What is the File Scan Areas feature and how to use it?

The File Scan Areas feature gives you the opportunity to select which areas of your WordPress site you want to be scanned.

List of scan areas

Each scan area performs a specific task.

WP core files

Scans all WP files that are installed for your WordPress version. It also looks for files that shouldn't be in a WP Core directory. Doesn't look within the /wp-content/ directory.

PHP Malware

Scans all PHP files for malware patterns.

Plugins

Looks for modified or unrecognised files within plugin directories.

Premium plugins are also supported.

Themes

Looks for modified or unrecognised files within the active theme directory.

Premium themes are also supported.

/wp-content/ directory

The wp-content directory is the wild-west and many plugins and themes use it to store working files. It's practically impossible to tell which files should and shouldn't be there. This scan area currently focuses on only .php, .js, .ico files.

WP root directory

The WP root directory is like the /wp-content/ directory and many non-WordPress files are kept there. With it often being very untidy, it's the perfect place to hide malicious files in plain sight. We have some rules that we can use to detect unidentified files, but you'll probably see some false positives.

How to use The File Scan Areas feature

To use this feature, just go to the Shield's main navigation menu > Security Zones > Scans & Integrity > configuration> File Scans and Malware tab:

Then, select the scan areas which should be scanned. The scanners will scan these specific areas and if they find any file modification or a file that's shouldn't be there, you'll be alerted.

Note: The more areas that are selected, the longer the file scan will take to complete.

For more information about the Shield Scanners and how they work, read this guide here.