File Scanning Process

The time needed to scan website depends on server speed, the number of plugins, themes, additional code and website size overall. Because of that, it is possible that scan process can’t finish working inside the limited PHP execution time set by the server (usually 30 or 60 seconds). Because of that, Scanner can split the process into smaller blocks, and will work until it reaches the time limit, and will spawn new process to continue with the process. Depending on the multiple factors, scanning process can take 3 or more spawned process to finish. On small websites, it can be done within 20 seconds window.

The scanning process has various phases, and some of these are depending on the data that can be cached, so running the scanner multiple times over the period of few days will be slowest on the first run, and much faster later on.

While the scanner is running, page will refresh the scanner log messages every 10 seconds. You will see the messages looking something like this:

File Scanner Messages

Messages are timestamped and color coded, and displayed with latest messages on the top. Once the process is finished, messages will be displayed from oldest to newest.

Phase 1: Preparing Tasks

During the start or zero phase, plugin will compile the list of tasks to run during the scanning process.

Phase 2: Preparing Integrity Scan

Preparing integrity scan involves getting of the checksum files with hashes for WordPress Core and WordPress plugins from WordPress Repository and Dev4Press API. Checksums are cached for the period of 7 days.

coreSecurity Pro will get all the checksums for eligible plugin versions from WordPress repository and Dev4Press.

Phase 3: Run WordPress Integrity Scan

Plugin runs WordPress Core integrity scan first. If the checksums are not found (the WordPress version is not official version that has checksums), this step will produce no results, and the whole WordPress core will be scanned for Malware later on.

Phase 4: Run Plugins Integrity Scan

For all plugins that coreSecurity managed to get valid checksums, integrity scan will be executed, and each plugin is a single task.

And, for each plugin scanned, plugin will check if there are any new files or directory present inside the plugin directory, and those will be included in malware scan.

Plugin integrity will be considered valid only if all checksums are valid and if there are no extra files or directories found inside the plugin directory.

Phase 5: Prepare Malware Scan

Malware scan has two tasks: WordPress and Content.

WordPress Task

This task covers the website root directory files, wp-admin and wp-includes directories. But, this preparation step will exclude all the WordPress core files that have passed integrity scan. So, if all files have passed the integrity scan, only directories added to the website root and additional files in the root will be added to malware scan.

Content Task

This task covers only the wp-content directory. All plugins that have passed the integrity scan, will be excluded. But, if the additional directories or files were found, they will be used for the task preparation.

Since themes don’t have the checksums, all themes will be included, all the files in the mu-plugins, and any other directory inside the content. This task will compile list of eligible files for scanning.

Phase 5: Run Malware Scan

Both malware tasks will be run until all the eligible files (from the previous preparation tasks) are scanned.

Rate this article

You are not allowed to rate this post.

Leave a Comment