The Dev Team Seven RedShift security plugin for WordPress searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.

It does not remove anything. That is left to the user to do.


  • Use with other security plugins for WordPress to Audit them
  • Automatically updates itself to be inline with the latest WordPress version running
  • View exploits and malware that can go undetected

Interpreting the Results

It is likely that this scanner will find false positives (i.e. files which do not contain malicious code). However, it is best to be
on the side of caution; if you are unsure then ask our support. You should be most concerned if the scanner is:
making matches around unknown external links; finding base64 encoded text in modified core files or the wp-config.php file;
listing extra admin accounts; or finding content in posts which you did not put there.

Understanding the three different result levels:

  • Severe: results that are often strong indicators of a hack (though they are not definitive proof)
  • Warning: these results are more commonly found in innocent circumstances than Severe matches, but they should still be treated with caution
  • Note: lowest priority, showing results that are very commonly used in legitimate code or notifications about events such as skipped files


  • PHP 5.4+
  • WordPress 4.6+


  • Go to ‘Plugins’ -> ‘Add New’ -> ‘Upload plugin’ -> Choose the zip file on your computer and ‘Install Now’
  • Activate the plugin in the ‘Plugins’ -> ‘Installed Plugin’s in WordPress Admin.
  • The plugin will appear under the ‘Settings’ side menu, click on ‘RedShift Security’