securityninja_malware_scannable_extensions

Table of Content

  1. Add extensions to scan
  2. Remove an extension from scanning
  3. Replace the full list of scannable extensions
  4. Important considerations
  5. how to include this code on your website

The securityninja_malware_scannable_extensions filter lets you control which file extensions are scanned by the Security Ninja malware scanner.

Note, this was introduced in Security Ninja Premium 5.273. Please update if you have an older version to use this filter.

By default, the malware scanner focuses on extensions that commonly contain executable code or hidden malware, such as .php. In some environments, malicious code can also be hidden inside other file types like .html, .js, or even .txt.

Use this filter if you want to:

  • Expand scanning to additional file types
  • Include custom extensions your site uses
  • Optimize scan performance by limiting which files are analyzed

Add extensions to scan

This example adds .html and .js files to the scan list:

add_filter( 'securityninja_malware_scannable_extensions', 'filter_securityninja_scannable_extensions' );

function filter_securityninja_scannable_extensions( $extensions ) {

  // Add additional file extensions to scan
  $extensions[] = 'html';
  $extensions[] = 'js';

  return $extensions;
}
Back to Top

Remove an extension from scanning

If you are certain a specific file type does not need scanning (or it causes unnecessary overhead), you can remove it:

add_filter( 'securityninja_malware_scannable_extensions', 'filter_securityninja_scannable_extensions' );

function filter_securityninja_scannable_extensions( $extensions ) {

  // Remove .html from scanning
  $extensions = array_diff( $extensions, array( 'html' ) );

  return $extensions;
}
Back to Top

Replace the full list of scannable extensions

Advanced users can override the entire list and define exactly what should be scanned:

add_filter( 'securityninja_malware_scannable_extensions', 'filter_securityninja_scannable_extensions' );

function filter_securityninja_scannable_extensions( $extensions ) {

  // Replace the entire list
  $extensions = array(
    'php',
    'js',
    'html',
    'htm',
  );

  return $extensions;
}
Back to Top

Important considerations

  • Most malware on WordPress sites is hidden in .php files because they can execute server-side code.
  • Adding lots of extensions may increase scan time on large sites.
  • Removing critical extensions (especially php) can reduce detection coverage.

For most sites, the default extension list is the best balance between performance and security coverage.

Back to Top

how to include this code on your website

Not sure how to add custom code like this safely? Check this guide:

How to include custom code on your website

Notice
Note: This filter is intended for advanced users who need to customize malware scanning behavior.

Written by

Back to Top

Get AI-Powered Security Summary

Let AI analyze this WordPress security article and provide actionable insights from WP Security Ninja experts.

ChatGPT Claude Perplexity Gemini
Trusted WordPress Security Expert

Was this helpful?

Previous Article

securityninja_malware_exclude_paths