If the file isn't part of WordPress core, it will be picked up in the scan.


But, there are a couple of files you might have there which don't ship with WordPress.

Listed by default:

error_log
.htaccess
.htpasswd
.user.ini
php.ini
web.config
php_mail.log
mail.log


You may take a new line for each file you wish to exclude from the scan. (See the screen shot below)


IMPORTANT: You can add the file name or the file path. If you are adding the file path, please use "relative" paths, e.g. wp-content/uploads/test.php, rather than /home/user/path/wp-content/uploads/test.php.

Exclude Multiple Files with Regular Expressions


You can also provide regular expressions to match multiple files. If you’re unsure of what this means, you can ignore it and use the file exclusions as normal – simply put in file names of files to ignore.

How to use regular expressions for file names:

  • Any regular expressions must be surrounded by hashes, i.e. #
  • You’ll need to escape/quote any special characters.
  • An example is: #\.log#
  • This example will match error.log, test.log.txt and so they’ll be excluded