Scanning Your Site with Nova Scan

Nova Scan detects malware, backdoors, and suspicious code across your entire WordPress installation. This guide covers scan profiles, understanding results, and taking action on threats.

Scan Profiles

Nova Scan offers three scan profiles, each covering a different scope:

Quick Scan

Checks your plugins, themes, and uploads directories. This is the fastest option and catches the most common attack vectors, injected plugin files, backdoor themes, and suspicious uploads.

Standard Scan

Covers the entire wp-content directory including mu-plugins, drop-ins, and any custom directories. Recommended for routine scanning.

Deep Scan

Scans your complete WordPress installation from the root directory down. This catches threats hidden in core files, wp-admin modifications, and root-level backdoors. Takes the longest but leaves nothing unchecked.

The N-Dimensional Engine

At the heart of Nova Scan is the NDE, a proprietary N-Dimensional detection engine that analyzes code at a level traditional scanners cannot reach.

Unlike conventional security plugins that rely on static virus definitions, the N-Dimensional Engine evaluates files across multiple dimensions simultaneously. It detects both known threats and zero-day attacks that have never been catalogued without needing constant definition updates.

The engine runs specialized analysis for PHP files, JavaScript files, database content, and firewall requests – each tuned for its own threat landscape.

Understanding Results

After a scan completes, the Results tab shows every finding with:

  • Severity level: Critical (red), High (orange), Medium (yellow), or Low (blue)
  • NDE Confidence: A percentage showing how certain the engine is. Higher means more confident the file is malicious.
  • File path: The exact location of the suspicious file
  • Detection method: Whether it was caught by NDE analysis, pattern match, or both

Taking Action

For each finding, you can:

  • Quarantine: Moves the file to a safe, non-executable location. The file is preserved so you can restore it if needed. This is the safest first step.
  • Delete: Permanently removes the file. Use this when you are certain the file is malicious.
  • Mark as Clean: Tells Nova Scan this file is safe. It will not be flagged in future scans. Your vote also contributes to the community clean hash network, helping other Nova Scan users.

The Compare Tab

The Compare tab lets you diff any scanned file against its original version from the WordPress.org repository. This is invaluable for detecting injected code in core files, plugins, and themes, you can see exactly what changed.

Scheduled Scans

In Settings, you can configure Nova Scan to run automatically:

  • Choose daily, weekly, or custom intervals
  • Select which scan profile to use
  • Results appear in your dashboard on the next visit

For most sites, a daily Standard Scan provides excellent protection with minimal server impact.

© Nova Heaven. All rights reserved.