Keeping your WordPress site secure is paramount. Unauthorised changes to core or plugin files can introduce vulnerabilities or malware. FlyWP’s WordPress Integrity Checker is a powerful tool designed to scan your site’s files, compare them against the official WordPress repositories, and alert you to any unauthorised modifications.
This powerful tool verifies the integrity of:
- WordPress Core files.
- Plugins that are available on the WordPress.org repository.
Note: This feature cannot verify premium plugins or themes that are not hosted on the official WordPress.org repository.
This feature is currently only available for NGINX sites.
Accessing the Integrity Checker
You can easily access the security tools from your Site Dashboard.
- Navigate to the site you wish to check.
- From the sidebar menu, click on the Security tab.
- Select the Plugin and Core Integrity Checks sub-tab.

Running an Integrity Scan
You have two ways to scan your site:
- Manually at any time.
- Automatically on a daily basis.
Automated Daily Scan
For continuous peace of mind, you can enable automated daily scans.
- Toggle the Enable Automated Daily Scan switch.
- A confirmation pop-up will appear. Click Enable.

FlyWP will now automatically scan your site’s integrity every day, ensuring that any unauthorised changes are detected promptly.
Manual Scan
To run an immediate scan of your WordPress core and plugin files, simply click the Start Scan button. The process will begin, and you’ll see a status indicator while FlyWP verifies your files.

Understanding the Scan Results
After a scan is complete, the results will be displayed clearly.

No Issues Found
If all your files match the official versions, you will see green checkmarks for both WordPress Core and Plugins. This indicates that your site’s foundational code is clean and unmodified.

Issues Found
If the scan detects a mismatch, it will be flagged with a warning icon. This means a file’s “checksum” (a unique digital fingerprint) does not match the official version. This could be due to a manual code change or, in a worst-case scenario, malicious code injection.
FlyWP will provide a detailed list of the affected files, specifying which file in the WordPress Core or a specific plugin has been altered.

Restoring File Integrity
When issues are found, you have a simple and powerful way to restore the original files.
Click the Force Update button next to the list of affected files (either for WordPress Core or Plugins).

What does “Force Update” do?
This action will download a fresh, verified copy of the affected files from the official WordPress.org repository and overwrite the modified ones on your server. This effectively reverts any unauthorised changes and restores the integrity of your site.
Important Note: This process is irreversible and will overwrite any custom modifications you may have made to these files. This feature applies only to WordPress Core and Plugins, not themes.