Skip to main content
All scanner file-action endpoints are available since v2.9.3.

GET /scanner/file

Returns the content of a flagged file centred around the suspicious line, providing ±40 lines of context for review. 
curl -X GET "https://example.com/wp-json/wp-manager-pro/v1/scanner/file?path=plugins%2Fmy-plugin%2Fbad.php&line=42" \
  -H "X-WP-Nonce: YOUR_NONCE"

Parameters

path
string
required
The file path relative to wp-content/. Path traversal outside wp-content/ is blocked.
line
integer
The flagged line number. The response will be centred around this line. Pass 0 or omit to return all lines.

Response

path
string
The relative path that was read.
total_lines
integer
Total number of lines in the file.
flag_line
integer
The flagged line number provided in the request.
lines
array

DELETE /scanner/file

Permanently deletes a flagged file from disk.
Deleting a file is permanent and cannot be undone. Consider using POST /scanner/quarantine to move the file to a safe location first so you can inspect it before committing to deletion.
curl -X DELETE https://example.com/wp-json/wp-manager-pro/v1/scanner/file \
  -H "X-WP-Nonce: YOUR_NONCE" \
  -H "Content-Type: application/json" \
  -d '{"path": "plugins/my-plugin/bad.php", "confirm": true}'

Parameters

path
string
required
The file path relative to wp-content/.
confirm
boolean
required
Must be true. This prevents accidental deletions.

Response

deleted
boolean
Always true on success.
path
string
The relative path of the deleted file.

POST /scanner/quarantine

Moves a flagged file to wp-content/wmp-quarantine/ and appends a .quarantined extension so it cannot be executed. A .htaccess file is written to the quarantine directory to block direct HTTP access.
Quarantined files remain on disk in a protected directory. You can inspect them manually before deciding to delete them permanently.
curl -X POST https://example.com/wp-json/wp-manager-pro/v1/scanner/quarantine \
  -H "X-WP-Nonce: YOUR_NONCE" \
  -H "Content-Type: application/json" \
  -d '{"path": "plugins/my-plugin/bad.php", "confirm": true}'

Parameters

path
string
required
The file path relative to wp-content/.
confirm
boolean
required
Must be true.

Response

quarantined
boolean
Always true on success.
dest
string
The destination path of the quarantined file relative to wp-content/ (e.g. wmp-quarantine/plugins/my-plugin/bad.php.quarantined).

POST /scanner/ignore

Adds a file to the scanner ignore list. Ignored files are skipped on future scans. 
curl -X POST https://example.com/wp-json/wp-manager-pro/v1/scanner/ignore \
  -H "X-WP-Nonce: YOUR_NONCE" \
  -H "Content-Type: application/json" \
  -d '{"path": "plugins/my-plugin/known-safe.php"}'

Parameters

path
string
required
The file path relative to wp-content/ to ignore.

Response

ignored
boolean
Always true on success.
path
string
The path that was added to the ignore list.

GET /scanner/ignored

Returns all file paths currently on the scanner ignore list. 
curl -X GET https://example.com/wp-json/wp-manager-pro/v1/scanner/ignored \
  -H "X-WP-Nonce: YOUR_NONCE"

Response

Returns an array of relative file path strings (relative to wp-content/).

DELETE /scanner/ignored

Removes a file from the scanner ignore list. The file will be included in future scans. 
curl -X DELETE https://example.com/wp-json/wp-manager-pro/v1/scanner/ignored \
  -H "X-WP-Nonce: YOUR_NONCE" \
  -H "Content-Type: application/json" \
  -d '{"path": "plugins/my-plugin/known-safe.php"}'

Parameters

path
string
required
The file path to remove from the ignore list.

Response

removed
boolean
Always true on success.

Build docs developers (and LLMs) love

Get started for freeTalk to us