What is the Plugin and Theme scanner?

The Plugin and Theme scanner is a part of the Automatic WordPress File Scanner.

The purpose of the Plugin and Theme is to detect any changes to active plugins and themes.

These changes are ones that would occur outside normal WordPress actions. For example, if you upgrade a plugin to a new version using WordPress, then this would not trigger alerts from the scanner. The scanner will detect normal changes and update its records so that it doesn't alert you unnecessarily.

However, if you upload a new version of a plugin over FTP, the scanner will detect this. The scanner does not know about FTP, it only knows about WordPress. So if you make changes to your plugin or theme files outside of WordPress, the scanner will be alerted and so will you.

Completely preventing intrusions is impossible. Neither Shield, nor any other WordPress plugin can block all intrusions - there are just too many variables.

So, the next defense against intrusion is detecting any changes made to your files after someone has gained access to them. This is the purpose of the Plugin/Theme scanner.

When enabling the scanner, please consider the following characteristics carefully.

The scanner only tracks changes to active plugins and themes

The scanner does not track changes to any files for any plugins/themes that are not activated on your WordPress site.

In the case of themes, it'll track both the Parent and Child themes, if your theme is setup this way.

The scanner starts tracking when plugins/themes are activated, not when they're installed.

The scanner takes a snapshot of your plugin/theme at the time they are activated, not when they're installed.

Therefore, you are advised to always re-install a plugin/theme before activation, especially if it's be sitting deactivated on your site for a while.

The scanner does NOT SCAN FOR MALWARE

The scanner trusts your judgement when you activate a plugin/theme.  This is entirely your responsibility.

The scanner's purpose is to detect changes only (not malware).

Note: The Malware scanner is completely separate. You can find more information about the Malware scanner here.

Plugin/Theme scanner is NOT designed to scan for malware. If you activate a plugin/theme that already contains malware , the scanner does not know this. It assumes that if you activated it, you have previously checked it for malware or installed it fresh from source (i.e. it's clean).

To learn more about the Plugin and Theme Scanner, read this article here.

We also highly recommend you to read A Complete Guide To The Shield Security Scans here.