Exploit Scanner for WordPress Plugin Directory
Exploit Scanner is a WordPress app, with a 3.2 average rating from 40 reviews, as of Jul 15, 2026.
Exploit Scanner is a WordPress Plugin Directory app by Donncha O Caoimh (a11n). With a rating of 3.2★ from 40 reviews.
AppRanks data: Exploit Scanner ranks #0 in Hack on WordPress Plugin Directory, placing it in the top 1% of that category.
AppRanks verdict
Generated from live marketplace data — refreshed daily
Exploit Scanner is a mixed-rating WordPress app with a limited review volume. It is listed in the Scanner category on WordPress Plugin Directory, which AppRanks treats as the canonical taxonomy node for ranking and competitor comparison. 40 reviews put it in the early-traction tier — useful for early-stage stores willing to be on the leading edge. Early-traction review counts are sensitive to single launch periods or feature events, so a 30-day re-check before bigger commitments often resolves whether the trend is sustained. Paid-only pricing means evaluating fit on the marketplace listing or via the developer's documentation before installing. AppRanks tracks rating, review count, pricing tier, and category position daily — the figures on this page reflect the most recent scrape from the canonical WordPress Plugin Directory listing.
Pros
- +Published by Donncha O Caoimh (a11n) — established developer track record
Cons
- −Average rating below 4.0 (3.2★) — read recent low-star reviews before committing
- −Limited review base (40) — ratings can shift significantly with new feedback
Looking to switch from Exploit Scanner?
See Exploit Scanner's alternatives ranked by audit score, rating, and review velocity.
How Exploit Scanner works
Show full descriptionShow less
This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.
It does not remove anything. That is left to the user to do.
Latest MD5 hash values for Exploit Scanner:
17e2ccfc834d691bc68cc5c64f9bed89 exploit-scanner.php (1.5.2)
1d5f9d6220fe159cd44cb70a998a1cd7 hashes-4.6.php
fbdf61c17f65094c8e331e1e364acf68 hashes-4.6.1.php
477d128d84802e3470cec408424a8de3 hashes-4.7.php
d53210f999847fbd6f5a2ecac0ad42f2 hashes-4.7.5.php
Latest SHA1 hash values for Exploit Scanner:
1decc1e47a53d1cab9e8f1ef15b31682198367ee exploit-scanner.php (1.5.2)
5cec64380a2acdc876fd22fbbbbf8c335df1ed3f hashes-4.6.php
99d9e7be23a350f3d1962d0f41e7b4e28c00841e hashes-4.6.1.php
1eeab377a1afc6d776827a063678d2461b29e71d hashes-4.7.php
8c890a6af26bb74e9d17e5d2b21d6be27764da45 hashes-4.7.5.php
See the Exploit Scanner homepage for further information.
Interpreting the Results It is likely that this scanner will find false positives (i.e. files which do not contain malicious code). However, it is best to err
on the side of caution; if you are unsure then ask in the Support Forums,
download a fresh copy of a plugin, search the Internet for similar situations, et cetera. You should be most concerned if the scanner is:
making matches around unknown external links; finding base64 encoded text in modified core files or the wp-config.php file;
listing extra admin accounts; or finding content in posts which you did not put there.
Understanding the three different result levels:
Severe: results that are often strong indicators of a hack (though they are not definitive proof)
Warning: these results are more commonly found in innocent circumstances than Severe matches, but they should still be treated with caution
Note: lowest priority, showing results that are very commonly used in legitimate code or notifications about events such as skipped files
Help! I think I have been hacked! Follow the guides from the Codex:
Codex: FAQ – My site was hacked
Codex: Hardening WordPress
Ensure that you change all of your WordPress related passwords (site, FTP, MySQL, etc.). A regular backup routine
(either manual or plugin powered) is extremely useful; if you ever find that your site has been hacked you can easily restore your site from
a clean backup and fresh set of files and, of course, use a new set of passwords.
Updates Updates to the plugin will be posted here, to Holy Shmoly! and the WordPress Exploit Scanner page will always link to the newest version.
Other Languages Unfortunately for people using WordPress versions for other locales some of the file hashes may be incorrect as some strings have to be hardcoded in their translated form. Here are some file hashes for WordPress in other languagues provided separately by other members of the community:
Japanese – thanks to Naoko
German – thanks to Robert Wetzlmayr
The hash files should only be declaring an array called $filehashes and the majority of the hashes should still be the same.
Category rankings
As of Jul 15, 2026See 90-day rank history for each category
Track daily rank changes, category shifts, and position volatility.
Competitors & alternatives
Exploit Scanner doesn't have curated competitor matchups yet. Other tracked scanner apps on WordPress:
Where Exploit Scanner stands in the Scanner category
Exploit Scanner ranks #0 of 20 apps in the Scanner category, placing it in the top 1% of the listing.
Frequently asked questions
What is Exploit Scanner?
Exploit Scanner is an app for WordPress. It currently holds a 3.2-star rating from 40 merchant reviews, and AppRanks has been tracking its public marketplace data on the refresh cadence published in our methodology. It is listed under the Scanner category on AppRanks, where you can see its current category position, review-velocity trend, and how it compares against the top alternatives in the same space. Developed by Donncha O Caoimh (a11n).
Who uses Exploit Scanner?
Currently around 8,000 active stores have installed Exploit Scanner. Its review base is still building, which usually maps to early-stage merchants and stores piloting a new workflow. It is part of the Scanner category on WordPress.