Daily public/origin signal checks plus monthly full reports with per-site artifacts.
Loadingssh -t mc-ops-01-warp "sudo -u mission-control /opt/localreach/mission-control/collector/run-wp-malware-scans-daily-ovh.sh"
| Cadence | When | What It Checks | Normal Follow-Up |
|---|---|---|---|
| Daily signal scan | Every day at 08:15 UTC | Public and origin HTML, WordPress core checksums, uploads PHP execution, suspicious file heuristics, expanded DB indicators, new admins, active-theme PHP drift, and recent plugin/theme file activity. | Review only yellow/red checks. Plugin/theme file activity alone is informational. |
| Weekly scan | Not currently scheduled | No separate weekly malware timer exists right now. | Use the daily refresh after planned site work; use the monthly full scan when a deeper report is needed. |
| Monthly full scan | First day of each month at 00:00 UTC | Runs the full profile with the daily checks, verbose inventory artifacts, full reports, and ClamAV in auto mode when available. | Use for monthly review records or deeper inspection after an incident. |
| Manual refresh | After plugin updates, user changes, theme work, or cleanup | Runs the daily profile across the full configured WordPress estate and republishes the latest dashboard index. | Use after expected work is reviewed so the dashboard reflects the current baseline. |
Review triggers include suspicious public/origin HTML, database indicators, core checksum failure, executable or unknown uploads PHP, new administrator accounts after the reviewed cutoff, and active-theme PHP drift after the reviewed cutoff. Recent plugin/theme files without those signals show as Observed, not Review.
| Site | Status | Month | Checks | Report |
|---|