WordPress File Monitor Plus

The WordPress File Monitor Plus plugin monitors all the files in your WordPress site. If any files change, are added or removed you will receive an email detailing the changes.

Plugin Page: http://wordpress.org/extend/plugins/wordpress-file-monitor-plus/

What You Need To Do

Install and enable the plugin.

Why The WordPress File Monitor Plus Is Important

This plugin will monitor all the files in your WordPress site. If someone breaks into your site they will most likely add files to your site. These extra files can act as backdoors, which can potentially allow hackers to execute files from their own servers. These files can hijack your traffic, place unwanted ads or links on your pages and place malware on your visitors computers.

With the File Monitor you will be notified by email if anything in the file system changes. This will allow you to quickly clean up a hacking attempt, because you know exactly which files have been modified and when the hack occurred. Best option is to restore a recent backup from before the hacking attempt took place to wipe out any changes the hackers might have made to the database as well. See the chapter Rescue Plan in The WordPress Security Checklist for more information on how to recover from a hack.

How You Complete This Security Checkpoint

Follow these steps:

  • Add and Activate the plugin.

  • Generally the default settings are fine.
    Default Settings

  • Files and directories you might want to exclude from the file monitor.
    Exclude Files And Directories

    • Your caching plugins working directory.
      For W3 Total Cache this would be the wp-content\w3tc folder.
      For WP Super Cache this would be the wp-content\cache folder.

    • Your caching plugins configuration files if they are updated often by the plugin.
      Example w3-total-cache-config.php.

    • Your sitemap files.

    • The error_log file.

Datafeedr Tip!

(What is Datafeedr?)

Datafeedr Folder ListIf you are using Datafeedr you should be storing your product image files locally (for performance reasons).

You can choose to exclude the store folder from the file scan. This will stop the file monitor from sending emails every time a product image is added to the local folder.

Once your products images have been fully downloaded we recommend that you include the store folder in your file scan again.

 

  • We recommend that you leave the File Extensions Scan disabled. Using this option you can exclude certain file types, image files for example, from the scan.
    Often malicious code is disguised as graphics files, so you should monitor all files.
    Extensions Scan

  • Click Save changes then Manual scan.
    Save Changes

  • Verify that you receive an email.
    Email Verification

Tip! When you update a plugin you will receive an alert. Sometimes quite a few files have been updated. The list of file changes is ordered by directory, so you can quickly check that only the plugin files have been updated by verifying the first and last files in the list.

Beginning of the list:
Beginning Of List

End of the list:
End Of List

All updated files are in the plugin directory in this example.

Tip! Run a manual scan before you update plugins. This will ensure no files have been added before you do the update. Once the update has completed run another manual scan and accept the changes. This way you are certain that all the changes you accept are directly related to your upgrade.

Recommendation

We recommend that you use a cron job to run the File Monitor scan.
Cron Job Recommended

If you use the built in WordPress Cron the File Monitor scan will only run if there are visitors to your site. And you cannot control the time the job runs.

If you setup a cron job on your hosting account or dedicated server to run the File Monitor scan you know that it will run every day and at what time it will run. This could be important in determining which backup to use in case you ever need to restore your site. This is discussed further in the chapter Rescue Plan in The WordPress Security Checklist.

The command you need to run in the cron job is given below the Cron Method setting. Ask your hosting company how to set up the cron job.

whiterabbitFollow The White Rabbit

[gn_spoiler title="Click Here" open="0" style="1"]Are you reading this article as a part of the Interactive Version of The WordPress Security Checklist?

Then you can find your next article below.

If not you should take a look at the Table Of Contents.

Next article: Update Notifications
Previous article: WP Security Scan[/gn_spoiler]

Questions Or Comments?

Please leave them below. Thanks!


About Anders Vinther

Anders is on a mission to make it easy for you to secure your WordPress.

Let's make it harder for the bad guys!

Want More?

Sign up for our newsletter and we'll let you know when we have got new stuff about WordPress Security for you. See past emails.


Most Popular Articles – All Time

Most Popular Articles – This Week

Speak Your Mind

   Login Using:

*

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax