Search for answers or browse our knowledge base.
Getting started with the Website File Changes Monitor plugin
The Website File Changes Monitor plugin is a WordPress file integrity monitoring plugin. It detects and alerts you of file changes that happen on your WordPress websites and multisite networks. When it detects file changes it instantly notifies you of the file changes via email and you can see these file changes in your WordPress dashboard.
All our WordPress plugins are very easy to use. However, we have prepared this getting started to introduce you to the basics of the plugin and how it works.
Installing & activating the plugin
Once you buy the plugin install and activate the plugin by following this WordPress plugin installation guide.
How file scanning works on your WordPress website
The Website File Changes Monitor plugin detects file changes on your website by using two types of technologies. To learn more about these technologies read how the plugin detects file changes on WordPress websites. By using two different technologies the plugin is able to get the best of both worlds, so it can:
- Identify changes in any file on your website, including non WordPress files with custom code
- Report any tempered WordPress core files (even if they were tampered before the plugin was installed)
- You do not get false alarms when you customize WordPress core, plugins and themes code
- The source code and files of your website are not sent over the internet to third parties
- The plugin uses less bandwidth and processing power than conventional plugins to scan for file changes.
Since the plugin needs two scans to identify file changes it is important to launch the first file scan as soon as you install the plugin. To learn more about detecting file changes refer to our detailed write-up on File Integrity Monitoring & Scanning.
Getting started with the plugin
1. Generating the fingerprints (file hashes)
When you activate the plugin you are asked to launch the fingerprinting process. During this stage the plugin generates the hashes of the executable files, so when file changes scans run it can compare the results and identify file changes. By default the plugin only scans executable files. It does not scan media files such as images (jpg, png) or music (mp3, wav). However, you can configure the plugin to scan these files. Refer to the including and excluding files in the WordPress file changes scan for more information.
The duration of this process depends on the size of your WordPress site. On most websites it should only take a few seconds.
2. Configuring the scan schedule
By default the plugin runs a file integrity check on a daily basis at 2AM. You can change this in the plugin\’s wizard (shown below) or later on from the plugin\’s settings.
The file integrity check should only take a few seconds and it runs as a background process. Therefore it does not require a lot of resources to run. However, you should always configure the check to run during off peak hours. If you would like to change the time of the scan after completing the wizard, refer to changing the WordPress file changes scan time and frequency.
3. Test email deliver ability
Email deliverability is very important because when the plugin identifies file changes on the website, it sends you an email. Emails are very handy, so you do not have to check the plugin\’s interface after every scan but only when there are file changes and you want to see the details of the changes.
When you click Send a test email the plugin will send a test email to the administrator email address configured in the WordPress settings. If you do not get an email, you can use a plugin such as Check & Log Email to troubleshoot the issue. You can also submit a support ticket so we can help you.
That is it! The plugin will check your website for file changes during the next scan and will notify you of any file changes.
Alerting you of file changes on your WordPress website
When the plugin identifies file changes on your WordPress website it will send you an email with the list of changes it identified. The below screenshot features an example of such email.
What should you do next?
You should review the reported file changes reported in the email. You can also see the file changes in the plugin’s interface, by clicking on File Monitor in the WordPress menu. Refer to how to manage WordPress file changes notifications for more information about the actions you can take after reviewing the file changes results.