The Plugin and Theme Guard is a part of the Hack Guard module.
The purpose of the Plugin and Theme Guard is to detect any changes to active plugins and themes.
These changes are ones that would occur outside normal WordPress actions. For example, if you upgrade a plugin to a new version using WordPress, then this would not trigger alerts from the Guard. The Guard will detect normal changes and update its records so that it doesn't alert you unnecessarily.
However, if you upload a new version of a plugin over FTP, the Guard will detect this. The Guard does not know about FTP, it only knows about WordPress. So if you make changes to your plugin or theme files outside of WordPress, the Guard will be alerted and so will you.
Why is this important for security?
Completely preventing intrusions is impossible. Neither Shield, nor any other WordPress plugin can block all intrusions - there are just too many variables.
So, the next defense against intrusion is detecting any changes made to your files after someone has gained access to them. This is the purpose of the Plugin/Theme Guard.
Important Characteristics of the Plugin/Theme Guard
When enabling the Guard, please consider the following characteristics carefully.
The Guard only tracks changes to active plugins and themes
The Guard does not track changes to any files for any plugins/themes that are not activated on your WordPress site.
In the case of themes, it'll track both the Parent and Child themes, if your theme is setup this way.
The Guard starts tracking when plugins/themes are activated, not when they're installed.
The Guard takes a snapshot of your plugin/theme at the time they are activated, not when they're installed.
Therefore, you are advised to always re-install a plugin/theme before activation, especially if it's be sitting deactivated on your site for a while.
The Guard does NOT SCAN FOR MALWARE
The Guard trusts your judgement when you activate a plugin/theme. This is entirely your responsibility.
The Guard's purpose is to detect changes only (not malware).
Note: The Malware scanner is completely separate. You can read more about the Malware scanner here.
Plugin/Theme Guard is NOT designed to scan for malware. If you activate a plugin/theme that already contains malware , the Guard does not know this. It assumes that if you activated it, you have previously checked it for malware or installed it fresh from source (i.e. it's clean).
Note: You can run this scanner from within Shield Security Dashboard => Scans section.
To learn more about the scanner in-detail and watch the explanatory video, please go here.
Hint: If you want to see when was the last time that a scan was run successfully, you can do that under the Debug Info section of the Security Dashboard => Recent Events Log.
We also recommend you to read: