What is the Unrecognised File Scanner and how does it work?

The Unrecognised File Scanner is a part of the Hack Guard module. It identifies and eliminates all files that aren't on the WordPress Core File list. 

Using the same list of official files (as from the Core File scanner) it identifies files that aren't on the list. Any non-standard files stored inside the WordPress core installation are simply in the wrong place and should be removed.

How does the Unrecognised File Scanner work?

It scans for and automatically deletes any files in your core WordPress folders that are not part of your WordPress installation. The options available are as follows:

  • Daily Scan- Choose how you want scanner to behave:
    • Scan Disabled - Do not run the scanner ever
    • Email Report Only - Run the scanner as normal and an email report detailing any unrecognised files that are discovered
    • Automatically Delete Files - Run the scanner as normal and silently delete any unrecognised files that are discovered
  • Scan Uploads - Scans uploads folder for PHP and Javascript
  • File Exclusions - There are a couple of files you might have there which don't ship with WordPress, and you may wish to exclude these from the scan.
Note: You can run this scanner from within sidebar navigation => Scans section. 

Important: The Unrecognised File Scanner will scan "wp-admin" and "wp-includes" folders. However, if "Scan Uploads" option is enabled, it will scan the "wp-content/uploads" folder as well.

To learn more about the Unrecognised File Scanner read our blog article here.

Important: After the WordPress upgrade, the scanner could report a certain number of files as "unrecognised" but they could be part of the WordPress core installation files. For more information on this, read the article here.

Note: You can now set the scan frequency by using Daily Scan Frequency feature.