• Version 4.23.69
  • Last updated 21 hours ago
  • Active installations 200,000+
  • WordPress version 3.3 or higher
  • Tested up to 6.6
  • PHP version 5.6 or higher
  • Languages



  • Download Definition Updates to protect against new threats.
  • Run a Complete Scan to automatically remove known security threats, backdoor scripts, and database injections.
  • Firewall block SoakSoak and other malware from exploiting Revolution Slider and other plugins with known vulnerabilites.
  • Upgrade vulnerable versions of timthumb scripts.

Premium Features:

  • Patch your wp-login and XMLRPC to block Brute-Force and DDoS attacks.
  • Check the integrity of your WordPress Core files.
  • Automatically download new Definition Updates when running a Complete Scan.

Register this plugin at GOTMLS.NET and get access to new definitions of “Known Threats” and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for “Potential Threats” and leaves it up to you to identify and remove the malicious ones.

NOTICE: This plugin make call to GOTMLS.NET to check for updates not unlike what WordPress does when checking your plugins and themes for new versions. Staying up-to-date is an essential part of any security plugin and this plugin can let you know when there are new plugin and definition update available. If you’re allergic to “phone home” scripts then don’t use this plugin (or WordPress at all for that matter).

Special thanks to:

  • Clarus Dignus for design suggestions and graphic design work on the banner image.
  • Jelena Kovacevic and Andrew Kurtis of for providing the Spanish translation.
  • Marcelo Guernieri for the Brazilian Portuguese translation.
  • Umut Can Alparslan for the Turkish translation.
  • Micha Cassola for the German translation.
  • Robi Erwin Setiawan for the Indonesian translation.


  • I have just donated, your wonderful plugin found problems missed by Wordfence and now my site is super clean, many thanks
    -- Jane Akshar

64 Comments on "Downloads"

  • On July 3, 2024 at 9:25 pm, Mohankumar P said:

    This tool worked great on the two blogs I’m in charge of… My clients will definitely give money to this plug-in… Do not stop the good work!

  • On June 7, 2021 at 12:53 pm, Marcelo Aviles said:

    I have no idea how to install this, what are the “keys” you mention?

    • On June 7, 2021 at 2:39 pm, Anti-Malware Admin said:

      This plugin is designed to by installed on WordPress. So, if you have a WordPress site then you would simply login to your wp-admin on your site and go to “Add New” under the Plugins menu, then search for “gotmls” or “Anti-Malware” and click the install button, then click Activate and your done. Once you have installed the plugin then you will find easy steps for registering you key on the Anti-Malware setting page in your wp-admin. Please feel free to contact me directly if you need further assistance.

  • On May 3, 2021 at 12:17 pm, Patrick Craig said:

    Don’t you have an .htaccess file example for what it should look like when your plugin is installed?

    • On May 4, 2021 at 12:51 pm, Anti-Malware Admin said:

      My plugin does not modify the .htaccess file unless it finds malicious line that need to be removed or if you enable the optional firewall feature to block access to the xmlrpc.php file.

  • On December 25, 2020 at 9:27 am, James Dunk said:

    Spend hours.
    No days
    trying to get rid of one pernicious virus
    it just kept coming back
    until I found this plugin.
    Hunted down the culprits
    got rid of it in a couple of hours.
    And thanks a lot!
    Best anti-malware plugin out there.

  • On July 8, 2020 at 7:32 am, Andy said:

    Hello Eli

    Thanks a ton for this plugin

    i had few concerns

    if i donate can i use it on multiple websites the same code ?


    do i need to donate for every website ?


    • On July 8, 2020 at 9:44 am, Anti-Malware Admin said:

      Each Site URL is assigned it’s own Key, but you can register all your Keys under the same email address so that they are all on the same account with your donation ;-)

  • On January 30, 2020 at 5:19 am, Alex Kween said:

    Thank you for this wonderful plugin. It even found threats that ImuneAV could not find!

    The best thing is that it removed them all without breaking my site.

    Well deserved a donation!

  • On October 19, 2019 at 5:16 am, Mark Cassara said:

    Im amazed when I find someone who genuinely cares for others. You are a good person to create this free tool and help people without charging outrageous monthly or yearly fees… I downloaded this tool after I got hit across 5 sites… I will gladly donate as I will be using this to fix my websites now. I will also gladly recommend this tool to anyone looking for help with Malware issues! Cheers. -Mark

  • On June 11, 2019 at 3:00 am, Mari said:

    Thanks so much! it work amazingly!

