BD Malware Cleaner now shows the exact code behind each finding, offers fast and deep scan profiles, lets you exclude paths, and flags outdated plugins and themes. This guide covers how to scan, read results, and act on them.
Read code evidence for each finding
When a scan flags a file, click the finding to see the matched code evidence — the snippet that triggered the signature, with its location in the file. This lets you confirm a real threat before you act, instead of trusting a filename alone.
Evidence makes false positives easy to spot. A match inside a legitimate library reads differently from injected, obfuscated code.
Choose a scan profile
Open BD Malware → Scan and pick a profile before you run:
- Fast — checks the highest-risk locations and recently changed files. Good for a quick daily look.
- Deep — scans the full file tree against the signature set. Use it for a thorough periodic review.
Throttling
Scans run in chunks with throttling so they do not overload shared hosting. If a scan is straining your server, lower the throughput in Settings and let it run a little longer.
Set scan exclusions
Some folders are known-good and slow to scan — large media libraries, caches, or backup directories. Add them to Exclusions in Settings to skip them. Exclusions speed up scans and cut noise, but use them only for paths you trust.
Outdated plugin and theme risk
Out-of-date code is one of the most common ways sites get compromised. The scan now reports plugins and themes with available updates as a risk check, so you can patch known issues before they are exploited. Update flagged items from your normal WordPress updates screen.
Quarantine and cleanup
When you confirm a threat, move it to quarantine rather than deleting it outright. Quarantined files are stored compressed and encoded at rest, in a directory protected at activation, so a quarantined file cannot run.
- Quarantine all critical — clear every critical finding in one action after you review the evidence.
- Restore a file from quarantine if you confirm it was a false positive.
Core integrity
The scan verifies WordPress core files against official checksums to detect tampering. If checksums are unavailable for your version, the plugin shows a notice so you know that check was skipped rather than silently passed.
Scheduled scans and reports
Schedule daily or weekly scans under Settings. Reports are now richer:
- Each email lists findings by severity with the affected paths.
- An all-clear email confirms a clean scan, so silence never leaves you guessing.
Optional signature feed
Turn on the optional signature feed to keep detection patterns current between plugin releases. It is off by default; enable it in Settings if you want the latest signatures applied automatically.
A note on protection claims
No scanner catches every threat. BD Malware Cleaner reduces your risk by detecting known patterns, verifying core files, and isolating threats — pair it with strong passwords, current software, and regular backups for layered defense.