Search Over 30,000 FREE Plugins from the Official WordPress Plugin Directory Repository

Security Antivirus Scanner - CWIS

Security antivirus plugin designed to detect malware, viruses, exploits, trojans and other security threats within database and file contents.


Secure your WordPress website today with the CobWeb Internal Scanner (CWIS, pronounced see-wis), the lightweight antivirus scanner application, an easy to use WordPress admin security plugin developed by CobWeb Security Ltd.

Main Features

  • Free, enterprise-level tool
  • Scan with just one click
  • Simple, intuitive, flexible
  • Database security scanning
  • Detailed scan results report

The scanner designed to detect adware and malware, backdoors and exploits, phishing code, trojans and viruses, CMS and server vulnerabilities and other security threats within database content and files uploaded to your system. Just install CWIS Antivirus free and start protecting your website immediately!

We also offer a Business CWIS key that will give you:

  • Scanner scheduler's settings
  • Upgrade to Premium support
  • SQL malware scan (CWIS exclusive function)
  • Scanner report export function

You can click here to sign-up for CWIS Business or Premium now.

Scanner Features

CWIS is a professional multi-functional antivirus with the best security features and advanced functions for virus and vulnerabilities diagnostic. It provides a wide range of functions that will ensure the security of your site:

  • Virus & Malware antivirus scanner
  • Vulnerable scripts and plugins monitoring
  • Adware, Spyware and SPAM links detection
  • Blacklist Monitoring (Web Trust check)
  • Powerful & Easy to use malware removal tools
  • Security hardening analytics and recommendations
  • Professional features (CWIS Business or Premium)

CWIS Antivirus is a powerful security tool for virus monitoring and detection. Moreover, this antivirus will not only scan your website, but it will clean it from malicious code and malware as well. With CWIS Antivirus you will be able to remove viruses from the database and secure your website in a blink of an eye.

Virus & Malware Antivirus Scanner

CWIS Antivirus Security is based on a unique algorithm developed by our team to find malicious code. It has the fullest signatures database. Also, the premium version of CWIS Antivirus contains the extended heuristic security analysis algorithm that allows it to find viruses not only on the website but on the domain as well.

CWIS Antivirus reveals almost every kind of viruses and malicious code that exist today:

  • Webshells and backdoor detection (backdoor webshells)
  • Javascript malware, trojans and virus detection (JS viruses)
  • PHP malware (server malware) and bot spam file detection
  • Detection of phishing pages set up by hackers (phishing pages)
  • Hack detection (malicious code in .htaccess)
  • SQL Malware detection - an unique feature

CWIS Antivirus has some important advantages:

  • The fullest viruses database for signature search
  • Heuristic / security analysis algorithm
  • Extended search range that allows it to find viruses throughout the domain's space, not only throughout the website
  • Scanning for viruses in database

Vulnerabilities Detection

One of the most important parts of your website security and protection is a well-timed analysis for plugin, CMS and database vulnerabilities. These security vulnerabilities are an easy way for a hacker to crawl into your website. That's why a well-timed diagnosis and update are vital for hardening the protection of the website.

Our security scanner is able to find:

  • Vulnerable/insecure scripts
  • Plugins and themes vulnerabilities
  • SQL, XSS malicious injections
  • Adware, spyware and SPAM links

Adware, Spyware and SPAM Links Detection

CWIS scanner successfully detects:

  • SEO & SPAM links
  • Doorway pages (SEO)
  • iFrame injections
  • Black-hat SEO infections

Blacklist Monitoring

CWIS Blacklist Monitoring scanner checks IP addresses and website domains in most popular blacklists and safe browsing databases. Real-time Blacklists or Blackhole lists - also called DNS-based Blackhole Lists - are lists of IP addresses published through DNS. Often there are listed computers or networks that may spam or consist malware in such lists. Many secure corporate mail servers are configured to reject or flag messages which have been sent from IP addresses listed in one of these blacklists.

Leading email systems like Gmail, Yahoo and Hotmail also use blacklists to filter emails by addresses. If your network's IP addresses end up in a blacklist, you and your customers can experience problems sending and receiving emails. It can significantly damage your business.

CWIS Blacklist Monitoring scanner will automatically alert you if your website addresses or domains become listed in any of the widely used URL blacklists.

URIBL (or URL Blacklists) are similar to RBLs, except rather than tracking IP addresses they track domain names and website URLs which have been identified as being used for spamming, phishing or spreading viruses.

If your website becomes blacklisted, any reference to your website URL may be blocked, including:

  • referencing your website URL in email;
  • social media or blog posts;
  • or visitors simply will not be able to get to your website.

The Google and Yandex Safe Browsing databases include lists of websites that may be dangerous to visitors because they are suspected of phishing scams or spreading viruses.

Malware Removal Tool, Powerful & Easy To Use

The CWIS Antivirus Security Scanner will not only help you find all of the viruses and malicious code on your web site but we will also help you remove this malware easily. Our built-in file viewer and editor is an easy tool to remove the infected file code or its part depending on the type of infection. The cleaning process is very simple and requires no special training.

