozens of sites in one UI — each site keeps its own up-to-date report.

Full scan on one screen

Core integrity, malware, and database audit load in parallel in one report — spot threats and fix vulnerabilities in one click.

Workspace
Active scans5 sites
SiteCoreMalwareDB
acme.com
blog.startup.io
store.brand.it
docs.agency.dev
client-portal.net
acme.com
Security Scan3 modules · parallel
Unified reportLive · 1.2s
Core integrityComplete
4 files differ from checksums
Malware heuristicsComplete
0 threats · 12k files scanned
Database auditComplete
3 suspicious rows in wp_options
Fix all fixable issuesApply
acme.com
Core Integrity4 modified
423
FileHashSizeStatus
wp-includes/functions.phpa3f8e2…c91b48.2 KB
Restore
wp-admin/edit.phpb7d1c4…e3a012.8 KB
Restore
wp-includes/version.phpc2e9f1…d8b31.1 KB
Restore
wp-login.phpd4a7b2…f5c122.4 KB
Restore
wp-settings.phpe1c3d8…a2f718.6 KB
Restored
wp-cron.phpf6b2a9…c4e83.2 KB
Restored
wp-includes/class-wp.phpa8d4e1…b7c332.1 KB
Clean
wp-includes/load.phpb3f7c2…d1a914.7 KB
Clean
wp-admin/admin.phpc9e2a8…f6b48.9 KB
Clean

Restore corrupted core files

Source integrity monitoring: WP Smart detects anomalies and syncs core files with WordPress.org’s official package.

acme.com
Best Practices
8 passed4 failed
8/12
CheckCategoryStatus
File editing disabled
Hardening
Pass
XML-RPC disabled
Hardening
FixableFix
Security headers set
Headers
FixableFix
wp-config permissions (640)
Files
FixableFix
SSL enforced
Transport
Pass
DB prefix changed
Database
Pass
Login lockout active
Auth
Pass
Directory listing off
Files
Pass
WP version hidden
Hardening
Pass
Admin username changed
Auth
Pass
Debug mode off
Config
Pass
Auto-update enabled
Config
FixableFix

Harden sites in seconds.

Guard against frequent threats — instant fixes for directory listing and file permissions, handled automatically from the command center.

Malware goes to quarantine — not straight to delete

When WP Smart flags a suspicious file, it doesn’t delete immediately — it moves it to quarantine. Review it, trust it if it’s a false positive, or delete when you’re sure — no accidental loss of legitimate files.

Workspace
Quarantine queue5 files
PathSiteAgeRisk
wp-content/uploads/2024/cache/tmp.phpacme.com12m ago
high
wp-includes/js/suspicious.min.jsblog.startup.io1h ago
medium
wp-content/plugins/legacy/eval-hook.phpstore.brand.it3h ago
high
wp-content/mu-plugins/diag.phpdocs.agency.dev6h ago
low
wp-admin/maint/repair-bak.phpclient-portal.net1d ago
medium
acme.com
QuarantineIsolated
File

wp-content/uploads/2024/cache/tmp.php

Reason

Heuristic match: obfuscated eval() chain, non-core path, recent mtime.

StatusNot executable · moved to quarantine vault
Trust fileOpen detailDelete

Built for those who demand the best.
Available today.

Get started
Support
Ask AI about WP Smart