It’s not too often that we write about WordPress extensions, but since I know there are many of you out there running your own WordPress installations I thought I’d give you a heads up about an awesome security-related extension. It is called WordPress File Monitor Plus, and as the name implies it monitors your site for changes in files. This is important because a lot of times when hackers gain access to a site using an exploit there will be a file that ends up getting modified along the way.
What this extension does is it takes an initial scan of your system so that it has something to work with. Then you can set it up to scan every hour, 12-hours, 24-hours, or just whenever you want to manually kick off a scan. If a file is added, deleted, or changed you can have it send you an email as well as display an alert in the WordPress admin interface so that you’ll see it when you login.
If you have files that change frequently you can specify a list of files and/or folders to be excluded (sitemaps, etc…), or you can go as far as to exclude entire file extensions. The file extension exclusion is nice because you can have it ignore things like images, which you’re likely to upload frequently when it comes to a blog.
Here’s a more complete list of features provided by the developer:
- Monitors file system for added/deleted/changed files
- Sends email when a change is detected
- Administration area alert to notify you of changes in case email is not received
- Ability to monitor files for changes based on file hash, time stamp and/or file size
- Ability to exclude files and directories from scan (for instance if you use a caching system that stores its files within the monitored zone)
- Site URL included in notification email in case plugin is in use on multiple sites
- Ability to run the file checking via an external cron so not to slow down visits to your website and to give greater flexibility over scheduling
- Ability to set file extension to be ignored or only scanned.
- Multisite support
If you’re always on the lookout for ways to make your site just a little more secure I highly recommend trying out this extension.