Title: scan failed Last modified: August 21, 2016 --- # scan failed * [nilar](https://wordpress.org/support/users/nilar/) * (@nilar) * [11 years, 11 months ago](https://wordpress.org/support/topic/scan-failed/) * Hello, * The scan failed to find injected file in the wp-include folder. Is it just me? * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 5 replies - 1 through 5 (of 5 total) * [BenSucuri](https://wordpress.org/support/users/rngdmstr/) * (@rngdmstr) * [11 years, 11 months ago](https://wordpress.org/support/topic/scan-failed/#post-5044738) * What were the contents of the file? * Malware scans are typically signature based, if this was a new string of malicious code it might not have been picked up. * Thread Starter [nilar](https://wordpress.org/support/users/nilar/) * (@nilar) * [11 years, 11 months ago](https://wordpress.org/support/topic/scan-failed/#post-5044743) * Well … I don’t know the content of the files as my PC even refused to edit them. I mean I’m not speaking about lines of code injected in already existing files. I’m speaking about completely new files and, apart from the content of these files, I expected from wordfence a comparative scan able to detect strange named php files on a core folder of the wordpress installation, in particular on a css folder where php files shouldn’t be at all. * [BenSucuri](https://wordpress.org/support/users/rngdmstr/) * (@rngdmstr) * [11 years, 11 months ago](https://wordpress.org/support/topic/scan-failed/#post-5044745) * Ok, in this case, if you are seeing files in wp-includes that shouldn’t be there then you should remove them. * To better determine what files should and should not be present you can use this trick in Filezilla: * [http://blog.sucuri.net/2012/11/website-malware-removal-ftp-tips-tricks.html](http://blog.sucuri.net/2012/11/website-malware-removal-ftp-tips-tricks.html) * Have a fresh copy of WordPress on the left and browse your site files on the right and then press Ctrl+O – the green/white files match and the yellow files will be out of place. * As for Wordfence finding .PHP files with strange names, I am not sure if this is something Wordfence does. Random/strange filenames is only a proxy indicator for malware, though, and does not always indicate an infection (take, for instance, cache files which tend to have very random and strange names) * Thread Starter [nilar](https://wordpress.org/support/users/nilar/) * (@nilar) * [11 years, 11 months ago](https://wordpress.org/support/topic/scan-failed/#post-5044778) * The trick is awesome … you changed my life. Really 🙂 * As for Wordfence, probably you are right. I gave it as granted that it performed a comparison scan on core folders that, unless you are a very reckless webmaster, shouldn’t change. But maybe not. * Anyway Wordfence is fantastic in the real time alerting system. Recently got 2 hackers while they were hacking thanks to this. Remarkable 🙂 * [BenSucuri](https://wordpress.org/support/users/rngdmstr/) * (@rngdmstr) * [11 years, 11 months ago](https://wordpress.org/support/topic/scan-failed/#post-5044791) * Yeah, it’s a very handy tool 🙂 * There’s really no reason to have any out-of-place files in wp-includes – In infected sites I find most often they are spam related files. * If you’re not sure about a certain file feel free to pastebin here and I can take a look. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘scan failed’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [Failed](https://wordpress.org/support/topic-tag/failed/) * [scan](https://wordpress.org/support/topic-tag/scan/) * [wp-include](https://wordpress.org/support/topic-tag/wp-include/) * 5 replies * 2 participants * Last reply from: [BenSucuri](https://wordpress.org/support/users/rngdmstr/) * Last activity: [11 years, 11 months ago](https://wordpress.org/support/topic/scan-failed/#post-5044791) * Status: not resolved