scanning ALL files, is not actually scanning all files

Wordfence does scan all your files, what makes you think we aren’t?

Regards,

Mark.

there was a file both in the root directory, and inside several sub directories named license.php. This file (which is not part of the wordpress files) was infected with malware. However, wordfence did not detect it.

Is there a reply and solution to this issue?

Wordfence usually does scan all files. There might have been something wrong in the host’s setup or interference from another plugin that was stopping Wordfence from scanning. If you are having similar trouble, can you send us the details in a new post?

I’m experiencing the same behaviour. The plugin is scanning plenty of files but surely not all of them. I had checked a folder with 5 files trough SSH, 4 files of them where infected and Wordfence only identified 1 of them.

// T

When you have set Wordfence to scan all files, using the various options in the “Scans to include” section of the Options page, it does check each file. The “high sensitivity” option may generate false positives and can make scans take very long on common inexpensive hosting plans (or the scans may even get stopped by the host), so it is not enabled by default.

But malware authors are always coming up with new ways of hiding what their code does, so Wordfence is constantly adding new patterns of malware files as they are discovered. If you have identified malicious files that are not found by the current version of Wordfence, can you send them to us? The address for this is: samples (at) wordfence.com

Thanks!

-Matt R