  • On May 31, 2019 at 12:45 pm, Erez Ater said:

    What a great Plugin…
    Eli Thanks a lot for life-saving…

  • On April 25, 2019 at 11:40 pm, Phill Palmer said:

    Hi I’ve registered on my few sites with the different keys etc. If I want full premium use, how can I use across these four sites?

    BTW I’ve previously rebuilt my sites due to malware and you’ve fixed in one hit! Legend. Saves me hours and more grey hair!

    • On April 29, 2019 at 11:12 am, Anti-Malware Admin said:

      All you have to do is register all your sites/keys under a single email address and then they will all be under the same account. If you have already registered multiple email accounts then you can login to under your other email accounts and transfer those registrations to your main account.

  • On March 17, 2019 at 4:31 pm, JWSThemes Support said:

    Good scan & security plugin.

  • On September 28, 2018 at 8:04 am, Mirco said:

    Hey Eli,
    I am very grateful to you for this PlugIN, so I do not have to program it.
    I know how complex it is and how much time you spend with it.
    Leave it please free of charge and let the people donate, I have also just done that.
    Just because it’s worth it to me, really, THANK YOU!

    Kind regards
    from Berlin

  • On January 24, 2018 at 6:33 pm, Martin Alonso said:

    Gracias , me ayudo a salvar mi sitio web de una infección que tenia

  • On October 23, 2017 at 3:19 pm, Jose M Castello said:

    My site says it’s infected on google search results but GOTMLS hasn’t been able to find any malware! I have all the updated definitions but still no luck.

    • On October 24, 2017 at 10:08 am, Anti-Malware Admin said:

      Google bases that response on it’s cached pages from older visits to your site. You should login to your Google Webmaster Tools account and check the Security section for and Malware results that might be logged there. You can request a review there and also submit a current sitemap to help Google update your cached pages more quickly.

  • On September 27, 2017 at 11:52 pm, Benjamin Lee said:

    donated, thank you

  • On March 17, 2017 at 5:58 am, Writers Block said:

    This program and Eli have made a big difference in my security defenses. I wholeheartedly recommend using this plugin. Michele

  • On February 3, 2017 at 3:27 pm, andy said:

    awesome, I have used it

  • On January 19, 2017 at 7:03 pm, Mahesh said:

    Hi ,

    My hosting virus scanner detects that the themes functions.php is infected with SiteLock-PHP-FILEHACKER-of.UNOFFICIAL .

    Can you please help me in getting rid of this virus.

    I have scanned with your plugin but only did not found this virus.

    Thank you,

    • On January 20, 2017 at 8:26 am, Anti-Malware Admin said:

      Maybe the SiteLock scan already removed it, but if you want to send me the functions.php file in question then I can look at it and tell you if it’s infected.

  • On January 12, 2017 at 5:12 pm, hash said:

    This plugin is good but need CLI version . CLI version ready ? . most of the time site access will disable when infect malware after that we cant use this plugin . I am server administrator

    • On January 12, 2017 at 10:18 pm, Anti-Malware Admin said:

      I am working on the CLI version but it is not done yet. I will let you know when I have something ready for testing.

  • On November 29, 2016 at 1:28 am, Terje said:

    Hi. My site has been hacked. I have dowloaded the plugin and scanned. It lists both actual threats and potensial. But how do I go from here? How do I delete the code/threats?

    • On November 29, 2016 at 9:30 am, Anti-Malware Admin said:

      You should not attempt to delete any files manually unless you know what you are doing. Potential Threats are usually not malicious and no action is needed, usually. If any Known Threats are detected there will be a button to Automatically Fix Selected Threats.

      If you need more help please send me a screenshot of what you are seeing.

    • On December 26, 2016 at 10:17 am, MD.Sazid Hasan Dip said:

      how i can get newest difinition update?

      • On December 26, 2016 at 10:21 am, Anti-Malware Admin said:

        First you register your site’s key and then you will see the Download button on the right side of the Anti-Malware Settings page in your WP Admin.

