WordPress Security

Configuring the WP Cerber scanner settings


Cerber Security Scanner is a sophisticated and powerful tool that inspects every single file and every single folder on a website for traces of malware and backdoors, changed, and new suspicious files. The scanner verifies the integrity of WordPress, plugins, and themes and prevents them from being infected with unforeseen malware. When the scanner detects unauthorized changes, it automatically recovers affected files. Let’s take a look at the scanner settings.

WordPress Malware Scanner Settings

Custom signatures

Custom signatures allow you to add your own additional scan signatures. They will be used by the scanner during the PHP code inspection for each file containing PHP code.

Unwanted file extensions

Use the “Unwanted file extensions” field to specify a set of file extensions to look for and include files with such extensions in the results of a scan.

Directories to exclude

To exclude some directories from a scan, add them to the Directories to exclude list. Use this setting with caution because the scanner ignores all files in these directories and malware may remain undetected. Specify directories with full (absolute) paths or relative to the WordPress root directory. For instance, if you have another WordPress installation in the subfolder simply enter the subfolder name, the plugins expand the given name to the full path automatically.

If you enter a directory that doesn’t exist, the plugin removes it from the list.

Monitor new files and Monitor modified files

If you enable these options, the scanner will look for new and modified files in all website folders and includes all found files in the report. To monitor file changes the scanner uses SHA-256 algorithm. It’s recommended to have both options enabled.

Scan temporary directory and Scan session directory

Scan temporary directory and Scan session directory should be enabled because malware can reside there. You should only disable scanning these folders if the scanner is unable to process them due to hosting platform limitations and restrictions.

Diagnostic logging

If you come across an issue with the malware scanner, your go-to tool is diagnostic logging. Normally and by default it’s disabled. Know more.

Delete quarantined files

When you manually delete a file on the scan results page or the scanner does this automatically on a schedule, the file is moved to the quarantine. The plugin automatically cleans up the quarantine and deletes files permanently after the specified amount of days since the date of a scan.

Do you know that you can control and configure the scanner on any number of websites remotely? Enable a main website mode on the main Cerber.Hub website and a managed website mode on your other websites to manage all WP Cerber instances from one dashboard.

Know more about the malware scanner

How to use Cerber Security Scanner for WordPress

What Cerber Security Scanner scans and detects

Automated recurring scans and email reporting for WordPress

Automatic cleanup of malware and file recovery

Troubleshooting malware scanner issues

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.


I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments