Filter – securityninja_whitelist

This filter allows you to customize the whitelist that Security Ninja uses while scanning for malware.

Use this filter to ignore sections of your WordPress installation from the malware scanner. This is useful if you have false positives, where there are files that look malicious but you know for sure they are not.

This function needs you to use wildcards such as ? and * for matching files and folders.

add_filter( 'securityninja_whitelist', 'filter_securityninja_whitelist' );

function filter_securityninja_whitelist( $whitelist ) {
  $whitelist[] = '*/ignorefolder/*';
  $whitelist[] = '*/wp-content/uploads/ignore-this/*';
  return $whitelist;

You can add or remove new files and folders you want to whitelist.

You can use * as a wildcard character, meaning it will match any folders before *

The * also works in the end, so you can whitelist an entire folder.

$whitelist[] = '*/my-specific-folder-name/*';
Note: This filter was introduced in v. 5.141, make sure you are upgraded to the latest version.

Usage Examples

In this example we will whitelist the Classic Editor plugin.

You can whitelist the entire folder by adding a line like this:

$whitelist[] = '*/wp-content/plugins/classic-editor/*';

Since the filter supports * wildcard, you can also simplify like this:

$whitelist[] = '*/classic-editor/*';

Note – this means any folder named “classic-editor” on your website will be ignored. Be sure not to use a generic folder name that will whitelist more than you want.

If you only want to whitelist a specific file, but want the rest of the files to be scanned:

$whitelist[] = '*/wp-content/plugins/classic-editor/classic-editor.php';

This will only ignore that specific file from scanning.

If you want to ignore a particular folder in uploads, in this case we want to whitelist the folder that the WP All Import plugin uses:

$whitelist[] = '*/wp-content/uploads/wpallimport/*';


How to include on your website

You can copy paste your modified version of the snippet into your theme’s functions.php file. This is a common place to store custom code.

If you are unable to edit the file or do not want to touch your theme code you can use a plugin such as “My Custom Functions” – Free from This is a great little tool to add custom code to your website without editing any files in your theme or plugins.

  • Log in to your website and go to “Plugins” -> “Add New”
  • Search for “my custom functions” and locate the plugin named “My Custom Functions by Space X-Chimp.
  • Install the plugin using the button “Install Now” and then wait a few seconds until you can click “Activate”.
  • After the plugin is activated, go to “Settings” -> “PHP Inserter”.
  • Here you can copy-paste the code above.
  • Make sure to customize to filter out the files and folders you want to whitelist using the examples above.


Was this helpful?