Scan Exclusions: How To Whitelist File Or Folder Paths

If you want to exclude file or folder paths from scans, you can use "Scan Exclusions" option. We've already added a few most common paths into the exclusions list:

Important Points To Note

  • This is an advanced option and should be used with great care.

  • All paths are relative to your WordPress installation directory.
  • If a path matches any core WordPress directories, it'll be removed automatically.
  • This exclusions system is only for particular file scanning - WordPress File Scan which includes

    a) Plugin/Theme Guard files scan
    b) WP Core files scan
    c) Unrecognised files scan 
    d) Malware files scan
  • You cannot exclude files or folder paths of the

    a) Vulnerable plugins flagged by the plugin Vulnerability scanner
    b) Abandoned plugins flagged by the Abandoned Plugin scanner

How To Whitelist File Or Folder Paths

If you specify the following whitelisted folder path:

/my-whitelistedfolder-path/

... my-whitelistedfolder folder will be ignored from the scans. 

This option should be used with care as you could inadvertently whitelist file or folder paths that should be protected.

If you find you're adding a lot of paths to the list, then you're probably doing it wrong and you should contact support for guidance. For example, you shouldn't whitelist your "wp-admin", or "wp-includes" paths... these should always remain protected and shouldn't be whitelisted.

An example where you might want to always whitelist a folder path is 'wflog' ( wp-content/wflog/). This folder could be flagged to contain false-positive malware files which you may want to exclude from the malware scans. This is an example of the false-positive malware files:

All Path Entries Are Exact Comparisons

For each rule, if the file or folder path matches exactly with your rule, then the request will be whitelisted.

Here is one example:

/my-whitelistedfolder-path/

This will whitelist the following folder paths:

  • /my-whitelistedfolder-path/

But it will not whitelist the following:

  • /my-whitelistedfolder-path/abc/
  • /my-whitelistedfolder-path/abc/123/

You May Use The Wildcard Character (*) To Match Multiple Characters

The example above was of an exact match rule.

But to make your rule match the other 2 requests above, you can use an asterisk (*) to match any character. For example:

/my-whitelistedfolder-path/*

This rule will match the following:

  • /my-whitelistedfolder-path/
  • /my-whitelistedfolder-path/abc/
  • /my-whitelistedfolder-path/abc/123/

All Path Entries Are Treated As Case-Insensitive

This means that the path:

/my-whitelistedfolder-path/

will match:

  • /my-whitelistedfolder-path/
  • /My-Whitelistedfolder-Path/
  • /MY-WHITELISTEDFOLDER-PATH/

There Is No Automatic Adjustment for Trailing Slash (/)

Every website handles the trailing slash differently. And Shield does not try to handle them automatically.

This means that if you want to ensure that you whitelist "/my-whitelistedfolder-path/" and "/my-whitelistedfolder-path", you must specify both rules, e.g.:

  • /my-whitelistedfolder-path/
    	
  • /my-whitelistedfolder-path
    	

Directories should be provided with a trailing slash (/).

If the path ends in a forward slash "/" you don't need to use an asterisk... it'll treat the whole directory and everything under as excluded.

All Whitelist Entries Are Matched Only Against The Path, NOT The Query String

This means that if, for example, you whitelist a file path

*/my-whitelistedfile-path/

only the section before the "*" will be examined, and "my-whitelistedfile-path" will be completely ignored.

Note: ShieldPRO is required for the "Scan Exclusions" option. To find out what the extra ShieldPRO features are and how to purchase, please follow this link here.