Professional Features

Built-in Cron Scheduler:

  • Twice a day, daily, weekly, bi-weekly or monthly scan frequency
  • Custom settings (scan path, scan level and database scan)
  • Security rescan of newly added and modified files
  • Scan reports and notifications via email

CWIS Antivirus Scanner detects:

  • Newly added and modified files
  • Symlinks and hidden files
  • Suspicious PHP code
  • Potentially malicious files and code
  • Private IP addresses
  • Unix executable files

Website Security Info:

  • Basic Information
  • Server Environment


  • WordPress version 2.8 or higher
  • PHP version 4.1.0 or higher

Final Notes

Author Cobweb Security
Contributors cwis
Tags admin security, adware, antivirus, backdoor, database, exploit, hack, hacked, hacker, infection, malware, phishing, scanner, secure, security, security hardening, security plugin, seo, spam, spyware, sql, threat, trojan, virus, vulnerability, wordpress security
  1. cwis-antivirus-malware-detected screenshot 1

    Antivirus Scanner Dashboard Control Panel

  2. cwis-antivirus-malware-detected screenshot 2

    CWIS Antivirus Security Scanner Page

  3. cwis-antivirus-malware-detected screenshot 3

    Blacklist Monitoring (Web Trust Check)

  4. cwis-antivirus-malware-detected screenshot 4

    Security Hardening Analytics & Recommendations

  5. cwis-antivirus-malware-detected screenshot 5

    Antivirus Scanner & Scheduler Settings Page

To install the plugin and get it working:

  1. Login into your WordPress administration panel
  2. Navigate to Plugins option in WordPress navigation menu, and select Add New
  3. Please type CWIS in the Search Plugins box (or upload plugin to the /wp-content/plugins/ directory)
  4. Select Install Now and than choose to Activate the plugin (or activate the plugin through the Plugins menu in WordPress)
  5. Navigate to CWIS Antivirus Scanner option in the navigation menu, and click Start Scan button
  6. During the registration, plugin securely sends the data to company's server: name, email and website's domain.

  • Optimized virus signatures of type "JS/redirector"
  • To prevent blocking, i18n JSON-files renamed to JS-files

  • Hack detection improvements (malicious code in .htaccess)

  • Updated list of known CMS/plugin/theme vulnerabilities


  • Maintenance release
  • Fixed issues with paused scan, database scan and site check


  • Quick rescan now being done significantly faster
  • Fixed incompatibility issues with the POSTed parameters


  • Rescan progress percent now calculated correctly

  • Improved rescan process (has been split into two phases)

  • Improvements in heuristic analysis algorithm (hacker nick names)
  • Whitelist and URL ignore list updates (tested on 1000+ plugins)

  • Malware signatures optimized, total 3709 signatures known
  • Fixed bug in recently updated UI-Bootstrap accordion


  • Delayed autostart on load and automatic retry on error
  • Improved handling of broken/unstable Internet connection
  • Sub-categories added to the WordPress admin menu

  • Scheduling periodic rescan using WordPress cron
  • Whitelist optimizations, new malware signatures


  • Forced restarting of stuck/incomplete rescan


Release Date - 2th February, 2016

  • The first stable release of CWIS-3.0 is out!
  • CSS/JS optimizations, temporary files folders fix
  • Whitelist and URL ignore list updates (tested on 900 plugins)
  • Improved "iFrame injections" detector (PRO level)


  • Security patch, mail sender bug fix, new signatures, and more...


  • Testing completely redesigned interface written in pure AngularJS


  • LTS (Long-term support) version release
  • Quick Rescan and Scheduler bug fixes

  • Compatability with WordPress 4.7.2
  • System info reporting improvements


  • Updated URL ignore-list and known vulnerabilities list

  • Security and maintenance release


  • Validation improvements, updated list of vulnerabilities

  • Whitelist and URL ignore list updates (tested on 700 plugins)

  • New server malware signatures, total 3697 signatures known
  • Updated list of known plugins and themes vulnerabilities

  • Correct calculations of rescan speed and time left in Quick Rescan mode
  • Filenames queue list split by volumes, quick rescan of modified files
  • URL-ignore list optimizations (automatically adding the WWW prefix)

  • Incorrect date check results resolved using a timezone offset

  • Whitelist updates, client-side improvements in License Manager

  • CMS plugins detector now supported the one-file-plugins

  • Whitelist and URL ignore list updates (tested on 300 plugins)
  • Memory and signatures optimizations, CMS detector bug fix

  • CSS improvements, bug fix in suspicious redirect detector
  • Weekly notice: "To make your site as secure as possible..."


