What does Wordfence scan?

From Wordfence Documentation
Jump to: navigation, search

During a scan, Wordfence:

  • Scans all files in the base of your WordPress directory (ABSPATH) including hidden files.
  • Scans all files in any WordPress directories under this base directory.
  • Compares all your core files against the originals, will show you the changes and let you repair them.
  • Compares all your plugin files against the originals, will show you the changes and let you repair them.
  • Compares all your theme files against the originals, will show you the changes and let you repair them.
  • Scans all your files (including themes and plugins, even for free users) to see if they are on a list of known malware files. The current list is over 44,000 files.
  • Scans the contents of all your files (including themes and plugins, even for free users) to see if they contain any malware, trojan, virus, backdoor, known dangerous URL or known vulnerability.
  • Scans all your posts and comments for URL's on Google's Safe Browsing list.
  • Scans for weak passwords.
  • Alerts you to DNS changes.
  • Checks for out of date plugins or themes.
  • Checks your disk space.
  • Continually scans comments as they arrive.


For details on enabling or disabling specific scans, see Wordfence options.