Security Blog
Posted By Gregory

What the WP Cerber scanner scans and detects


Cerber Security Scanner is a sophisticated and extremely powerful tool that thoroughly scans every folder and inspects every file on a website for traces of malware, trojans, backdoors, changed and new files. The scanner verifies the integrity of WordPress, plugins, and themes and prevents them from being infected with unforeseen malware.

We’ve spent a great deal of time studying malware, trojans and their patterns and algorithms. As a result, we’ve implemented a set of heuristic algorithms that effectively detect almost all known and unforeseen pieces of malware.

Scans and verifies all WordPress files

This scan checks if all WordPress folders and files match what exist in the official WordPress core repository. If a file has been changed, usually it means your WordPress installation has been altered or infected by malware which has modified a file or a set of files. If changes have occurred, all changed files are listed and marked as Checksum mismatch. In this case you have to simply reinstall WordPress. Go to the Dashboard / Updates admin page. Click the Re-install now button.

Scans and verifies all installed plugins

As with the WordPress core file change detection above, the scanner compares your plugin files with what are in the official WordPress repository, and will alert you to any changes. Cerber Security Scanner verifies the integrity of plugins that are installed from the official repository on wordpress.org as well as commercial plugins that are installed manually.

Scans and verifies all installed themes

As with the WordPress core file change detection above, the scanner compares your theme files with what are in the official WordPress repository, and will alert you to any changes. Cerber Security Scanner verifies the integrity of themes that are installed from the official repository on wordpress.org as well as themes that are installed manually.

Detects not bundled, abandoned and unattended files

The scanner detects files in any WordPress, theme or plugins folders which are not a normal part of them. The scanner recognizes those files as “ownerless” or “not bundled” because they do not belong to any known part of the website and should not be there. In a scan report these files are marked as Unattended suspicious file.

Some developers do not follow the official guidelines that WordPress provides for theme and plugin developers, so you should make sure that a suspicious file is not a part of a poorly designed plugin or theme.

Inspects file contents for suspicious code signatures

Our team maintains a list of malicious and suspicious code patterns (signatures) that are usually used in malware, trojans, viruses and backdoors. During a scan, the scanner inspects the contents of every file for presence of these patterns.

Scans installed plugins for known vulnerabilities

The scanner scans installed plugins for known vulnerabilities. If you have enabled scheduled automatic scans you will be notified in a email report if a vulnerability in one of the installed plugins has been discovered.

Inspects any files as if they were executable

The scanner looks for malicious code that is hidden inside files that have non-executable extensions like PNG or JPG. This inspection is a part of Full Scan.

Inspects .htaccess files for malicious directives

The scanner looks for malicious and suspicious directives like redirecting users to malicious or phishing websites and PHP configuration directives in .htaccess files that must not be in a normal .htaccess file on a normal WordPress powered website. The scanner also verifies the integrity of a .htaccess file if it’s bundled with WordPress, with a theme or a plugin.

Scans all folders for new and modified files

The scanner looks for new files and monitors changed files in all website folders including the system temporary folder, the temporary folder for uploaded files and the sessions folder.

Inspects temporary and session folders

The scanner scans those folders like other website folders. It’s crucial to monitor those folders because some malware can reside there.

Read more about the malware scanner:

How to use Cerber Security Scanner for WordPress

Automated recurring scans and email reporting for WordPress

Automatic cleanup of malware and file recovery

Cerber Security Scanner Settings explained

Troubleshooting malware scanner issues

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.


I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.

View Comments