  • New signatures, code improvements and optimizations, bug fixes
  • Complemented list of latest known vulnerabilities across WordPress Core, plugins and themes

  • New server malware signatures, total 3587 signatures known

  • Unset UA warning fix, default date timezone is set to UTC
  • Removed some low quality signatures which caused false positives

  • Added the most recent high-profile plugins vulnerabilities
  • Added a signature of fake plugin named "WordPress Researcher"
  • Empty threat categories in the scan results are also displayed

  • Simulate function error_get_last() for PHP 5 < 5.2.0
  • Scanner whitelist's function fread() PHP warning (bug fix)

  • Support for the latest version check on core-level

  • Updated security list of known vulnerabilities (WordPress plugins)


  • New backdoor and server malware signatures, total 3581 signatures known
  • Scanner skips automatically files caused to compile-time parse errors


  • Security and maintenance release
  • Added prescan status "completed", new Potentially Malicious signatures
  • Now possible simultaneous scanning of different/mixed paths

  • Whitelist optimizations, URL ignore list been updated
  • New backdoor signatures added, total 3568 signatures known
  • Some of Server Malware signatures were skipped because of the bug


  • Doorways detection algorithm has been greatly improved (Professional Mode)
  • Scanning quality has been greatly improved (Basic Check and Recommended Mode)

  • Bug fixed in AJAX request's timeout check (time limit has been doubled)
  • Last time rendering improved as scanner now ignores additional AJAX requests


  • Bug in the method detecting rescan status has been detected and fixed
  • The DRY philosophy has been applied to the scanner's check code


  • Optimized some signatures in category "Potentially malicious"
  • Bootstrap popovers on hover explaining the scan modes and levels
  • Scan levels simplified: "Basic Check", "Recommended" and "Professional"

  • List of known vulnerabilities (CMS and plugins) is up to date


  • Client-side now handling correctly an empty server response
  • PDO class file is loaded once now (additional check added)

  • New signatures added into category "Server malware"

  • API mode with log messages turned off

  • Prevented duplicate result entries

  • "Database Scan" may be enabled/disabled on-the-fly

  • Whitelist optimizations, URL ignore list been updated
  • cURL timeout has been increased from 3 to 5 seconds


  • Some regexps were moved to a more appropriate category "Potentially malicious"

  • Fixed mistakenly popping dialog


  • New shell signatures, scan results explanation notice added

  • Total 3544 signatures known (adware, phishing, viruses etc)

  • A new signature added, extended messaging in the paused scan state

  • Whitelist updates, JS stability issues, and a new banner image


  • The scanner stopped after receiving an error from the server, fixed
  • Disk free space check added with response "Possibly out of free disk space"
  • Total 3534 signatures known (adware, phishing, viruses etc)

  • Improvements in alerting system (stripped HTML tags and JSON parser fix)


  • MIME types are used now to detect and skip binary files in "Paranoid" mode

  • Ability to add a database check in the middle of an already running scan


  • Code refactoring, improved scanner stability on slow servers

  • Improper progress data is now being recovering silently
  • The list of vulnerabilities is extended and covers the last 4 years
  • Total 3477 signatures known (adware, phishing, viruses etc)


  • Scanner code has been refactored, improved performance

  • Quick rescan was failed on empty files list (bug fix)

  • Database scan was reset at each page refresh (bug fix)

  • Upload directory detection code compatability improvements

  • Whitelist updates and false AJAX timeouts fix

  • Support for files with no content (bug fix)


  • Client side user interface improvements

  • Added timeout check for lengthy AJAX requests

  • Whitelisted bunch of WordPress 4.6.0 and plugins files (nearly 500)
  • Whitelist check has been optimized, category "Encrypted files" now checked too
  • Plugins detector bug fixed (when empty array passed from the CMS detector)

  • SEO links detection improved (PHP-code in anchor is now skipped)
  • Scan result handling has been improved, empty names bug fixed
  • Client entered in loop in specific conditions, fixed


  • Database scanning control via new "DB Scan" button
  • Updated list of vulnerable CMS and plugins versions
  • Memory limit set to "1536M", added new signatures

  • Added check for usage of unknown types for PHP extensions in .htaccess file


  • Delayed autostart on the first run (in 5 sec)
  • Improved WordPress version and CMS plugins detectors
  • Fixed issue with report shuffling after quick rescan


  • Improvements in built-in mechanism of translations
  • Autostart option is turned off on the very first run


  • Errors handling and translation quality improvements
  • Uploads directory used wp_upload_dir($this->plugin_name));


  • Thread-safe atomic file reading and writing solution
  • Basic scan level's critical entries RegExp bug fixed


  • Scripts and styles included using the action hook


  • Activator and deactivator classes enabled
  • Scanner files upgraded to the latest version


  • Main file containing passwords now updated automatically
  • AJAX options generated and stored automatically

Requires WordPress version: 2.8 or higher

Compatible up to: 4.7.2

Last Updated 15 Feb 2017

Date Added: 12 Aug 2016

Plugin Homepage


4.3 stars
6 ratings


Not Enough Data

Works: 0
Broken: 0