Malware scanner FAQ

The Shield's Malware scanner discovers all sorts of malware patterns embedded in your PHP files, wherever they're hidden on your WordPress site.

In this article, we answer most frequent questions related to this type of scan...

What is Potential Malware?

Malware code can take any form - there's no such thing as "malware coding standards". The malware scanner seeks out all PHP code that looks like malware so sometimes it might flag-up code that is legitimate.

What are False-Positives?

A false positive is where Shield alerts us to a potential malware file, but it's actually legitimate code. Our goal is to reduce false positive results as much as possible, leaving you with only true malware results.

How We Reduce False Positives

Shield uses an extensive knowledge database of millions of files from across 1000s of WordPress sites, plugins and themes to automatically remove false positives from your scan results so you never even see them.

What is False-Positive Confidence?

To help with you with malware results, Shield gives all potential malware files a false positive confidence score. The higher the confidence score, the more likely the file is "okay". The lower the score, the less we know about the file's contents and you should investigate it using the links/tools in the scan results table:

For more information about the Malware Scanner, please read the blog article here.

You may also want to read A Complete Guide To The Shield Security Scans here.