Core Scanner Module

Scan your WordPress website core files for infections

Finds unknown files and detects modifications to the official WordPress files

The Core Scanner compares all your core WordPress files (over 1,200) with the secure master copy maintained by

With one click you will know if even a byte was changed in any file. If so, you can immediately recover the original version.

Perfect for restoring hacked sites!

It is a big warning sign that your site has been hacked if your WordPress Core files have been modified.

With the Core Scanner module you can quickly scan for modified files and fix any problems.

Files are scanned and compared via the MD5 hashing algorithm to original WordPress core files available from

Note: Not every change on core files is malicious and changes can serve a legitimate purpose.

However if you are not a developer and you did not change the files yourself the changes most probably come from an exploit.

The WordPress community strongly advises that you never modify any WP core files!

  • Scan WP core files with one click
  • Quickly identify problematic files
  • Restore modified files with one click
  • Great for removing exploits and fixing accidental file edits/deletes
  • View files' source to take a closer look
  • Fix broken WP auto-updates
  • Detailed help and description
  • Color-coded results separate files into 5 categories:
    • files that are modified and should not have been
    • files that are missing and should not be
    • files that are modified and they are supposed to be
    • files that are missing but they are not vital to WP
    • files that are intact
  • Auto-updates keep the plugin up-to-date without the need to re-upload it
  • Easy-to-use GUI
Security Ninja is scanning your core files. It will only take a few moments.

What are the Core files in WordPress?

The core files of WordPress are kept in the root of your website, in the folders wp-admin/ and wp-includes/. There are also core files kept in the root of your website, such as wp-load.php, wp-config.php, wp-cron.php, all starting with wp-

This is what is referred to as the core WordPress files. Any functionality or design should be added via plugins or the theme you are using.

You should never modify the core files as this could prevent expected behavior by plugins and themes and any changes you have will be overwritten by future WordPress core updates.

Security and bug fixes

Updating your WordPress installation is necessary as new bugs and most importantly security updates are released. If your WordPress installation is modified these changes will be overwritten by the update.

If you do not update WordPress, either by a decision not to overwrite your changes or because the update mechanism has been blocked, you are open to potential attacks.

If there are modified files, this could also be a sign of malicious code and you need to review the files that have been modified.

The Core Scanner helps you detect if there are any modified or unknown files in your WordPress installation.

We won't spam you. Unsubscribe any time.

Wait! Before you go!

Get 10% discount for any WP Security Ninja plan!


Subscribe to our newsletter for new releases, discounts and general WordPress Security news. Sprinkled with other interesting stuff :-)

10% OFF

Subscribe to our newsletter

* We do not spam or share your email

Discount on any Security Ninja plan

and get

Hi and welcome back :-)