Anti Hacker Plugin for Wordress (Free)

Even Small and New Sites Are At Risk!

The digital security landscape has reached a defining inflection point, fundamentally shaped by Artificial Intelligence. According to the Microsoft Digital Defense Report 2025, the impact of this change is stark: AI is making sophisticated cyberattacks 450% more effective than traditional methods, accelerating the overall risk landscape.

🚨 Major Update: Dramatically Enhanced Malware Scanner!
In the latest version, we’ve revolutionized malware detection:
– Previously: ~800 community YARA rules.
– Now: Over 1,000 YARA rules + full integration with Linux Malware Detect (Maldet) databases, adding thousands of professional signatures (MD5 hashes of known malicious files, custom HEX patterns, ClamAV-like signatures, and advanced YARA rules).
This brings server-grade protection — previously only available to VPS/dedicated server admins with Linux expertise — directly to your WordPress site with the simplicity of a plugin.
Your site now has multiple extra layers against backdoors, webshells, obfuscated exploits, and common shared-hosting malware, all running locally without overloading your server.

Total Transparency: We don’t just tell you “site is infected.” We provide access to our Public Malware Database with thousands of signatures. You can see the exact strings, HEX patterns, and MD5 hashes we use to identify threats. No hidden logic, just pure security data.

Cloudflare, the internet security giant, reported blocking an average of 209 BILLION cyberthreats PER DAY in early 2024 – that’s nearly 2 million attacks every second sweeping across the web. In Q1 2025, Cloudflare blocked 20.5 million DDoS attacks, a massive 358% year-over-year (YoY) increase.”
Threats to WordPress sites have also skyrocketed, according to Defiant Inc: +68% new vulnerabilities in 2024.
Hackers use automated bots that don’t pick and choose; they attack all sites, large or small, 24/7, by exploiting vulnerabilities.
And the trend for 2025 points to an even greater increase: Artificial Intelligence (AI) is empowering even less-skilled attackers to create bots to steal information, while ready-made attack kits are sold on the dark web, amplifying both the volume and sophistication of threats.
No matter how small or big your server is, hackers may attempt to use it to send spam, steal traffic, and attack other computers.
In fact, some studies suggest that the majority of attacks against websites begin to occur within the first 24 hours of a site going online.

The Lightweight Alternative to “Heavy” Security Suites Why settle for security plugins that bloat your database and slow down your admin dashboard? Antihacker offers server-grade protection with a zero-performance-hit philosophy. We don’t redirect your traffic or overload your CPU—we provide a Fast & Deep Malware Scanner designed for speed and transparency.

Antihacker is a free WordPress plugin designed to improve system security by scanning your site and preventing unauthorized access to your account. It does this by restricting access to the login page to whitelisted IP addresses. If someone attempts to access your login page from an unauthorized IP address, they will be prompted to enter your WordPress user email and you will receive an email notification.

 

• Firewall to Block Malicious Requests, Queries, User Agents and URLS. 100% Plug-n-play, no configuration required. (look our faq page for details)
• Experience Protection Without the Slowdown: Unlike other plugins, our analysis stays local. No external redirects, no performance lag.
• Powerful Security Malware Scanner (one-click scan) detecting thousands of known malwares (free version, unlimited files) – now supercharged with Maldet integration!
•  Deep scanner inspects every folder and file for malware, trojans, worms, viruses, backdoors, webshells, obfuscated JavaScript, exploits, malicious iframes/injections, redirects, hidden eval code, and moreusing professional-grade YARA rules.
• Database Malware Scan: We don’t just check files; we audit your posts, comments, and options tables for hidden malicious injections.
•  Alert for plugins and themes without updates for long time or with old versions. (keep as is)
• ➡️ File Integrity Checker (verify the integrity of your WordPress core files).
• ➡️ Check plugins integrity against the WordPress repository.
• WP Tools plugin Allows you to reinstall plugins without modifying the database or needing to delete them first.
• Fail2Ban Automatic Integration (optional).
• Alert for plugins and themes without updates for long time or with old versions.
• Log table of blocked visitors.
• Block blank user agent.
• Block HTTP tools (Premium Version).
• Limit Visits (Premium Version).
• ➡️ You can  disable the WordPress xml-rpc (xmlrpc) (or disable only Pingaback) API with just one click. Look our Faq page for learn more.
• ➡️ You can also disable Json WordPress Rest API (also embed from WordPress 4.7). Look our Faq page for learn more.
• You can turn on login alerts with just one click. Also login fails alert.
• ➡️ Protect Login Form from Brute Force Attacks.
• Send alert email when any new plugin is installed. (First thing hackers do when gain access to your site)
• Send email alert when AntiHacker plugin is deactivated.
• WordPress Debug enabled warning.
• Disable file editing within the WordPress dashboard.
• ➡️ Replace insecure WordPress login error message.
• Hide WordPress Version to Improve Security.
• ➡️ Block User enumeration (is one of the most popular attacks to identify the valid user names)
• Disable Application Passwords: Block external applications to request permission to connect to a site and generate a password (WordPress 5.6 new feature)
• Multilingual ready.
• Allow to block comments in media page.
• Block All Feeds (Optional).
• Block Bad Queries.
• Block creation of new Administrators from plugins and themes with vulnerabilities.
• Block False Google and Bing (MSN) bots (Premium Version)
• ➡️ Block Search for Theme’s vulnerabilities (Premium Version)
• ➡️ Block Search for Plugin’s vulnerabilities (Premium Version)
• Block Tor (The Onion Router) Traffic – Optional – Tor anonymity provides value to online attackers. (Premium Version)
• Check Google Safe Browsing Blacklist.
• Check and alert for deactivated Plugins and themes.
• ➡️ Check and alert for extra files and dangerous files on root folder.
• ➡️ Disable WordPress native user’s sitemap creation

 

Very light, easy to install, and developer-friendly. Need help recovering a hacked site? Check our Step-by-Step Malware Guide and explore our Malware Signature Table to identify threats manually.

 

Testemonials from the official WordPress site:

 

How to Install?

1) Install via wordpress.org

2) Activate the plugin through the ‘Plugins’ menu in WordPress

or

Extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation and then activate the Plugin from Plugins page.