How to use the WordPress File Monitor Plus plugin to find out if your website has been hacked

Published on: Updated: March 26, 2018

Monitoring the security of your website is an important part of WordPress website design. The free WordPress File Monitor Plus plugin offers a simple and effective alternative to weighing down your WordPress website with hefty security plugins and antivirus scans.

WordPress File Monitor Plus works by alerting you (either by email or a notice in the WordPress dashboard) whenever the files on your website change. The idea is that if you receive an alert when you haven’t changed anything, this may be a sign that your website has been hacked. The plugins tells you exactly which files have changed, so you can check it out and fix the problem before anyone else notices.

Although WordPress File Monitor Plus doesn’t alert you to all types of hack (e.g. it doesn’t tell you about database changes), many hacks work by changing your website files – so the plugin is a great way to tell you when this has happened.

WordPress File Monitor Plus is tricky to set up properly to avoid false positives. There are lots of times where you don’t want to be told that your files have changed, for example:

  • You don’t want to be alerted every time you upload a download to the WordPress media library (e.g. if you add a PDF for your users to download)
  • Some plugins change the files automatically, e.g. caching and antispam plugins – so you don’t want to receive an alert every time this happens.

Too many false positives like this create a “boy who cried wolf” scenario – if WordPress File Monitor Plus is emailing you every day then you start to ignore the emails, which defeats the whole purpose of the plugin! As WordPress website designers, we’ll help you set up the plugin correctly to stop this from happening.

How to set up WordPress File Monitor Plus

We use the following settings when we set up WordPress File Monitor Plus. It’s worth checking with your WordPress website designer that they’re suitable for your site, but this should be a useful guide to get you started.

Name Setting Explanation
Cron method WordPress Cron Suitable for most sites – check that cron is activated on your server
File Check Interval Daily Our preference
Notify By Email Yes We prefer to receive alerts by email so we don’t have to remember to log into the WordPress dashboard
Notify Email Address [your@email.com] The email address of whoever you’d like to receive the alerts
From Email Address [any@email.com] The email address that the alerts should appear to be from (add any address here)
Admin Alert No Personally, we find the admin alerts annoying and they’re unnecessary if ‘Notify by email’ is set to Yes
File Check Method [Tick all three] We like to use all three file check methods, to make maximum use of the plugin
File Check Root This should be pre-filled, but if you move your site to a different domain/address then you’ll need to reset this afterwards as the file path will change.To reset it, delete everything in the box then hit Save. The plugin should now enter the correct path in this box
Dir/Files To Ignore Put each directory or file that you want to ignore on a separate line. You need to enter the full server path of files/directories to ignore or use the “*” character as a wildcard. If you want to ignore everything in that directory and sub-directories, you can put a “*” at the end of the path as well. Some examples:

  • */wp-content/cache/* (use this if your site uses W3 Total Cache)
  • */wp-content/uploads/backwpup-backups/* (use this if your site uses BackWPup for backups)
  • */wp-content/plugins/something/some_log_file.log (another example to help you add the correct files/directories)
File Extensions Scan Exclude files that have an extension listed below
File Extensions Leave the default value but add ‘pdf’ to the list of file types. You need to separate each one using the “|” character

 

Fine tuning WordPress File Monitor Plus

Once WordPress File Monitor Plus is set up on your website, you may need to tweak your settings in the first few weeks. If you get the same alert at set intervals (e.g. once a day) then it’s likely that one of your plugins is changing your website files and creating false positives – if so, exclude the relevant folder using the ‘Dir/Files To Ignore’ setting. The aim is to exclude all the plugins that automatically change your website files, so that you only receive alerts if one of these things happen:

  • You update WordPress, your theme or plugins to the latest version (you will generally know when you have done this, so it’s easy to ignore these alerts)
  • Your website is genuinely hacked (an alert you don’t want to miss!)

WordPress File Monitor Plus is a great way to find out if your WordPress website has been hacked. We hope that sharing the settings we use for this plugin will help you to set it up for the WordPress websites you design.

Filed under: WordPress Plugins ,