BTW, if anyone else has this problem, the workaround is:
1. Click the ‘repair all’ button and wait for repair confirmation message.
2. Ignore the child theme functions.php.
3. Click the ‘delete all’ button and wait for the delete confirmation message.
4. Remove the Ignore.
5. Run Scan again.
This is expected behaviour and how the scan options should work.
If you are using a theme that is available at the wordpress.org theme repository and a theme file is modified with malicious code added to it then the scanner will detect that the theme file has been modified and you can use the repair options to replace that modified file with an original uninfected copy of that file.
Child themes have to be created in a custom directory and we have no way of knowing what you are going to name that directory so the scanner is unable to match that custom directory name with the theme that is installed as the parent theme. Therefore any files in the child theme directory cannot be repaired as they will be treated as unknown files.
Oh dear @wfphil
Therefore any files in the child theme directory cannot be repaired as they will be treated as unknown files.
That is not how Wordfence works in the scan. It identifies all occurrences of infected files. Then it offers an individual repair option (which is not what I’m writing about). Or “REPAIR ALL REPAIRABLE FILES” which I have explained works absolutely fine and is truly wonderful.
Now, without examining the code in detail, I assume Wordfence creates an array of deletable files as it scans. Then when it repairs repository files it removes them from the deletable array. But child theme files stay in the array. So they get deleted (unless you follow my workaround).
Whoever deemed this “expected behaviour” needs to examine the logic. Or at least offer a realistic explanation. Because I cannot see any value in repairing a file only to subsequently delete it. And please don’t repeat that Wordfence cannot repair those files. Because I’ve examined them (before setting the Ignore flag in my workaround) and they are fully repaired – for which I thank you very much.
You must have misunderstood my reply as the scanner cannot detect that your child theme is a child theme as the child theme directory slug will not match a known theme in the WordPress theme repository.
Therefore child them files will always be treated as unknown files and cannot be repaired, they can only be deleted.