securityninja_malware_exclude_paths

Table of Content

  1. securityninja_malware_exclude_paths
    1. Summary
    2. Usage
      1. Add one or more patterns
      2. Add multiple patterns
      3. Remove a pattern
    3. Pattern format
    4. Where to add the code
    5. Related

securityninja_malware_exclude_paths

Use this filter to add or change path patterns that the Malware Scanner excludes from scans. Excluded paths are never scanned and never reported as malware.

Back to Top

Summary

Filter name securityninja_malware_exclude_paths
Parameters $paths (array) – List of path/pattern strings currently used for exclusions.
Returns Array of path/pattern strings (you can add, remove, or modify entries).
Used by Malware Scanner (file scan and result filtering).
Back to Top

Usage

The filter runs when the scanner builds its ignore list. You receive the same array that is used for the “Exclude paths from scan” setting (per-file whitelist paths plus pattern lines). Return a modified array to add or remove exclusions without using the plugin UI.

Back to Top

Add one or more patterns

add_filter( 'securityninja_malware_exclude_paths', function ( $paths ) {
    $paths[] = '*/plugins/my-custom-plugin/*';
    return $paths;
} );
Back to Top

Add multiple patterns

add_filter( 'securityninja_malware_exclude_paths', function ( $paths ) {
    return array_merge( $paths, array(
        '*/plugins/leadpages/*',
        '*/plugins/accessally/*',
        '*/plugins/updraftplus/*',
        '*/themes/my-theme/vendor/*',
    ) );
} );
Back to Top

Remove a pattern

add_filter( 'securityninja_malware_exclude_paths', function ( $paths ) {
    return array_values( array_filter( $paths, function ( $p ) {
        return $p !== '*/plugins/some-plugin/*';
    } ) );
} );
Back to Top

Pattern format

  • Each entry is a single string (path or pattern).
  • Patterns are matched against the full server path to the file.
  • Use * as a wildcard (matches any characters).
  • Matching is case-insensitive.

Examples:

  • */plugins/plugin-name/* – exclude an entire plugin folder
  • */themes/theme-name/inc/* – exclude a subfolder of a theme
  • *wp-content/uploads/cache/* – exclude a cache directory
Back to Top

Where to add the code

Add the filter in your theme’s functions.php or in a small custom plugin. It runs during the malware scan, so it must be loaded before or when the scan runs (normal WordPress loading is sufficient).

Back to Top

Related

You can also manage exclusions in the plugin: go to Security Ninja → Malware Scanner and use the “Exclude paths from scan” box. Paths added via this filter are applied in addition to those saved in the plugin and are included in the same ignore list used for scanning and result display.

Written by

Back to Top

Get AI-Powered Security Summary

Let AI analyze this WordPress security article and provide actionable insights from WP Security Ninja experts.

ChatGPT Claude Perplexity Gemini
Trusted WordPress Security Expert

Was this helpful?

Previous Article

securityninja_is_temporary_login_link