This morning I am incredibly excited to introduce you to a project that the Wordfence team has been working on for almost a year. A few moments ago we officially launched Gravityscan.com, a malware and vulnerability scanner that works on any website.
Gravityscan is free. You don’t need to install any software to use it. Simply visit https://www.gravityscan.com/ and enter your website URL. Then hit the “Launch Scan” button and Gravityscan will start examining your website to find out if you have been hacked, or if you have any security vulnerabilities. Go and run your first scan now! I’ll be here when you get back.
A Malware and Vulnerability Scanner for Websites
Gravityscan is designed specifically for websites. It is smart enough to detect if you are running WordPress, Joomla, Drupal, Magento or vBulletin. Then it carefully examines each of those applications you have installed to find out if they have any vulnerabilities. It even detects the extensions you are running in each application and checks them for vulnerabilities.
Gravityscan also performs a comprehensive scan for malware on your site. It does a great job if you simply run a regular scan on any website. If you want a deeper analysis and to have your scan run faster, simply drop the free Gravityscan Accelerator into your website root directory and the scan will examine your website source code. With Accelerator, scans are faster, broader and deeper. To use Gravityscan Accelerator, all you need is a website that can run PHP. Accelerator can scan any website source code for patterns that indicate a malware infection.
Gravityscan includes advanced vulnerability detection for WordPress, Joomla, Drupal, Magento and vBulletin with the ability to perform a deep scan on those applications and identify security problems and vulnerabilities in the specific version of each application, extension and plugin. Even if you aren’t running one of our supported web applications, Gravityscan does an excellent job of locating malware and other security problems on any website.
Wordfence users can benefit from Gravityscan’s extensive vulnerability scanning. If you are using the Wordfence firewall to stop attackers, we highly recommend you also use Gravityscan to scan the rest of your site for vulnerabilities. You can learn more about how Wordfence and Gravityscan work together on this page.
Security for Search Engine Optimization
Security is now a ranking signal for Google. If you want to be number 1 in your category, you better ensure that your website is secure. That means you need to ensure your website is free of any links to malicious sites and is free of malware.
In addition to scanning for malware, Gravityscan analyzes the links on your site. Gravityscan checks your links against blacklists and will alert you if you are linking to a website with a bad reputation that could hurt your search ranking.
Gravityscan even visits the sites that you are linking to in order to perform a brief scan on them to make sure they are not infected with malware or something that could hurt your reputation.
Gravityscan also checks for your site on over 20 blacklists to make sure you’re not listed. Landing on a single blacklist can significantly impact your SEO rankings and your ability to send email.
Faster and Deeper Scans, for Free
Gravityscan provides an optional Accelerator that is a single PHP file you drop into your website home directory. Accelerator allows Gravityscan to scan your website source code in case there is any hidden malware on your site. It also allows Gravityscan to perform a more extensive check for vulnerabilities.
Accelerator is completely secure and uses strong public key encryption to ensure that only our servers can access your site during a scan. Accelerator also lives up to its name because it massively speeds up scans and improves accuracy.
Gravityscan Accelerator is available at absolutely no charge.
We Reinvented Vulnerability and Malware Scanning
Gravityscan was built from the ground up using new technology that incorporates non-blocking IO, advanced message queuing and WebSockets. That means that we can support thousands of customers performing scans at high speed with low operational impact. This allows us to give away most of Gravityscan to you, completely free. You can perform a full malware and vulnerability scan on your site using Gravityscan Accelerator at absolutely no cost, as many times as you like.
More importantly, Gravityscan gives you real-time feedback as the scan is running. From the moment you start a scan, you receive real-time data about vulnerabilities and malware we find, streaming into your browser window.
Gravityscan’s efficient architecture and real-time output allowed us to create a scan that performs much deeper inspection on websites than the old click-and-wait model of scanning. The number of pages Gravityscan inspects during a scan is orders of magnitude higher than legacy malware scanners. We inspect thousands of pages while the most popular click-and-wait scanner inspects less than 30 pages.
Most importantly, Gravityscan has combined comprehensive vulnerability scanning and malware scanning into a single scan. Traditionally these functions have been separate.
Gravityscan is a world-class website security scanner that can answer two very important questions: “Have I been hacked?” and “Do I have any security problems?”
Created by a Team With a Deep Understanding of Website Security
Gravityscan is engineered by many of the same team members who helped architect Wordfence. Matt Barry, one of our lead developers on Gravityscan, wrote the Wordfence firewall that keeps millions of WordPress websites secure today. If you are a regular reader of the Wordfence blog, you will recognize a few other names on the Gravityscan team who are well known in the security community and have contributed to research and to Wordfence.
The Wordfence team collectively has incredibly broad and deep experience and knowledge of website security. Together they created Gravityscan to provide a way for website owners to determine if their website has been hacked or if it has any security holes.
I’m incredibly proud of the entire team. The Gravityscan Team are:
- Dan Moen – Product Design and Product Manager
- Kerry Boyte – Legal, Admin and Strategy
- Matt Barry – Senior Developer
- Sean Murphy – Senior Developer
- James Yokobosky – Senior Developer
- Gary Moon – Operations
- Colette Chamberland – QA Lead
- Matt Rusnak – QA Analyst
- Robert McMahon – Development and QA
- Brad Haas – SST Liason
- Tim Cantrell – Customer Service Strategy
- Asa Rosenberg – Customer Service Strategy
- Jonathan Kingsbury – SST Coordination
- Kathy Zant – Copywriting and SST
- Pan Vagenas – Security Analyst and Testing
- Syndel Klett – Design and UX
- Ed Foster – Website Development
- Maciej Kocol – QA Analyst
I’d like to extend my special thanks to our senior developers Matt, Sean and James. Also Colette Chamberland who ran QA for this project. Special thanks to Gary Moon for architecting the operational environment for Gravity. Very special thanks to Dan Moen who helped bring Gravityscan into the world.
I would also like to give a special thanks to Ryan Britton who has been leading development on Wordfence while the Gravityscan project has been underway and Matt Rusnak who has been leading QA on Wordfence ensuring that we continue to deliver a high quality product.
Special thanks to the Wordfence Security Services Team for their contribution to testing Gravityscan including: Kathy, Brendan, David C, David M, Giles, Jonathan, Marco, Mohamed, Ned, Paolo and Stephen.
Finally thank you to the rest of the team for the various ways they contributed to this project.
This is Launch Day. We need your feedback!
As with any launch day, we may have to chase away a few gremlins that show up in the machine. Any feedback is very much appreciated. You can use our contact page to contact us. We encourage you to run your first scan right now! Then let your friends and family know about Gravityscan so that they can ensure their websites are safe and secure.
Mark Maunder – Wordfence Founder and CEO