The modern world is fast; the world wide web is even quicker. While keeping up with the pace, one could easily forget to track the changes on the WordPress website.
Glad there is File Integrity Monitoring.
As the name suggests, file integrity monitoring is a way to track the changes in WordPress files. You would know if there is a change, removal, or addition to the file. Once known, you can audit the change to keep or remove it.
In this post, I will try to cover everything you need to know about file integration monitoring in under 1200 words.
What is File Integrity Monitoring?
File Integrity Monitoring is the process of monitoring the files to learn and keep records of website changes. If the changes are not intentional or create security concerns for the application, you can change them back.
The original files mean a secure file – with approved and tested changes. Integrity means the state of the files stays in the original state.
The changes include database change, file permissions, web servers, application settings, software versions, network services, and applications added and removed are monitored, reported, and stored for auditing.
How does File Integrity Monitoring work?
How to file integrity monitoring works are very similar to how ‘find the differences’ puzzles works. It compiles a record of the original file, known as ‘fingerprint,’ and then uses it as a benchmark to compare the future state of the files.
If two fingerprints do not match, it means the file has changed.
Technically, the fingerprint is created by scanning the existing file and using it to generate a checksum file using cryptographic hash functions. So the fingerprint would change if any change is made. One can find out if the changes are made by comparing two fingerprints.
Two Ways of File Integrity Monitoring
You can use it in two ways to strengthen your WordPress website security.
#1 Proactive Monitoring
Proactive monitoring actively looks for changes that could be a security threat to the website. Many people and tasks are involved in developing and maintaining a website, including developers, marketers, designers, speed optimizations, and updating plugins, themes, and settings.
Proactive monitoring alerts you about the changes and insecurity caused so it can be reversed to protect the website.
#2 Reactive Monitoring
Another way is file integrity testing – but it can only be done if you continuously record the file’s original state.
Integrity testing means analyzing the file changes to identify the causes of errors and security breaches. Once you identify that extra line of code behind the hacks and errors, you can remove it to clean the website.
Many web security tools like CloudFlare and Sucuri use proactive and reactive monitoring to clean the website.
Deepak Sharma, the Security Analyst at ServerGuy, says that file integrity monitoring tools are one of our key tools to keep the servers and website secure. The team prioritizes the audit of any unintentional and insecure server change.
Two Types of WordPress File Integrity Monitoring
There are two ways to execute file integrity monitoring.
#1 Central Repository Data
One way is to compare the existing WordPress files with the original WordPress files released by WordPress itself. This way, you do not take the snapshot regularly to keep track of approved changes. The source is the central WordPress file; your website is tracked to find the changes.
A WordPress plugin can be used to implement this monitoring. But there are several disadvantages of this method.
- Approved custom changes will be registered and reported to you
- Distributed configuration files such as .htaccess and wp-config.php are excluded from monitoring
- It can only be used to compare the core WordPress file and some popular plugins
#2 Self-Generated Data
Another way is to compare the existing WordPress files with the previously recorded and saved WordPress files. In this method, both data sets are self-generated. It can be implemented using a WordPress plugin.
The plugin would regularly create a WordPress file fingerprint, like backups. If there is a drift between the existing WordPress and the previous version, it alerts the administration about the change. If the admins approve the change, they are added to the fingerprint, and the next time, the changes are not reported but become part of the benchmark data.
This method has advantages over the central repository method:
- Custom changes in code are detected
- Complete website drift detection
How to enable File Integrity Monitoring on WordPress Website?
You can use WordPress plugins or employ custom solutions to enable file integrity monitoring on the WordPress website.
There are two types of WordPress plugins to this.
Dedicated Monitoring Plugins: The dedicated monitoring plugins are built to do this and often have advanced features to do it effectively.
Several plugins are:
- Website File Changes Monitor
- WordPress File Monitor
Security Suite Plugin: The website security suites like Sucuri Security, iThemes Security, and Wordfence also contain functions to monitor WordPress file integrity.
Which WordPress files need to be monitored?
Not all WordPress files need to be monitored for changes. Some directories are highly active, and monitoring them means receiving an insignificant amount of monitoring alerts.
/wp-content/uploads/: You can exclude the static files to monitor from this directory. The static files are media, including images, pdfs, ppts, etc. However, dynamic files like PHP must be monitored.
/wp-content/cache/: Many caching plugins add the files to this directory, and the cache is regularly updated. You might receive alerts more often, but it is advised to include this directory.
/wp-content/plugins and /wp-content/themes/: Monitoring themes and plugins means making website design changes will trigger the alert. But the WordPress File Changes Monitor plugin only tracks the core code, not the modifications, so you can do that instead.
WordPress root directory: This is where WordPress files are installed. Any changes to it must be attended to.
WordPress core files: The WordPress field that makes up the WordPress application. There should not be any unapproved changes to these files, and they must be monitored all the time.
Where does WordPress Hosting fit in?
When WordPress hosting providers claim proactive monitoring and website alerts, they usually talk about website uptime monitoring. Then there is keyword monitoring and server-level monitoring. The best way is to do it yourself because hosting companies can give you server-level monitoring, but it would not be very useful.
Final Words
File integrity monitoring can secure your website from unauthorized changes. The earlier you learn about the change, the faster you can protect it from hackers.
Keeping WordPress secure is the admin’s responsibility. Besides monitoring, you can log out idle users, add security questions, change the admin login URL, and use a strong WordPress password.
If you have questions regarding file integrity monitoring for the WordPress website, leave them in the comments. I kept this article under 1200 words to make it quickly readable.
