The WordPress Exploit Scanner is a free plugin that scans your blog installation to see if any nasty malware code has been inserted into your site by villains and varmints. It hunts for unauthorised code in the database and WP files on your server (it’s designed for self-hosted WordPress, not WordPress.com) and sends back a report on anything suspicious it finds. Very useful if you’re running a blog and want to make sure everything is cool and dandy.
The custom keyword form allows you to search your files for whatever you like. Be careful with that one because a search for a common keyword like “php” will takes ages and generate an extremely long list of files. Warning! Searching through the files on your site will take some time. Even a clean WordPress install with no plugins will probably take a noticeable length of time. It’s also heavy on your server. Only run the file check when your server is idling and not busy.