The Plugins/Themes Guard scanner detects any changes to active plugins and themes and is available with Shield Pro only.

In this article, we're going to show you how it works. Before we do that, we need to enable it first...

How to enable Plugins/Themes Guard scanner

This scanner is disabled by default. To enable it, we simply go to the Hack Guard module => Plugins/Themes Guard and then:

  1. Select "Scan Enabled" from the drop-down list
  2. Set how deep into the plugin directories to scan and guard (i.e. 2).
    You can read more about this here.
  3. Enter the file types we want to be included in the scan or leave the default types.
    You can read more about this here.
  4. Enable "Show Re-Install Links" option
    You can read more about this here.

Now, the scanner is ready to guard.

To show you what exactly is happening when the scanner detects the file, we'll use the following example:

Imagine there's a suspicious/unrecognised file in the Shield plugin. For example, test-scanner-file.php:

So, when enabled, the scanner will detect this file. To show you this, we'll launch manual scan by using wizard:

At the same time the Insights dashboard will display the security notice, informing us that a plugin was found to have been modified:

Note: We can run scan by using the "Run Scan" link provided within this notice, but in this example, we'll continue with wizard.

So, let's get back to the wizard...

Now we know the name of the file detected. The next step we'll do is to examine this file...

If we're sure that it's a legit file (i.e. we've modified the plugin file by purpose), we can whitelist it. To do this, we just select "Ignore Changes" option and click "Run Selected Action" button. The scanner will not prompt us about this particular change again.

If we know that this is not a legit file, we can reinstall/upgrade it. To do this, we'll select "Re-install/Upgrade" option and then click "Run Selected Action" button:

Once we've done this, the wizard will notify us that the file has been re-installed:

Note: If we go back to our FTP manager - the file will no longer be there:

Hint: In case you want to know the exact time/date when the scanner last run, you can see that in 2 ways:

Within the Insights dashboard - Recent events

Within the Hack Guard module - Scan indicator