How to ignore files

Table of Content

  1. How to Ignore Files in Core Scanner
    1. Quick Start
    2. Pattern Matching Options
    3. Common Examples
    4. Step-by-Step Instructions
    5. Best Practices
    6. Troubleshooting
    7. Technical Details
    8. Related Documentation

How to Ignore Files in Core Scanner

The Core Scanner checks your WordPress core files for modifications, missing files, and unknown files. Sometimes you may want to ignore certain files – for example, legitimate files that trigger false positives or server‑generated files like error logs.

This guide explains how to use the securityninja_core_scanner_ignore_files filter to exclude specific files or patterns from Core Scanner results.

When you add files to the ignore list:

  • They won’t appear in the problem sections (Unknown Files, Modified Files, Missing Files)
  • They won’t count toward the problem count badge on the Core Scanner tab
  • They will be displayed in a separate “Ignored Files” section at the bottom of the scan results
  • You can see what’s being ignored and verify your filters are working correctly
Back to Top

Quick Start

To ignore files, add this code to your theme’s functions.php file:

add_filter('securityninja_core_scanner_ignore_files', function($ignored) {
    $ignored[] = 'wp-includes/SimplePie/src/Core.php';
    $ignored[] = '*/error_log';
    return $ignored;
});

After adding the filter, run a new Core Scanner scan to see the changes take effect.

Check out our guide on how to add custom code to your website via a snippet plugin or via your child theme: Add custom code to your website
Back to Top

Pattern Matching Options

The ignore filter supports multiple pattern matching methods, giving you flexibility in how you specify files to ignore.

1. Exact File Path Match
Match a specific file by its exact path (relative to WordPress root):

add_filter('securityninja_core_scanner_ignore_files', function($ignored) {
    // Ignore a specific file
    $ignored[] = 'wp-includes/SimplePie/src/Core.php';
    return $ignored;
});

Use case: When you know the exact file path that’s causing a false positive.

2. Wildcard Pattern Matching
Use wildcards to match multiple files:

add_filter('securityninja_core_scanner_ignore_files', function($ignored) {
    // Ignore all error_log files anywhere in core directories
    $ignored[] = '*/error_log';
    
    // Ignore all files in a specific directory
    $ignored[] = 'wp-includes/SimplePie/*';
    
    // Ignore files matching a pattern
    $ignored[] = 'wp-admin/*.tmp';
    
    return $ignored;
});

Use case: When you want to ignore multiple files that follow a pattern, like all error logs or all files in a directory.

3. Basename Matching
Match files by their filename only, regardless of location:

add_filter('securityninja_core_scanner_ignore_files', function($ignored) {
    // Ignore any file named 'error_log' anywhere
    $ignored[] = 'error_log';
    
    // Ignore any file named '.htaccess' (if it appears in core directories)
    $ignored[] = '.htaccess';
    
    return $ignored;
});

Use case: When you want to ignore files with a specific name regardless of where they appear.

4. Directory Prefix Matching
Match all files that start with a specific path:

add_filter('securityninja_core_scanner_ignore_files', function($ignored) {
    // Ignore all files in wp-includes/SimplePie/ and subdirectories
    $ignored[] = 'wp-includes/SimplePie/';
    
    return $ignored;
});

Use case: When you want to ignore an entire directory and all its contents.

Back to Top

Common Examples

Ignoring SimplePie Core.php (WordPress Update False Positive)
After WordPress updates, you might see wp-includes/SimplePie/src/Core.php flagged as an unknown file. This is often a false positive:

add_filter('securityninja_core_scanner_ignore_files', function($ignored) {
    $ignored[] = 'wp-includes/SimplePie/src/Core.php';
    return $ignored;
});

Ignoring All Error Log Files
Server-generated error log files can appear in various locations:

add_filter('securityninja_core_scanner_ignore_files', function($ignored) {
    // Ignore error_log files anywhere in core directories
    $ignored[] = '*/error_log';
    $ignored[] = 'error_log'; // Also catch root-level error_log
    
    return $ignored;
});

Ignoring an Entire Directory
If you need to ignore all files in a specific directory:

add_filter('securityninja_core_scanner_ignore_files', function($ignored) {
    // Ignore entire SimplePie directory
    $ignored[] = 'wp-includes/SimplePie/*';
    
    return $ignored;
});

