What is the Malware Scanner and how does it work?
The Malware Scanner is a part of the Automatic WordPress File Scanner.
It will discover all sorts of malware patterns embedded in your PHP files, wherever they're hidden on your WordPress site (WP core, plugins, themes).
It focuses on the following:
ABSPATH‘ – this is the directory that contains your
- automatic repair of WordPress core files
- automatic repair of WordPress.org plugins and themes
How the Malware Scanner works
This scanner will automatically detect files infected with malware signatures.
What is the False Positives Confidence?
So, Shield can ignore false positives in Scan Results automatically.
You can choose to ignore files with potential malware manually in your scan results, depending on whether the confidence that it's a 'false positive' meets your minimum threshold.
A false positive happens when a file appears to contain malware and shows up in scan results, but it's actually clean. (A false positive is similar to when an anti-virus alerts to a file that doesnt have a virus.)
The higher the confidence level, the more likely a result is a false positive. A low level means it's less likely to be a false positive.
The scan will automatically ignore results whose 'false positive' confidence level is greater than your chosen threshold.
The higher the confidence threshold you select, the more likely that 'false positives' will appears in your scan results.
Disabling network intelligence turns off 'false positive confidence' levels. You will no longer benefit from the intelligence gathered from the entire network. All data shared is completely anonymous.
The more sites that share this information, the stronger and smarter the network becomes.
- Auto-Repair WP Core - Automatically reinstall any core files found to have potential malware.
- Auto-Repair WP Plugins/Themes - Automatically repair any plugin/theme files found to have potential malware.
Important: This option is only compatible with plugins/themes installed from WordPress.org..
Please also note that:
- Auto-repair core files only repairs actual WP core files - it won't delete any. It can be deleted manually.
- The plugin and theme auto-repair will replace plugin/theme files, but won't delete files that don't belong. This can be done by the site admin manually.
Once the scanner detects infected file(s), it'll either try to repair them automatically or you can do this manually. How it'll behave depends on your personal settings.
To run manual scan or to review infected files, you can use Scans section of the Shield Security main menu.
For example, Malware Scanner detected potential malware in a WordPress core files. You can go to the Scans section > run scans > review scan results. Then, you can choose an action you want - ignore or delete:
We highly recommend you to read A Complete Guide To The Shield Security Scans here.
Important: If you're unsure whether the file is malware or not, read this article here.
For more information about the Malware Scanner, please read the blog article here.