Good plugin, BUT NOT for most users

I left this review to warn others I just carried out a thorough analysis of this plugin on a FRESH vanilla wordpress install. Next I systematically downloaded plugins from the wordpress repository (which have no known threats). Yet time and again, Quttera found scores of suspicious files. Finally after carefully testing all day I know I will not be needing this plugin. Quttera uses a very crude heuristic for identifying potential malicious code and as consequence hardly helps to narrow any problems down. Its greatest strength is that it finds all files which contain any possible malicious code, yet that it does this so well that 100% so far have been false positives. I can see its use if one wanted to check each and every file which could possibly have an issue, yet a scenario where that is realistic is very small.

I also checked other scanning plugins like GOTMLS, SUCURI and WORDFENCE. Even these showed false positives (oh except for Sucuri), but the number of false positives was 1% compared to Quttera.

Its not a “bad” plugin, but I cannot figure out who might want that crude functionality, except for someone who wants to read all their millions of lines of suspicious code. This plugin should compare to files in the wordpress repository at least to filter out the false positives.

Hope this saved others time! ??