Introduction to the Website File Changes Monitor Plugin

You are here:

Why do you need a file changes monitor plugin on your WordPress website?

Your WordPress website has hundreds (thousands in some cases) of executable and non-executable files. Executable files are the source code files (php, js etc) which the web sever executes to run the web application, in this case WordPress. Non-executable files are typically media files such as images, audio, video and document files.

Changes to non-executable files happen multiple times a day. For example when someone uploads an image or modifies a document on the website. These changes are typically legit and cannot be harmful, even if non-intended.

However, changes to executable files (such as the source code PHP files of your WordPress site) can be a sign of malicious activity or malware injection, unless you or your developers have changed the code, or installed / updated / uninstalled a plugin or a theme.

As a WordPress site administrator you should be alerted of executable file changes on your WordPress site so you can:

  • ensure the website has not been compromised
  • there are no technical issues
  • keep an eye on the changes your developers are doing to the website’s code
  • identify any issue or developers’ leftover files that could leave you and your business exposed.

To learn more on how file scanning works and the benefits of scanning your WordPress site for file changes read WordPress file integrity monitoring.

Introduction to the plugin

The Website File Changes Monitor is a plugin for WordPress websites and multisite networks. Once installed it automatically scans your website for file changes and instantly alerts you via email of file changes.

The Website File Changes Monitor plugin

 

The plugin uses two types of scans:

  • It compares the WordPress core files of your website to the list of files on the official WordPress repository,
  • it also compares the signatures of all the files from different scans.

These scanning methods are explained in more detail in how the plugin detects changes on WordPress websites. By combining these two different file integrity monitoring technologies, the plugin can:

  • Identify any tempered WordPress core files (even if they were tampered / infected before the plugin was installed)
  • Identify changes in any type of file, including files of custom web applications
  • Better support customized websites
  • No source code files are not sent over the internet to third parties
  • The plugin uses less bandwidth and processing power to do file changes scans
  • Report only genuine alerts, no false positives!

No false alarms – just genuine alerts!

The Website File Changes Monitor plugin uses exclusive smart technology that identifies website admin changes. So when you update the WordPress core, and install, update or uninstall a plugin or theme the plugin does not flood you with alerts of file changes, raising false alarms.

Instead it advises you of the admin change and allows you to review the file changes that occurred because of the change.

Benefits highlight

  • Receive instant email notifications with details of file changes on your WordPress sites and multisite networks
  • Identify both authorized and unauthorized file changes, including non-malicious developer changes
  • Know exactly where backdoors, trojans & other malware was injected on your site during post-hack analysis
  • Find developers and plugins leftover files that could leak sensitive information, such as database backup files, source code backup files and similar
  • Improve the security posture of your WordPress websites – proactively identify file changes that can lead to technical and security problems before the problems can impact your website.

How does the Website File Changes Monitor plugin work?

By default the plugin scans your WordPress website or multisite network file changes every day at 02:00 (2:00AM). There is no need to configure anything yourself. You can change the scan time and frequency from the plugin settings. The plugin is fully configurable, so you can also exclude files and directories, exclude files by type, specify which directories to scan, select which file integrity monitoring technology to use and much more!

Refer to the Getting started with the Website File Changes Monitor plugin for more detailed information on how the plugin works.