Ignoring Multiple Specific Files
You can add multiple files to ignore:

add_filter('securityninja_core_scanner_ignore_files', function($ignored) {
    // Ignore multiple specific files
    $ignored[] = 'wp-includes/SimplePie/src/Core.php';
    $ignored[] = 'wp-admin/error_log';
    $ignored[] = 'wp-includes/debug.log';
    
    return $ignored;
});
Back to Top

Step-by-Step Instructions

  1. Access your theme’s functions.php file
    • Navigate to Appearance > Theme Editor in WordPress admin
    • Or use FTP/SFTP to access: /wp-content/themes/your-theme-name/functions.php
    • Important: Always use a child theme or create a backup before editing
  2. Add the filter code
    • Add the filter code at the end of your functions.php file (before the closing ?> tag if present, or at the very end)
    • Use one of the examples above, or combine multiple patterns
  3. Save the file
  4. Run a new Core Scanner scan
    • Go to Security Ninja > Core Scanner
    • Click “Scan Core Files”
    • The ignored files will now be excluded from problem counts
  5. Verify the results
    • Check the “Ignored Files” section at the bottom of the scan results
    • Verify that your ignored files appear there and not in the problem sections

After running a scan, ignored files are displayed in a separate section at the bottom of the Core Scanner results. The Ignored Files section shows all files that were filtered out, grouped by reason (Unknown files, Modified files, or Missing files). A code example is shown to remind you how the filter works. This helps you verify that your filters are working correctly and see what’s being ignored.

Back to Top

Best Practices

  • Use child themes: Always add code to a child theme’s functions.php to prevent losing changes when the theme updates
  • Be specific: Only ignore files you’re certain are safe. When in doubt, investigate the file first
  • Document your ignores: Add comments explaining why each file is ignored: 
    add_filter('securityninja_core_scanner_ignore_files', function($ignored) {
    // Ignore SimplePie Core.php - false positive after WP 6.x update
    $ignored[] = 'wp-includes/SimplePie/src/Core.php';
    
    // Ignore server error logs - legitimate server-generated files
    $ignored[] = '*/error_log';
    
    return $ignored;
});
  • Review periodically: Periodically review your ignored files list to ensure they’re still relevant
  • Test after changes: After adding new ignore patterns, run a new scan to verify they work as expected
Back to Top

Troubleshooting

Files Still Appearing in Results
If files you added to the ignore list are still showing up in scan results:

  • Make sure you saved the functions.php file after adding the filter
  • Verify the file path matches exactly (case-sensitive on some servers)
  • Run a new scan – old scan results won’t update automatically
  • Check for syntax errors in your functions.php file (check WordPress debug log)

Filter Not Working
If the filter doesn’t seem to be applied at all:

  • Verify the filter name is exactly: securityninja_core_scanner_ignore_files
  • Check that your functions.php file is in the active theme directory
  • Ensure there are no PHP syntax errors (check error logs)
  • Try using an exact file path first to test if the filter is working

Pattern Not Matching
If your wildcard pattern isn’t matching files as expected:

  • Use exact file paths first to verify the filter works
  • Try different pattern formats (wildcard vs. directory prefix)
  • Check the file path format – use forward slashes / not backslashes \
  • Remember patterns are case-sensitive on some servers

Finding the Correct File Path
If you’re not sure what path to use for a file:

  • Look at the file path shown in the Core Scanner results
  • Use that exact path in your filter
  • Paths are relative to your WordPress root directory (where wp-config.php is located)
Back to Top

Technical Details

  • Filter hook: securityninja_core_scanner_ignore_files
  • Filter location: Applied in both do_action_core_run_scan() and scan_files() methods
  • Pattern matching: Uses fnmatch() for wildcard patterns, with fallback to exact and basename matching
  • Case sensitivity: Matching is case-insensitive for better compatibility
  • Path normalization: Paths are normalized (backslashes converted to forward slashes) before comparison
Back to Top

Related Documentation

If you’re having trouble with the ignore filter or have questions about specific files, please contact our support team.

Written by

Back to Top

Was this helpful?

Previous Article

Scan WordPress