How To Identify Unwanted Files in File Manager (WordPress)

If you’ve discovered unfamiliar files or folders inside your WordPress File Manager, it can feel overwhelming or even alarming at first.

This guide will help you safely identify potentially unwanted, suspicious, or unnecessary WordPress files without accidentally damaging your website.

You’ll learn:

• What a normal WordPress file structure looks like
• Which files may require closer investigation
• How to identify inactive plugins, themes, and unused media
• What signs may indicate suspicious activity
• What to avoid deleting immediately

Most importantly, this guide focuses on safe identification only.

You do not need to remove anything immediately, and seeing unfamiliar files does not automatically mean your website has been hacked.

When To Use This Guide

Use this guide if:

• You notice unfamiliar files in File Manager
• Your malware scanner flagged suspicious files
• Your website is behaving unexpectedly
• You want to review inactive plugins/themes
• Your uploads folder appears unusually large
• You suspect possible website compromise

Before You Begin

Before making changes to your website files:

• Create a full website backup (files + database)
• Avoid deleting files unless you are certain they are unnecessary
• Keep a record of any changes you make
• If unsure, pause and investigate further first

IMPORTANT: Deleting the wrong WordPress files can break your website’s functionality, themes, plugins, or admin access.

What Is A WordPress File Manager?

Your File Manager is the area in your hosting control panel that stores:

• WordPress core files
• Themes
• Plugins
• Uploads
• Website configuration files

It allows you to view the files and folders powering your website.

Why This Matters

Over time, WordPress websites may accumulate:

• Unused plugins or themes
• Old uploads
• Temporary files
• Inactive website assets
• Suspicious or malicious files

Identifying these files safely helps:

• Improve website security
• Reduce unnecessary clutter
• Support website performance
• Detect possible malware or compromise early

What Won’t Break

This guide focuses only on safely identifying potentially unwanted files.

It does not:

• Delete files automatically
• Modify WordPress configurations
• Remove plugins or themes
• Change website functionality

Understanding a Normal WordPress File Structure

A standard WordPress installation usually contains three main folders:

• /wp-admin
• /wp-content
• /wp-includes

You will also commonly see files such as:

• index.php
• wp-config.php
• .htaccess
• wp-login.php
• wp-settings.php

These are normal WordPress core files.

1: Open File Manager

1. Log in to your hosting control panel
2. Open File Manager
3. Navigate to your website’s root directory

This is often:

• public_html
   or
• your domain folder

2: Identify Non-Standard Files

Review your root directory carefully.

Normal Files and Folders

Typical WordPress installations contain:

Standard Folders

• wp-admin
• wp-content
• wp-includes

Common Root Files

• index.php
• wp-config.php
• wp-login.php
• xmlrpc.php

Potential Red Flags

Look for:

• Randomly named PHP files
• Strange folders you do not recognise
• Files with unusual naming patterns
• Duplicate WordPress files
• Executable scripts outside standard locations

Examples:

• update123.php
• temp-shell.php
• cachefix.phtml
• random-character filenames

IMPORTANT: Custom plugins or developers may intentionally add legitimate custom files. Unknown does not always mean malicious.

3: Compare Against a Clean WordPress Installation

A useful way to identify unusual files is to compare your website structure against a clean WordPress installation.

Recommended Approach

1. Download WordPress
2. Compare:
   1. folders
   1. filenames
   1. directory structure

Look for files or folders that do not exist in the clean installation.

4: Check the Uploads Folder Carefully

Navigate to:

/wp-content/uploads/

This folder should primarily contain:

• images
• videos
• PDFs
• media files

Potential Warning Signs

Look for executable file types such as:

• .php
• .phtml
• .phar

These are not typically expected inside media upload folders.

IMPORTANT: Some advanced plugins may legitimately create PHP files in uploads folders. Always investigate before removing anything.

5: Review Recently Modified Files

Most File Managers allow you to sort files by:

• Last Modified
   or
• Date Modified

If:

• you have not updated your website recently
   and
• files changed unexpectedly in the last 24–48 hours

those files may require further investigation.

