Back to scanner
Sample report preview

Example Lite Scan report for example.com

This static preview shows the kind of triage output a Lite Scan can produce before you share temporary SFTP credentials. It is fictional sample data.

Risk status
72
High risk example

Sample summary: one high-severity finding was detected in the analyzed Lite Scan scope. Review the file before deleting anything.

Findings table example

HIGH
/public_html/wp-content/uploads/2026/05/cache.php
Suspicious PHP execution path

Executable PHP appears in an uploads directory that normally stores media files.

MEDIUM
/public_html/wp-content/themes/example-theme/functions.php
Obfuscated PHP pattern

The file contains encoded code patterns that should be reviewed against a clean theme copy.

LOW
ftp-transfer.log
Admin country mismatch

A transfer event appears outside the expected administrator country list supplied for the scan.

Finding explanation example

PHP files under uploads are unusual for many WordPress sites because uploads normally contain images and documents. The Lite Scan flags this for review; a site owner should compare it with a clean backup or known-good deployment artifact before taking action.

Remediation guidance example

Preserve a copy for review, confirm whether the file belongs to a plugin, theme, or known workflow, and restore from a clean backup when compromise is confirmed. Paid Cleanup or Expert Help can support remediation after findings are reviewed.

Limitations and link handling

This sample uses fictional example.com data and is not evidence from a real customer site.
Lite Scan does not inspect WordPress database content, rogue admin users, malicious cron hooks, or every server file.
A clear Lite Scan result means no high-confidence findings were found in the analyzed scope; it does not prove the whole site is clean.
Cleanup, broader Full Scan coverage, and expert remediation are separate paid paths.

Real result pages and PDF report URLs are bearer links. Anyone with the link can view the scan output, so share them only with the incident owner.