Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist:
Download our exclusive 10-Point WP Hardening Checklist:
Scan WordPress For File Changes Using Wordfence – Better WordPress Security | WP Learning Lab

In this tutorial I’m going to show you what types of information the Wordfence Security Plugin can turn up when you use it to run a scan of your website files. Just to give you an idea, this plugins helps with:

1. WordPress site safety
2. Finding WordPress malicious code
3. WordPress check for exploits
4. WordPress prevent weakness
5. WordPress improve protection
6. WordPress theme issues
7. WordPress check for viruses

The WP Wordfence plugin is a great WordPress safety solution. So, let’s get starting using this WordPress plugin.

First, you’ll have to install the plugin. You can find it by going to Plugins area in your WordPress dashboard and clicking on Add New Following that search for Wordfence. It is the one with the yellow shield for the image.

There is a free and a paid version of Wordfence. Everything you’ll see in this tutorial is done using the free version of the plug-in.

Once installed and activated find the Wordfence menu item in the bottom left and click on it. This will take you to the WordPress scan site page. Click on Start A Scan.

Once the scan is complete Wordfence will give a diagnoses in these categories:

– Remote scan of public facing site only available to paid members (Paid Members Only)
– Check if your site is being Spamvertized is for paid members only
(Paid Members Only)
– Checking if your IP is generating spam is for paid members only
(Paid Members Only)
– Scanning your site for the HeartBleed vulnerability
– Fetching core, theme and plugin file signatures from Wordfence
– Fetching list of known malware files from Wordfence
– Comparing core WordPress files against originals in repository
– Comparing open source themes against originals
– Comparing plugins against originals
– Scanning for known malware files
– Scanning file contents for infections and vulnerabilities
– Scanning files for URLs in Google’s Safe Browsing List
– Scanning database for infections and vulnerabilities
– Scanning posts for URL’s in Google’s Safe Browsing List
– Scanning comments for URL’s in Google’s Safe Browsing List
– Scanning for weak passwords
– Scanning DNS for unauthorized changes
– Scanning to check available disk space
– Scanning for old themes, plugins and core files

When you scroll further down the scan page Wordfence will show you all the items that need your attention. Here you will find:

1. plugins and themes that need updating
2. files and code that appear suspicious and
3. file contents that have changed from the originals

You do have to go through and decide whether the file changes are threats or if the files are legitimately changed by the developer.

That’s how you use Wordfence to scan your website and determine if files have been changed.

I hope this information helps you! If you have any questions leave a comment below or ping me @WPLearningLab on Twitter.


If you want more excellent WordPress information check out our website where we post WordPress tutorials daily.


Connect with us:

WP Learning Lab Channel:



Google Plus:



Please enter your comment!
Please enter your name here