Monitor your WordPress Installation for Hacking

WordPress HackedWordPress installations require some folders to have permissions set at 777 either temporarily or permanently. These writable folders allow hackers to upload files used for phishing, DDoS, or sending email spam.

The WordPress File Monitor Plus Plugin monitors not only the files in the WordPress installation folders but all the files in the public folder for additions/deletions/changes.

Here are features in the latest version (2.2):

  • Monitors file system for added/deleted/changed files
  • Sends email when a change is detected
  • Administration area alert to notify you of changes in case email is not received
  • Ability to monitor files for changes based on file hash, time stamp and/or file size
  • Ability to exclude files and directories from scan (for instance if you use a caching system that stores its files within the monitored zone)
  • Site URL included in notification email in case plugin is in use on multiple sites
  • Ability to run the file checking via an external cron so not to slow down visits to your website and to give greater flexibility over scheduling
  • Ability to set file extension to be ignored or only scanned
  • Multi-site support

A few tips:

The plugin creates data files in folder at: /httpdocs/wp-content/uploads/WPFMP_DATA/. After installing the plugin, you need to make sure that folder and files have been created. If not, create the folder and copy the files from /httpdocs/wp-content/plugins/wordpress-file-monitor-plus/data/. Make sure to set the file permissions to 666 on the 2 data files (only if you have created the folder yourself and copied the files).

Also, make sure that you test the plugin by uploading a file to any folder and running a manual scan.