Support » Plugin: Wordfence Security - Firewall & Malware Scan » Exclude directories from scan

  • Wordfence v6.2.2

    I have a site on a cPanel-based hosting provider. My first site lives in /home/username/public_html.. my second and third sites live in /home/username/public_html/second_site and /home/user/public_html/third_site respecitvely. A WordFence scan initiated on my first site ALSO scans second_site and third_site. second_site and third_site are also using WordFence and have their own scans configured.

    Is there a way to configure WordFence on first_site to ignore the directories second_site and third_site?

    Thanks in advance for your assistance.


    • This topic was modified 5 years, 7 months ago by TheITJuggler.
Viewing 15 replies - 1 through 15 (of 17 total)
  • Hi Steve,
    Please make sure you don’t have “Scan files outside your WordPress installation” option enabled at (Wordfence > Options => Scans to include).

    Also, you can make use of “Exclude files from scan that match these wildcard patterns.” option at the same section.




    This too has been a problem for me. The “Exclude files from scan that matc these wildcard patters”, for directories, was not a solution for me. I’m trying out the “Comma-separated list of directories to exclude from recently modified file list” and adding each directory/folder to that list, comma separated, to see how that works out.


    I have the same problem, before we had an option to exclude subfolders from being scanned. Now there is only the “Exclude files from scan that match these wildcard patterns.”

    My scans suddenly take more than 3 hours now because it scans all my subdomains too and I can not exclude them anymore?

    Is there a way to work around this please?


    Hi Annie,
    You should be able to exclude sub-folders using the wildcard(*), for example you can exclude all this sub-directory files (/sub-directory/*).

    Let me know if this is what you mean,


    I actually do not know what to add there and how?
    If I only want to scan my main domain what do I add exactly if I do not want the subfolder like to be scanned please?



    If my main domain is and subfolder is “budget-transportbedrijf” would I need to fill in exactly this:


    and if I have more then one add a comma and next row the next like this:


    Before we could just see a list of what was present on the domain, click on it and it was added on the right side to be excluded, that was easier haha 🙂

    Thanks for your help!

    • This reply was modified 4 years, 11 months ago by LogoLogics.

    Yes, exactly like you said, but no need to separate them by comma and you should also get rid of parentheses (), just one per line is enough, like that:



    Hi wfalaa,

    Thanks for the info!


    Hi wfalaa,
    I have also 2 domains (B and C) as subdirectories of my main domain A (hosting with cPanel as well).
    So I tried to exclude domains B and C from scanning of domain A, but could not succeed.
    Whether I specify
    (one per line)
    I still got changes in files from domain B and C reported from domain A.
    Is it because it is supposed to exclude files and not directories?
    Any help would be greatly appreciated.

    Hi @dgoethals
    You need to add these directories in “List of directories to exclude from recently modified file list” text area in “Wordfence > Options => Email Summary”.


    Hi wfalaa,
    Thanks for your prompt reply.
    Are they just excluded from reporting and/or also excluded from scanning?

    To get them excluded from the scan also, you can use this option “Exclude files from scan that match these wildcard patterns“.


    It’s the place where I’ve put the exclusions at first. But I still got them in the email reporting.
    Therefore it seems to me that the exclusion list does not work as expected for directories. I would like to have the scan as light as possible as I have several domains on the same hosting.

    There are two text areas, one to exclude them from scanning, and another one to exclude them from email reporting, I have mentioned both of them in my two previous replies, this is the correct formula by the way: /budget-transportbedrijf/*

    That should work fine, but I guess you will need to wait for the next email summary.


    Hi Wfalaa,
    Back after next e-mail reporting.
    In both “Exclude file from scanning” and “Exclude from email reporting”, I stated:


    Nevertheless, they are scanned and reported in the email.
    Your help would be greatly appreciated.
    Kind regards

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘Exclude directories from scan’ is closed to new replies.