This documentation page does not apply to our software versions for Joomla! 4.0 and later versions. If you are not using Joomla 3 please consult the documentation index to find and read the correct version of the documentation.
PHP File Scanner: Running a scan
Performing a scan is a very simple process. Just go to your site's backend,, and click on . On that page, simply click on to initiate the scan. A modal dialog is displayed.
The scan process is split in many steps in order to avoid server timeouts. Take a look at the Last server response label. It tells you for how long the current step is running. If this figure goes over 120 seconds, you can be sure that the scan is stuck. In case the scan is stuck or throws an error, please read the "How does it work?" section.
Please note that the first time you run this feature, all scanned PHP files will be reported as Added. This is normal. Since there was no previous scan, all PHP files are new as far as Admin Tools is concerned. A positive side-effect of this behaviour is that all PHP files go through the "Threat score" determination engine which will typically result in a list of 30-100 files you should check. In other words, even if you run this feature for the first time after a site is hacked, it will narrow down the list of files you should check.
PHP File Scanner: Managing scans
The main page of the PHP File Change Scanner feature gives you an overview of the scan operations. From left to right, you see the following columns on each row:
A checkbox which is used to select the row(s) you want to delete, by pressing the button on the toolbar.
The scan ID (a number) is a monotonically increasing number, i.e. each new scan has an ID which is equal to the previous scan's ID plus one.
Scan date is the date and time this scan was performed. The date and time are shown in GMT (UTC) timezone.
Total files is the total number of PHP files which Admin Tools detected
Modified is the total number of PHP files which Admin Tools detected that are modified since the last scan or have a threat score greater than 0 and not marked by you as safe.
Possible threats is the total number of PHP files, new, added or modified, with a non-zero threat score.
Added is the total number of PHP files which were added since the last scan.
Actions & Reports contains a link titled View Report when modified or added files are detected on your site.