Submit Changelog
Track Changelogs

Cleverhog Malware Scanner

Changelog

1.6.9

  • Fix admin JavaScript: file preview (View file) and permission-hardening actions work reliably again
  • Quarantined file preview sends quarantine ID for correct path resolution

1.6.8

  • Update findings: major/minor bumps are medium severity; patch-only updates are low
  • Harden permissions action for world-writable file findings (e.g. core bootstrap files)
  • Mobile-friendly stacked layout for the administrator accounts table
  • Do not offer delete on inactive parent themes when a child theme is active

1.6.7

  • PHPCS/WPCS: prefix dashboard template globals for Plugin Check compliance

1.6.6

  • WordPress.org review: all wp-admin includes centralized in Admin_Dependencies with immediate function use
  • Path resolution centralized in Wp_Paths (uploads, plugins via WPMG_PLUGIN_FILE, WP_LANG_DIR, core files)
  • Checksum API failures cached with a distinct marker (not an empty array)

1.6.5

  • Checksum fetch failures use a distinct transient marker so plugins are not marked verified after a failed lookup

1.6.4

  • Language pack paths use WP_LANG_DIR only (no WP_CONTENT_DIR/languages fallback)

1.6.3

  • Quarantine and plugin-owned files use wp_upload_dir() under uploads/cleverhog-malware-scanner (no hard-coded WP_CONTENT_DIR/uploads paths)
  • Plugin and content paths resolved via WPMG_PLUGIN_FILE and Wp_Paths helpers instead of WP_PLUGIN_DIR / WP_CONTENT_DIR in scanner code

1.6.2

  • All wp-admin includes go through Admin_Dependencies only (including uninstall and is_plugin_active)

1.6.1

  • WordPress.org review: centralize wp-admin includes via Admin_Dependencies (load + immediate use)

1.6.0

  • WordPress.org review: distinctive name Cleverhog Malware Scanner, slug cleverhog-malware-scanner
  • Quarantine files stored under uploads (not wp-content root)
  • Admin menu CSS enqueued with wp_add_inline_style (no raw <style> in admin_head)

1.5.0

  • Full slug rename: cleverhog-malware-doctor folder, main file, text domain, and admin menu page slug

1.4.3

  • Display name updated to Cleverhog Malware Doctor

1.4.2

  • WordPress.org slug changed to cleverhog-malware-plugin (trademark)

1.4.1

  • Rebranded to Cleverhog Malware Scanner (display name and documentation)

1.4.0

  • WordPress.org readiness: textdomain loading, uninstall cleanup, server limits UI layout fix
  • Server limits panel uses stacked rows (fixes overlapping table text in the admin sidebar)
  • Legacy bootstrap files (wp-mal-guard.php, wp-malware-doctor.php) updated for correct plugin paths and scan exclusion
  • Plugin Check: remove .DS_Store, fix screenshot filenames, WP_Filesystem for quarantine, Tested up to 7.0

1.3.9

  • Server limits panel: shows current vs recommended PHP memory and execution time
  • Scan failures show an in-page error panel with tips and one-click smaller scan presets (uploads, plugins, themes, etc.)

1.3.8

  • Fix 504 gateway timeouts: start scan returns in seconds; heavy work runs across many short AJAX batches
  • Incremental file-list building, plugin verification (2 per batch), and split backdoor/htaccess scans

1.3.7

  • Fix scan 500 errors on large sites: file queue stored separately, higher PHP limits, capped plugin checksum depth
  • Scan failures now return a clearer error message in the admin alert

1.3.6

  • Fewer false positives: theme cache PHP in uploads, payment webhooks using php://input, protective uploads .htaccess
  • Weak salt check only inspects AUTH_KEY-style defines (not the word “WordPress” in comments)
  • World-writable core check uses file permissions instead of is_writable()
  • Third-party/premium plugins reported as low-severity informational findings
  • Auth and config findings no longer show unrelated file paths or action buttons

1.3.5

  • Update outdated plugins and themes directly from scan results via AJAX

1.3.4

  • Delete inactive plugins and themes directly from scan results (updates and integrity findings)

1.3.3

  • Delete is only offered for high-confidence threats (e.g. PHP in uploads, suspicious drop-zone filenames)

1.3.2

  • Quarantined files panel on the dashboard with restore, view, and permanent delete

1.3.1

  • View, quarantine, delete, and restore actions on file findings from the scan results
  • File preview modal with safe path validation and quarantine storage under uploads/cleverhog-malware-scanner/wpmg-quarantine/

1.3.0

  • Context-aware malware scanning (reduces false positives in translations, themes, and core)
  • Smarter signatures: eval on request, webshell names, remote includes, chmod 777, and more
  • Skip WordPress core/language files; suppress noise for outdated plugins and themes
  • Improved .htaccess scan; fewer backdoor/REST/cron false positives

1.2.0

  • WordPress.org Plugin Check compliance (naming, i18n, privacy, nonce helpers)
  • Group plugin integrity mismatches into one result per plugin
  • Update severity: high for major/minor updates, medium for patch-only
  • Sort results by severity; persist last scan; admin menu critical badge

1.1.0

  • Plugin integrity checksum scanner; live threat counts; dashboard UI refresh

1.0.0

  • Initial release (as Malware Doctor)

Plugin Website
Visit website

Author
cleverhog
Version:
1.6.9
Last Updated
May 29, 2026
Requires
WordPress 5.8
Tested Up To
WordPress 7.0
Requires PHP
7.4

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.