Last week, we covered two tools to help you scan your website for malware. Another method to determine if your site has been hacked is to look at changes in your server files themselves. That, though, can be time consuming if you do it manually. If you use WordPress (the self-hosted variety), and you want to use an automated tool that detects changes to files, take File Monitor Plus for a spin.
File Monitor Plus is a WordPress plugin that scans the files on your server on a schedule set by you, and notifies you of any modifications, additions, or deletions to those files. That should give you prompt warning of any trouble. The check can be as simple as comparing file size or date modified, or as involved as looking at the file hash. The latter will consume more server resources. You can tell the plugin to notify you in your WordPress dashboard, by email, or both. You can set the scan to occur hourly, twice daily, daily, or manually. You can also whitelist files and directories, such as those that receive frequent changes, to exempt them from the scan.
Changing files isn’t the only way a hacker can attack your site, but File Monitor Plus is simple enough to set up that you should give serious consideration to it if you’re worried about security.
What tools do you use to protect your site?
Andy says:
This was all meant to be. Recently I had two new clients where security was a concern. I’ve spent the last week or so trying to tighten things up. This will be another tool.
Your article is obviously my higher power giving me a little kick in the head.
Thanks!
September 5, 2011 — 11:14 pm
Kosmo @ The Soap Boxers says:
Very topical. A friend of mine recently had some of his sites hacked. I’ll definitely use this.
September 6, 2011 — 11:46 am
Evan Kline says:
Hmm, I wonder who that person was.
September 8, 2011 — 8:52 pm
Kosmo @ The Soap Boxers says:
You’ve interacted with him :)
There was a nice message on one site, “Hacked by [name of group/person]”
September 9, 2011 — 9:28 am
Carla says:
Great tools. I hate hackers but those tools will be a real help.
September 7, 2011 — 3:40 pm
Cristian Balau says:
I don’t use tools, yet I never been hacked. I never share my passwords with nobody, NEVER!
I also have very complicated passwords, with upper and lower cases and also numbers, random stuff, nobody could figure them out.
September 9, 2011 — 9:03 pm
Lynette Chandler says:
Does the plugin also track files outside of the WP structure? I’ve been running a standalone script to do exactly this for a few years now. Works great though the only down side is if there are changes detected I have to manually reset it. Not a big deal really.
April 11, 2012 — 9:02 pm
Evan Kline says:
I think it only tracks WP files, Lynette, so your script sounds pretty great.
April 17, 2012 — 7:44 pm