Exclude wp-content ??

This plugin will track and record FAR too much data when allowed to scan in the wp-content folder. All plugins and uploads etc. This can be hundreds and thousands of files whenever the site updates plugins or goes through maintenance chores.

I want to exclude wp-content entirely because I’m mostly interested in the core integrity scan and perhaps new files that may be added to web root so I can check them. I know it’s possible that a hacker file could be injected within wp-content but how would I ever notice anyway in a flood of thousands of other file updates? I’m not going to review 1000+ log entries one by one to see if something is suspicious.

It’s on the latest version 2.2.1.

See screenshot:
https://www.dropbox.com/scl/fi/q1pg0kwypav1lgefdvh5l/exclusion-doesnt-work.png?rlkey=oazawgtwx9nulpvy87etnynim&dl=0

Basically, the only thing I care about is strange new files going in places they shouldn’t be, or when critical files are updated/deleted like htaccess and wp-config. I can’t be tracking the uploads folder or plugins or themes. I don’t want to track every file that changes in WP core unless it’s not supposed to be there or doesn’t match official source files. I’m trying to configure this so that the only time I get alerted is because something important changed. A flood of 1000+ notices is not something I can look through for one suspicious thing. If the exclude folder list doesn’t work for wp-content, I can’t use this.

And further, all those file types are in the ignore list, it doesn’t seem to help reduce the number of notifications. I read in the docs that “ignore” doesn’t even mean “ignore scanning”. They are STILL scanned but any kind of notice is ignored. What good is that? It’s using all this processing power just to not show anything about it. It seems to me that ignore and exclude should be the same thing. If I ignore/exclude something it’s because I don’t want to waste processing time tracking it, nor receive alerts about it.

Help me understand!