Introduction to the Website File Changes Monitor Plugin

You are here:

Why do you need a file changes monitor plugin on your WordPress website?

Your WordPress website has hundreds (thousands in some cases) of executable and non-executable files. Executable files are the source code files (php, js etc) which the web sever executes to run the web application, in this case WordPress. Non-executable files are typically media files such as images, audio, video and document files.

Changes to non-executable files happen multiple times a day. For example when someone uploads an image or modifies a document on the website. These changes are typically legit and cannot be harmful, even if non-intended.

However, changes to executable files (such as the source code PHP files of your WordPress site) can be a sign of malicious activity or malware injection, unless you or your developers have changed the code, or installed / updated / uninstalled a plugin or a theme.

As a WordPress site administrator you should be alerted of executable file changes on your WordPress site so you can:

  • ensure the website has not been compromised
  • there are no technical issues
  • keep an eye on the changes your developers are doing to the website’s code
  • identify any issue or developers’ leftover files that could leave you and your business exposed.

To learn more on how file scanning works and the benefits of scanning your WordPress site for file changes read WordPress file integrity monitoring.

Introduction to the plugin

The Website File Changes Monitor is a plugin for WordPress websites and multisite networks. Once installed it automatically scans your website for file changes and instantly alerts you via email of file changes.

The Website File Changes Monitor plugin showing file changes

The plugin does not compare your website’s files to a remote repository like conventional file scanning plugins do. It compares the different scans of your own website to identify the changes. We use this method so:

  • The plugin can scan and identify changes in any type of file, including files of custom web applications
  • Better support customization (if you change the code of a plugin or core the plugin does not raise any false alarms)
  • No source code files are not sent over the internet to third parties
  • The plugin uses less bandwidth and processing power to do file changes scans
  • Report only genuine alerts, no false positives!

No false alarms – just genuine alerts!

The Website File Changes Monitor plugin uses exclusive smart technology that identifies website admin changes. So when you update the WordPress core, and install, update or uninstall a plugin or theme the plugin does not flood you with alerts of file changes, raising false alarms.

Instead it advises you of the admin change and allows you to review the file changes that occurred because of the change.

Benefits highlight

  • Receive instant email alerts about file changes on your WordPress sites and multisite networks
  • Identify both authorized and unauthorized file changes, including non-malicious developer changes
  • Know exactly where backdoors, trojans & other malware was injected on your site during post-hack analysis
  • Find developers and plugins leftover files that could leak sensitive information, such as database backup files, source code backup files and similar
  • Improve the security posture of your WordPress websites – proactively identify file changes that can lead to technical and security problems before the problems can impact your website.

How does the Website File Changes Monitor plugin work?

The plugin scans your WordPress website or multisite network file changes every day at 02:00 (2:00AM). There is no need to configure anything yourself. However, the plugin is fully configurable and you can change the scan schedule, launch instant scans, exclude files and file types and more. Refer to the Getting started with the Website File Changes Monitor plugin for more detailed information on how the plugin works.