A security breach is when a cybercriminal is able to gain unauthorized access to your website or server. Security breaches can happen in lots of different ways, as hackers exploit some of the most common WordPress security issues. From running outdated versions of plugins and themes to more complicated SQL injections, a security breach can happen to even the most vigilant site owners.
That’s why the time it takes to detect a security breach is a key factor in successfully cleaning an infected website. Unfortunately, the average time it takes to discover a website breach is over 200 days!
The reality is the longer it takes you to notice a breach, the more damage a hacker can do to your website, your customers, and your business. A piece of malware can cause a staggering amount of damage in 200 days. That’s why it’s so important to reduce the time it takes to spot a security breach.
3 Types of Website File Changes That Need to Be Monitored
The key to quickly spotting a security breach is monitoring file changes on your website. There are three types of file changes that need to be monitored:
- When files are added. For example, malware in the form of spyware could add a malicious file that will record your customer’s keystrokes as they enter their credit card information.
- When files are removed. Some malware will remove a legitimate file and replace it with a malicious file of the same name.
- When files are modified. Malware will try to hide its malicious code by hiding it in an existing file that it modifies.
So wouldn’t it be nice to be alerted of unexpected changes to your website’s files so you can inspect them for signs of a security breach?
How to Add File Change Detection To Your WordPress Website
With the iThemes Security Pro plugin’s File Change Detection feature, your website’s files are intelligently monitored for all three types of file changes and will alert you when changes occur on your website.
In this tutorial, we’re going to show you exactly how file change detection works in iThemes Security Pro.
After downloading and installing iThemes Security Pro, you’ll see it listed in your installed plugins. You’ll also see a new dashboard menu item called security, hover over it and click on Settings. Navigate to the Site Check tab. From here, toggle on File Change, then click the settings gear.
Once File Change Detection is enabled, iThemes Security Pro will start scanning all of your website’s files in chunks. Scanning your files in chunks will help to reduce the resources required to monitor file changes.
From the excluded files section, you can exclude folders and files to exclude from the file change scan. The general rule is it’s okay to exclude files that you know are going to be regularly updating. Backup and cache files are a perfect example of this.
The next section allows you to ignore specific file types. Nearly all known WordPress attacks exploit php, javascript, and other text files, so we don’t recommend excluding those types of files.
At the bottom, select “Compare Online Files.” This is another powerful feature of File Change Detection. When any WordPress core file or file in an iThemes plugin or theme has been changed on your system, this feature will compare it with the version on WordPress.org to determine if the change was malicious. Currently this feature only works with WordPress core files, plugins on the WordPress.org directory and iThemes plugins and themes.
Next, let’s take a look at setting up File Change notification emails. Whenever iThemes Security finds a file has been changed, it can alert you with an email notification.
To manage File Change notifications, navigate to the security settings’ Notification menu and select File Change. Check here to enable. From here, you can customize the email’s subject and recipients.
Now, once a file change occurs, you’ll receive an email like this. The email will include details of the file that was changed and when it was changed. If the file change looks unauthorized, you can review the report to verify changes are not the result of a compromise.
File changes will also be recorded in logs. Back in the iThemes Security plugin, navigate to the Logs page. From the top dropdown, you can sort by File Change. Now you can see even more details related to the file change, including a list of all the files that were added or removed, memory used, and even more raw details.
Intelligent File Scanning for Fewer Notifications
Finally, let’s talk about how iThemes Security intelligently scans your files for changes. File changes can happen quite frequently on a website. For example, anytime a plugin or theme is updated, file changes occur. Other types of frequent file changes include backups and caching files.
Getting an email alert for every change would quickly become overwhelming. And before you know it, you might start ignoring file change alerts altogether.
That’s why iThemes Security Pro works to identify legitimate file changes to reduce notifications. You can also mute notifications for files that are expected to update frequently.
There are a couple of ways that iThemes Security Pro can detect if a change made to a file was legitimate and not a cause for concern. iThemes Security Pro will not create a File Change notification for changes it can verify, including:
- Plugin/Theme Updates Completed By Version Management. The Version Management feature in iThemes Security Pro allows you to auto-update WordPress, plugins, and themes. If an update is completed by Version Management, iThemes Security Pro will know the source of the update and won’t trigger an alert.
- iThemes plugin or theme updates that match the versions on our servers. Any time a file on your website belonging to an iThemes plugin or theme is changed, it will get compared to a file on the iThemes server. If the version of the file on your website matches the hash to version on the iThemes server, it will be a legitimate change, and you will not receive an alert.
- WordPress core or plugin updates that match the versions on WordPress.org. If a WordPress core file or a plugin installed from the WordPress.org repository is changed, the file will be compared with the version on WordPress.org. If the hashes match, the changes are not malicious, and you won’t receive an alert.
- Manual exclusions. Any excluded files, directories, and file types from you added from the File Change detection exclusions settings won’t trigger an alert.
Get iThemes Security Pro Today
And, there you have it. File change detection is just one of the many ways iThemes Security Pro works to secure your WordPress site and stop automated attacks. You deserve peace of mind when it comes to your WordPress website, so iThemes Security is designed to provide you with the maximum amount of security without slowing your site down. And, if you build or manage WordPress sites for clients, iThemes Security has client-driven features designed to make your work easier.
So make sure your WordPress site is secure and protected today. Get iThemes Security Pro, built by the WordPress security experts since 2014. Trusted by over 1 million WordPress sites around the world. Dedicated to a safer web, together.
The Best WordPress Security Plugin to Secure & Protect WordPress
WordPress currently powers over 40% of all websites, so it has become an easy target for hackers with malicious intent. The iThemes Security Pro plugin takes the guesswork out of WordPress security to make it easy to secure & protect your WordPress website. It’s like having a full-time security expert on staff who constantly monitors and protects your WordPress site for you.
