Anti-Malware Security and Brute-Force Firewall is a WordPress plugin designed to protect your site from malware infections, brute-force login attacks, and known exploit abuses by scanning for malicious code, applying firewall protections, and helping you address vulnerabilities. It’s widely used by WordPress site owners looking for a lightweight security solution that targets common threats like malware, backdoors, and automated attacks.
WordPress.org
+1
🔎 Core Features & Protection
🦠 Malware Scanning
The plugin scans your WordPress files and database to detect malware, viruses, backdoor scripts, database injections, and other threats. You can run both quick scans and complete scans from the WordPress admin area to identify suspicious code and potential infections.
WordPress.org
🔐 Definition Updates
You can download updated threat definitions from the developer’s site (GOTMLS.NET) so the scanner can identify new or emerging malware patterns. This helps keep your site protected against evolving threats over time.
WordPress.org
🚫 Brute-Force Protection & Firewall
The plugin includes a firewall component that helps block automated brute-force login attempts, including attacks on wp-login.php and XML-RPC, which are common targets for malicious bots trying to guess credentials. Some protections are applied automatically when attacks are detected.
WordPress.org
+1
🧹 Removal of Known Threats
For registered users (with definition updates downloaded), the plugin can automatically remove certain known malware threats and backdoors, helping clean compromised files. For threats without a matched definition, the tool highlights “potential threats” for you to examine manually.
WordPress.org
🔄 Patch Vulnerable Scripts
It can help block exploitation of known vulnerable scripts, such as older timthumb versions or known plugin flaws that have been widely abused — especially in older or unpatched installs.
WordPress.org
📊 User Feedback & Ratings
The plugin has a high user rating (around 4.9 out of 5) and is installed on over 100,000 WordPress sites, reflecting strong community appreciation for its scanning and protection capabilities.
WordPress.org
+1
⚙️ How It Works
Install and activate the plugin from your WordPress dashboard.
Optionally register on GOTMLS.NET to access the latest threat definitions.
Run a quick or complete scan to detect threats.
View scan results and review or remove threats identified.
Use the brute-force protection tools to help secure your login pages against attacks.
WordPress.org
🧠 Benefits & Use Cases
✔ Helps detect malware and backdoors that may have been missed by other tools.
WordPress.org
✔ Adds brute-force protection and firewall rules to reduce login abuse.
GoPublish
✔ Useful for site owners needing a simple, lightweight scanning tool.
WordPress.com
✔ High user ratings and widespread use reflect community confidence.
WordPress.org
⚠️ Important Security Considerations
While the plugin itself provides useful scanning and basic protection, security researchers have reported vulnerabilities in older versions — including risks like arbitrary file read and remote code execution issues if not kept up to date. Make sure to always update to the latest version to mitigate these risks.
Malware Analysis, News and Indicators
+1