Scan WordPress Core, Theme & Plugin Files Against Originals

It is very important to watch your WordPress core, plugin and theme files for injected malware code.

In this lesson you will learn about scanning every single bit of your WordPress website core, themes and plugin files against their original version present in plugin and theme repository at

This way you can keep your website safe from malware injection which is an act of injecting infectious code into a website file. Other online threats include Worms, Trojan Horses, Rootkits, Spyware, Adware, Crimeware, Robot (botnet) Clients and the list goes on.

The easiest way to keep your WordPress site safe from online threats is to keep track of your website files and code.

And it is nearly impossible for any webmaster to keep track of each file and the code inside it. So in this lesson you will learn about an easy way for:

  1. Scanning core files against repository versions for changes
  2. Scanning plugin files against repository versions for changes
  3. Scanning theme files against repository versions for changes

We will make use of Wordfence Plugin which is a very popular, free and widely appreciated WordPress scanner, firewall and security plugin. It provides you a range of features and options but here you will learn about keeping track of core, plugins and themes against their original versions on repository.

Start by installing ‘Wordfence’ plugin in your WordPress website

Upon activation visit your admin area dashboard Wordfence -> Options page, scroll down to ‘Scans to include‘ section and make sure scans for core, plugins and theme files are checked.

Wordfence 1

Scroll down to the end of the page, save your changes. Now you may either start the scan manually from Wordfence -> Scan page or wait for the automatic scan alerts in your email inbox.

You may add your email address on this plugin’s options page under ‘Basic Options‘ section to receive alerts about new issues on your websites.

Wordfence 2

Resolving Issues & Restoring Files

Issues (problems and warnings) can easily be managed from Wordfence -> Scan page under ‘New Issues‘ tab. The plugin provides you one click restore for all WordPress core, plugin and theme files.

This means if any file with additional, unwanted or injected code is found on your website, it can be instantly restored to its original repository version.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.