  • On October 20, 2016 at 12:01 am, Jay said:

    I received a notice from Hostgator that there is malware on my site, and the site is down (suspended). I downloaded your plug-in and uploaded it into /wp-content/plugins/ via the Hostgator file manager, but I can’t get into my WP Admin to activate the plugin because I can’t login (because the site it down). What to do? I want to register and donate as well and use the automatic feature to remove the malware. Many thanks in advance for any help you can provide!

    • On October 21, 2016 at 7:59 am, Anti-Malware Admin said:

      Unfortunately you must be able to load the wp-admin in order to use any plugin, including my Anti-Malware Plugin. I am working on a CLI for server administrators that will run independent of WordPress but that is not ready yet. I will post more when I have something ready for testing.

  • On July 2, 2016 at 12:09 am, Steve Cagen said:

    Saved by butt. Excellent piece of software. Thank you!

  • On May 31, 2016 at 7:09 am, Patrick said:

    I was recommended this plugin by someone at a hosting company. I wanted to be sure, before I download it and install it, that this plugin still gets regularly updated.

  • On December 21, 2015 at 3:31 pm, Jonson Bhowmik said:

    I have installed this plugin and scanned my site. But it haven’t found anything.
    But google still showing that my site is harmful. Can you please help solving this problem.
    Thank you in advance

    • On December 21, 2015 at 4:59 pm, Anti-Malware Admin said:

      I don’t see any threats on your site currently. Maybe you got them all cleaned off already. Then you will still need to go to your Google Webmaster Tools account and Request a Review of your site to refresh Google’s cache and clear those warnings.

  • On September 15, 2015 at 3:49 pm, Julie said:

    Hi there,

    I received this notification from Bluehost yesterday: “We received multiple reports of hacker activity on your account. At this time your hosting account has been compromised and we have been forced to deactivate your account to protect your data and the visitors browsing your sites.”

    Is there any way I can activate your plugin outside of accessing the wordpress admin? I can FTP the files no problem.

    Help! They want me to clean the files and then notify them. I downloaded all the files to my system locally so if I can somehow clean them and upload them again that would be great.

    • On September 15, 2015 at 7:33 pm, Anti-Malware Admin said:

      Unfortunately, you can only run my plugin through the WordPress admin.

      If you have all your files and the database too then you can setup your site somewhere else but you would risk infecting the machine you put it on. I can a super secure server that I can you infected sites on without risk of cross-contamination, if you want to host this site with me just let me know.

      Otherwise, maybe you can ask then to restore access to your account, maybe even have them limit access from your IP, then you can clean the site in place.

  • On September 20, 2014 at 2:43 am, Mosses said:

    The plugin is detecting the potential threats but how can the detected potential threat be isolated automatically??

    • On September 20, 2014 at 9:21 am, Anti-Malware Admin said:

      Read my FAQs. Potential Threats are likely not malicious. You should not do anything to them unless you can determine what they do and if they are malicious or not.

  • On September 20, 2014 at 12:49 am, Lisa said:

    Hi, I think our site may have been infected with BlackHat SEO spam. My searches at least are getting to this point. Your plug in looks like it might help, however I have a problem, my site is affected so badly at the moment that I have the white screen of death (can’t access dashboard items). So I’m wondering if your plug in can help at all since I can’t install it.

    Any help appreciated.

    • On September 20, 2014 at 9:12 am, Anti-Malware Admin said:

      Unfortunately my plugin does require a working copy of WordPress. You should check you error logs to see what is causing the blank white page (probably a 500 error). Another option is to install my plugin on another site that is on the same server, then I could help you use that working site to scan the broken one.

  • On September 12, 2014 at 2:31 am, David said:


    I’m looking for a cronjob type thing where the scans can run on its own and email me if known threats are found. Not sure if that is already built in or if I can install a Cronjob plugin for WordPress to handle that perhaps? Great plugin by the way. It has found malicious code that our hosting company has not.


    • On September 12, 2014 at 8:30 am, Anti-Malware Admin said:

      Hi David,
      You are not alone in this request for a Scheduled scan feature. Unfortunately the scan process is currently too complicated to configure a cronjob for at this time. I am working on some changes that will make it possible in a future release but it is taking me some time to get this working. I am only one man and I rely on volutary donations to keep this project going (thanks for your donation, bay the way ;-)

      Hang in there and I’m sure I can come up with a solution that will satify this need.

