Stop Malware
Before It Affects
Your Store

No measurable impact. The scan runs synchronously in PHP before the file is saved to disk, but the analysis itself takes microseconds for typical files. On our benchmarks, even a 10 MB file adds less than 5 ms to the upload pipeline. Your customers will not notice anything.

Magento 2.4.x Community Edition and Enterprise Edition, including Adobe Commerce Cloud. Both Shield and Shield Pro are tested against 2.4.4 through 2.4.8. PHP 8.1, 8.2, and 8.3 are supported.

The upload is blocked before the file touches disk. The admin panel shows a real-time alert modal with full forensic detail: filename, MIME type, detected threat pattern, IP address, and endpoint. The event is logged to the Upload Attempts grid and an email alert is sent to configured recipients. No malicious file ever reaches your store.

Shield covers real-time upload interception, pattern detection, auto-quarantine, email alerts, cron-based full store scanning, content threat scanning, and admin dashboard — everything a single store needs. Shield Pro adds IP Firewall with auto-block, database content scanning, CLI tools for CI/CD pipelines, settings change audit log, per-user config password protection, directory extension statistics, and owner-candidate file detection. Pro also covers 3 domains instead of 1 and includes priority support.

Yes — both plans come with a 30-day satisfaction guarantee. If Malware Monitor doesn't work as described on your supported Magento version, contact us first and we'll fix it within 3 business days. If we can't resolve the issue, you get a full refund.

Never. Malware Monitor is 100% on-premise. All scanning logic runs inside your PHP process. No files, hashes, URLs, or telemetry of any kind are sent anywhere. This is the fundamental difference from cloud WAFs and SaaS scanners like Sucuri or Sansec.

PolyShell exploits Magento's unauthenticated REST API file upload endpoint. Malware Monitor intercepts uploads at the PHP Observer level — including the REST API — and scans file content before it is written to disk. It detects PHP code embedded inside seemingly valid image files (polyglot technique), magic-byte mismatches, and MIME spoofing. It caught this attack in the wild months before Adobe released an official patch.

Installation takes under 10 minutes via Composer: composer require magenear/module-malware-monitor, then bin/magento setup:upgrade and bin/magento cache:flush. The module self-registers and begins protecting uploads immediately. A full setup guide is included in the documentation.

Yes. Both Shield and Shield Pro include cron-based full store scanning that periodically walks your file system and reports suspicious files. Shield Pro additionally offers the malware:scan CLI command for on-demand scanning, useful in CI/CD pipelines or post-deployment audits.

Content threat scanning inspects CMS pages, CMS blocks, product descriptions, category descriptions, widgets, email templates, design configuration, and system configuration fields for embedded PHP, JavaScript injections, obfuscated code, and other known payload patterns. Shield detects and alerts; Shield Pro can also block saves that contain detected threats.

Shield covers 1 domain (production store). Shield Pro covers 3 domains — useful for multi-store setups or agencies managing several client stores. Both licenses include staging/development use at no extra cost.

Yes. Malware Monitor is a standard Magento 2 module and is fully compatible with Adobe Commerce Cloud. The on-premise nature of the scanning means no outbound firewall rules are needed, and it passes Adobe's extension quality program requirements.