6: Identify Inactive Plugins

Inactive plugins still remain inside your website files.

Steps to Review Plugins

1. Log in to WordPress Admin
2. Go to:
   Plugins → Installed Plugins
3. Review the Inactive tab

What To Look For

• old plugins
• duplicate plugins
• plugins no longer used

The Impact of Inactive Plugins

Inactive plugins can sometimes:

• create clutter
• increase security risk if outdated
• confuse troubleshooting effor

IMPORTANT: Do not remove plugins unless you are sure they are no longer needed.

7: Review Unused Themes

Navigate to:

Appearance → Themes

Best Practice

What To Keep

• Your active theme
• One default WordPress fallback theme

Examples

• Twenty Twenty-Four
• Twenty Twenty-Three

The Impact of Unused Themes

Unused themes may:

• increase maintenance complexity
• create unnecessary security exposure
• consume storage

8: Review Unattached Media Files

Over time, websites may accumulate unused media uploads.

What To Check

1. Go to:

Media → Library

• Filter by:
  Unattached

These are files not currently linked directly to posts or pages.

IMPORTANT: Some page builders or themes may still use unattached files. Always verify usage before removal.

9: Use Security or Integrity Scanners

Security plugins and integrity tools can help compare your WordPress files against official WordPress versions.

These tools may identify:

• modified core files
• unexpected changes
• suspicious scripts
• possible malware injections

Tools

Examples include:

• Wordfence
• Integrity checkers
• Malware scanners

Advanced (Optional) Checks

For Technical Users or Administrators

Verify Core File Integrity

Compare WordPress core files against official checksums to detect modifications.

Review Server Logs

Check access logs and modification activity for unusual file changes.

Inspect File Permissions

Incorrect permissions may allow malicious file uploads or modifications.

Monitor Uploads Directory Behaviour

Unexpected executable activity inside uploads folders may indicate compromise attempts.

Common Mistakes to Avoid

• Deleting unfamiliar files immediately
• Removing inactive plugins without verification
• Assuming every unknown file is malware
• Modifying WordPress core files directly
• Skipping backups before investigations

Before You Move On

• Back up your website fully
• Document suspicious files before changing anything
• Keep WordPress, themes, and plugins updated
• Review inactive plugins and themes regularly

If This Didn’t Work

Should you still suspect suspicious files or a possible compromise:

• Run a full malware/security scan
• Review your backups
• Change WordPress passwords
• Contact your hosting provider or developer

If you need guidance removing suspicious files safely, refer to:

How To Remove Unwanted Files in WordPress

Next Recommended Step

You may also find these guides useful:

• Purchasing 1-grid’s Essential Data Backup
• How to Access File Manager in Plesk
• Using File Manager in Plesk
• How to Upload a File Using File Manager in cPanel
• How to Back Up Your WordPress Website
• How To Remove Unwanted Files in WordPress
• WordPress Security Best Practices
• How to Identify a Compromised WordPress Website
• How to Clean Malware Redirects (Hacked)

Empowering Insight

A clean and organised WordPress File Manager is not about deleting everything unfamiliar when clearing unwanted files. It’s about understanding what belongs there so you can make safe, confident decisions for your website.

FAQs

Q. Does seeing unknown files mean my website was hacked?

Not always. Some plugins, themes, or developers create custom files that may look unfamiliar.

Q. Will deleting files improve website performance?

Sometimes, but deleting the wrong files can break your website. Always investigate carefully first.

Q. Can I undo accidental deletions?

Only if you have a recent backup available.

Q. Are inactive plugins dangerous?

Inactive plugins can still become security risks if outdated, but they are not automatically malicious.

Q. Will this affect my website visitors?

Simply identifying files does not impact website functionality.

Need Additional Support?

We’re Here to Help:

Investigating unfamiliar WordPress files can feel technical, especially when security concerns are involved. If you’re unsure whether something is safe or suspicious, our Team can help guide you further. Stuck? Contact our Team for further clarity and guidance (https://1grid.co.za/contact-us/). We’re ready to see how we can help!