Thank you for your message @7thcircle
In this case, the plugin will still alert you if an allowed file is recreated because allowed files are not excluded or ignored files. Let’s assume there was a hack, and you delete the file, this is what happens:
1) Hacker uploads the file hacked.php to your website’s root.
2) Our plugin raises two notifications:
– it alerts you of a new file (via the scanning engine that compares file changes in between scans)
– it alerts you that there is a non-WordPress core file in your site’s core (via the file comparison engine which compares your site’s WordPress core to that on the official repo)
3) Once you delete the file and mark the notifications as read, the plugin adds that file to the list of allowed files in WordPress core automatically. Therefore during subsequent “comparisons of WordPress core file with WordPress repo”, if the plugin notices this file again it won’t alert you that there is a non-WordPress core file on your website.
4) However, the normal scanning engine that compares the file changes in between scans will alert you that there is a new file.
To recap, allowed files are not ignored. They just won’t be included in the process when the plugin compares your site’s WordPress core files to those in the official WordPress repository. However, they will always be scanned by the engine which compares files changes in between scans.
I understand this is a bit complicated. Hence why I’d recommend you to read these two documents:
– How does the plugin detect file changes on my WordPress
– What are allowed files in WordPress core
I hope the above answers your question. Should you have any further questions, please do not hesitate to ask.
