Title: Two observations/feedback after fighting malware all week Last modified: August 31, 2016 --- # Two observations/feedback after fighting malware all week * [Ash](https://wordpress.org/support/users/ashmetry/) * (@ashmetry) * [10 years, 4 months ago](https://wordpress.org/support/topic/two-things-2/) * I’ve been fighting malware all week on my server. Wordfence was a huge help however I made few observations that I wanted to relay back. I used the free version so I’m not sure if the paid offers more. * 1) I had everything checked under “Scans to include” and few files were still missed. Mostly with premium plugins or custom themes or child themes that are not found in the WP repository. I understand it’s hard to compare these files since there is nothing to compare them to. But I expected to find something in the output report that tells me that PLUGIN XYZ and THEMES ABC were not scanned because they are not in the repository. Something that tell me where to do a manual check instead of the all green & you’re safe message which was misleading in this case. * 2) It would be nice to have an option to scan php files for excessive use of chr(..) and eval(..) commands. I noticed that most files contain these functions to “glue” strings together. Granted, searching is bound to create false positives but maybe a flexible tolerance set by the user can be configured. I blogged about how I cleaned the files missed by WF here: [http://ametry.com/ash/linux-commands-to-help-find-malware/](http://ametry.com/ash/linux-commands-to-help-find-malware/) * Hope this helps the next person and help make your great plugin better. * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 1 replies (of 1 total) * [SooBahkDo](https://wordpress.org/support/users/soobahkdo/) * (@soobahkdo) * [10 years, 4 months ago](https://wordpress.org/support/topic/two-things-2/#post-7036476) * Hi Ash, * Great idea about adding a feature to distinguish the scans results for premium, non-repository code from the scan results of WP repository code that can be compared for changes or infection. Viewing 1 replies (of 1 total) The topic ‘Two observations/feedback after fighting malware all week’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 1 reply * 2 participants * Last reply from: [SooBahkDo](https://wordpress.org/support/users/soobahkdo/) * Last activity: [10 years, 4 months ago](https://wordpress.org/support/topic/two-things-2/#post-7036476) * Status: not resolved