How can we help?

Search for answers or browse our knowledge base.

Table of Contents

How Melapress File Monitor plugin detects file changes in WordPress

Melapress File Monitor employs two different types of file integrity checks. This article explains how these methods and their associated processes work.

The WordPress file integrity scan

The WordPress core file integrity check scans all directories except /wp-content/, which is where you’ll find plugins, themes, and media. This file integrity check compares a checksum of the WordPress core files as available in the official repository with a checksum of the WordPress core files available on your website.

This type of scan is enabled or disabled during the initial configuration wizard. However, it can also be enabled or disabled from the plugin settings. Simply navigate to File Monitoring > Settings > WordPress core and check or uncheck the Enable WordPress core file scanning option.

Enable WordPress core files scanning

When disabled, the WordPress core files are scanned using the second method mentioned as described below (File comparison general scan).

When a File Scan runs and this method is enabled, the plugin does the following:

  1. First, it generates a checksum (fingerprint) of all the files in the website root directory and in the wp-admin and wp-includes directory
  2. It compares them to the checksums of the WordPress core files in the official WordPress repository
  3. If there are any files in these directories that are not part of the official WordPress core, or there are modified or missing WordPress core files, the plugin reports such changes.

IMPORTANT: As a security precaution, the plugin will keep reporting non-WordPress core files in WordPress core directories in each scan unless you add them to the list of allowed files in WordPress core.

To choose which non-core files are allowed in the core directory, navigate to File Monitoring > Settings > WordPress Core.           

Next, scroll down to the Which files are allowed as part of WordPress core (website root directory, wp-admin and wp-includes)? section. Add files by typing the filename and extension in the available textbox and clicking on Add. Make sure you click on Save once done for the changes to take effect.

You can also remove any of the files allowed by default by clicking on the checkbox next to them.

WordPress core

File comparison scan

This scan type is used to scan all files except the WordPress core files. However, if the Enable WordPress core files scanning option is disabled, the WordPress core files will also be automatically included in this scan.

When a file integrity scan runs, the plugin does the following:

  1. The first time a scan runs, the plugin only generates a checksum (fingerprint) of all the files on the website, providing a baseline
  2. During subsequent scans, the plugin compares the list of file checksums to those generated during the previous scan.
  3. If the plugin identifies any differences, such as new files, deleted files, or modified files, it reports them.

Read how file integrity monitoring for WordPress works for a more detailed technical explanation.

Addressing file changes

Once the plugin reports file changes, there are a number of things you can do. 

Before anything else, check whether this was a legitimate change or not. If a developer has been working on your website or you made a change to the file, you can mark a change as read or exclude the file from future scans. If the change is unauthorized, you might want to replace that file with a known legitimate version and scan your website for malware or breaches.