  • On May 26, 2014 at 3:57 am, henry smale said:

    Eli’s great Tool saves my day. my sites was slugish and after research all my .php files where infected with code i did not understand. The anti malware plugin cleaned all my files, and now everything is fine. Thanks Eli!!

  • On February 11, 2014 at 5:39 am, Jerome Tan said:

    How do I install the new definitions? When I click the download new definition, it’s just going back to my homepage.

    • On February 11, 2014 at 6:14 am, Anti-Malware Admin said:

      You are doing it right but it’s your firewall plugin that is redirecting you to your home page and blocking the update. You either need to turn off the firewall while you download the new definitions or whitelist your IP address in the firewall settings.

  • On February 4, 2014 at 5:07 am, Thomas Bo Christensen said:

    How good are the plugin working together with those two plugins? Wordfence and Better WP Security? I’ll give Anti-Malware 5 stars if it’s working and can fix my Malware problems :D

  • On January 26, 2014 at 10:11 pm, Eric Landers said:

    I’ve spent two-hours on this site searching for the download.

    Where is it?

    • On January 27, 2014 at 4:29 am, Anti-Malware Admin said:

      The link to download the current version of this plugin from the WordPress Plugin Repository is at the top-right of this download page under “Get this first”. However, I see that you have already registered my plugin to your site, so I am thinking you already have it installed. What is it exactly that you are searching for (maybe I can help you find it)?

  • On December 19, 2013 at 2:06 pm, Kevin Zero said:

    I used this tool on two websites I administrate – it worked great … I will definitely have my clients donate to this plug in… keep up the great work!

    Kevin Z.
    Network Administrator

  • On August 27, 2013 at 6:48 am, Computrain said:

    Unfortunately this plugin couldn’t fix our problem which put an invisible URL at the top of every WordPress Wepage which is visible using Google Chome’s “element” tool

    • On August 27, 2013 at 7:24 am, Anti-Malware Admin said:

      I would like to help you find this hidden threat. When I locate the source of that link I will add this new threat to my Definition Update and my plugin will then be able to remove this threat from all infected pages automatically.

      If you would be willing to accept my help in this matter please send me your WP Admin login and password.

      • On August 28, 2013 at 12:43 am, Andy Thomas said:

        A big thank you to Eli for promptly addressing my concern with not being able to fix this problem using his plugin.
        He has managed to find the rogue script on my website and has used the signature to update his awesome app.

        This app is highly recommended and a great tool to add to your arsenal!

  • On March 28, 2013 at 11:25 pm, Will Chapman said:


    I am a great fan of your plugin and use it on all 6 sites that I currently run – it has saved my skin several times by catching malware before it takes root and a couple of times whilst your plugin was still maturing, you personally have dug into my site when some malevolent code sneaked in.
    I was doing some housekeeping on my sites and I noticed that one of the first that I used the plugin was running an older version of GotMLS – 1.2 something – whilst all the other were running 1.3. No automatic update?
    Anyway, I deactivated 1.2 and searched on WordPress for the current version – I found it but no clear way to install it. So I came to this website to download it and I will now install it manually.
    I am writing to suggest that as the WordPress site doesn’t have a simple way to Install GotMLS, then a lot of potential users are not going to bother trying it. Which would be a shame for both you and them to say the least!
    Keep up the good work – which reminds me, it is time I made another donation.

    Will Chapman

    • On March 29, 2013 at 8:26 am, Anti-Malware Admin said:

      Thanks so much for your repeated donations.

      I’m not sure why you were not prompted to update on that site. My plugin is available for automatic install/update in the WordPress Plugin Repository. If you go to the Plugins menu in your WP Admin and click on “Add New”, then search for “Anti-Malware” on “GOTMLS”. If you don’t have it installed yet there should be a link than says “Install Now”. If it is installed by out of date then the link will say “Update Now”.

      Do all the other Plugins on that site install and update normally?

  • On March 18, 2013 at 2:12 am, jean-phiilippe pougaud said:

    MErci beaucoup

  • On December 9, 2012 at 1:34 pm, jam mostafa said:

    Thank you so much

  • On April 21, 2012 at 8:02 am, Ryan Smith said:

    Thank you so much for saving my blog :-)

  • On April 20, 2012 at 5:08 pm, William Cody Bateman said:

    Two words: THANK YOU!


Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>