What is the File Scan Areas feature and how to use it?
The File Scan Areas feature gives you the opportunity to select which areas of your WordPress site you want to be scanned.
List of scan areas
Each scan area performs a specific task.
- WP core files
Scans all WP files that are installed for your WordPress version. It also looks for files that shouldn't be in a WP Core directory. Doesn't look within the /wp-content/ directory.
- PHP Malware
Scans all PHP files for malware patterns.
Looks for modified or unrecognised files within plugin directories.
- /wp-content/ directory
The wp-content directory is the wild-west and many plugins and themes use it to store working files. It's practically impossible to tell which files should and shouldn't be there. This scan area currently focuses on only .php, .js, .ico files.
- WP root directory
The WP root directory is like the /wp-content/ directory and many non-WordPress files are kept there. With it often being very untidy, it's the perfect place to hide malicious files in plain sight. We have some rules that we can use to detect unidentified files, but you'll probably see some false positives.
How to use The File Scan Areas feature
Then, select the scan areas which should be scanned. The scanners will scan these specific areas and if they find any file modification or a file that's shouldn't be there, you'll be alerted.
Note: The more areas that are selected, the longer the file scan will take to complete.
For more information about the Shield Scanners and how they work, read this guide here.