About MageArgus

MageArgus is a free Magento 2 malware and website security scanner. It maps any store to live CVEs, catches Magecart skimmers, and shows you exactly what an attacker sees — with a 0–100 security score and copy-paste fixes. It is built and operated by W3ctrl Services.

Who builds it

MageArgus comes from W3ctrl Services, an agency focused on Magento and Adobe Commerce. Our day-to-day work is the unglamorous side of e-commerce security: cleaning up hacked stores, removing injected card-skimmers, applying security patches, and upgrading neglected Magento installations back to a supported, hardened state.

That work is where MageArgus came from. We kept seeing the same pattern — merchants had no easy way to know they were exposed until money or card data was already gone. So we packaged the first-pass checks we run on every rescue engagement into a free scanner that anyone can point at their store in seconds.

Security-firstMageArgus only performs passive, safe checks on the free tier. Aggressive and active probes run only against domains whose ownership you have verified.

Grounded in real incidentsOur CVE rules track the campaigns actually hitting Magento — SessionReaper, CosmicSting, TrojanOrders and active Magecart skimmer kits — not a stale checklist.

Built by operatorsThe same team that remediates compromised stores writes the detection logic, so findings come with fixes that actually work in production.

Why it's free

The passive scan is genuinely free, with no signup required. We believe every merchant should be able to check their exposure without a sales call. For teams that want depth the free scanner can't reach — on-disk patch confirmation, filesystem and database malware scanning, file-integrity checks, and rogue-admin detection — we offer the MageArgus Magento 2 module. And when a store is already compromised, W3ctrl's team handles the full clean-up.

Our commitment to security

We hold our own platform to the standard we ask of others. We publish a security.txt and a responsible-disclosure policy, and we welcome reports from security researchers. The scanner is engineered defensively: outbound fetches are guarded against SSRF, domain verification is anti-spoof, and active checks are gated behind proven ownership.

The parent organisation

MageArgus is a product of W3ctrl Services, which provides Magento rescue & malware removal, security patching & upgrades, Magento 2 development, SEO, and app development. If you need hands-on help beyond what the scanner reports, that's where to find us.

Scan your store free

No signup, no card — see your store's security score in seconds.

Run a free scan

← Back to MageArgus