Core Scanner

Keep your core WordPress files in check

Easily monitor the state of your WP core files. Have a clear view of files that are modified but shouldn’t be and restore them with a single click. The scanner compares all your core WordPress files (over 1,200) with the secure master copy maintained by

How does the core scanner work?

It works by finding your WordPress version, your local (language/country) setting and then asks an API at to get a list of that particular version of WordPress.

Once the list has been downloaded, the plugin checks each file in your actual WordPress installation and verifies nothing has been changed.

Not only modified original files are detected, but the plugin also generates a list of unknown files in your core WordPress folders.

Some files are ok to modify

There are some files that are supposed to be modified, such as wp-config.php that contains the details for your database settings and other necessary information that is unique to each website.

Some files are ok to be missing

There are some files that are ok, even suggested or recommended to remove. Security Ninja notes if these are missing, but does not alert you. These files are index.php, readme.html, license.txt, wp-config-sample.php, wp-admin/install.php or wp-admin/upgrade.php

Not every change is dangerous!

Not every change on core files is malicious and changes can serve a legitimate purpose. However, if you are not a developer and you did not change the files yourself the changes most probably come from an exploit.

The WordPress community strongly advises that you never modify any WordPress core files. This could cause issues with plugins and themes that expect certain functionality, or introduce security issues.

Was this helpful?

Next Article

Scan WordPress