The Plugins/Themes Guard scanner detects any changes to active plugins and themes and is available with Shield Pro only.

In this article, we're going to show you how it works. Before we do that, we need to enable it first...

How to enable Plugins/Themes Guard scanner

This scanner is disabled by default. To enable it, we simply go to the Hack Guard module => Plugins/Themes Guard and then:

  1. Select "Scan Enabled" from the drop-down list
  2. Set how deep into the plugin directories to scan and guard (i.e. 2).
    You can read more about this here.
  3. Enter the file types we want to be included in the scan or leave the default types.
    You can read more about this here.
  4. Enable "Show Re-Install Links" option
    You can read more about this here.

Now, the scanner is ready to guard.

To show you what exactly is happening when the scanner detects the file, we'll use the following example:

Imagine there's a suspicious/unrecognised file in the Shield plugin. For example, test-scanner-file.php:

So, when enabled, the scanner will detect this file. 

At the same time the Overview dashboard will display the security notice, informing us that a plugin was found to have been modified:

Note: We can run scan by using the "Run Scan" link provided within this notice.

Now we know the name of the file detected. The next step we'll do is to examine this file...

If we're sure that it's a legit file (i.e. we've modified the plugin file by purpose), we can whitelist it. To do this, we just select "Ignore" option in the Scan Results. The scanner will not prompt us about this particular change again.

If we know that this is not a legit file, we can reinstall/upgrade it. To do this, we'll select "Re-install" option.

If we go then go back to our FTP manager - the file will no longer be there:

Hint: In case you want to know the exact time/date when the scanner last run, you can see that in the Overview section => Recent Events: