A modern WordPress plugin for monitoring file integrity across your WordPress installation. Detect unauthorized changes, track file modifications, and maintain security compliance with automated scanning and comprehensive reporting.
✅ What This Plugin DOES:
- Monitors file changes using SHA-256 checksums to detect any modifications
- Tracks exactly what changed by storing encrypted file content and generating diffs
- Provides forensic analysis showing line-by-line changes in modified files
- Maintains compliance audit trails with comprehensive logging and history
- Alerts on unauthorized changes via email and Slack notifications
- Schedules automated scans using reliable Action Scheduler (not WP Cron)
❌ What This Plugin DOES NOT Do:
- Does NOT block attacks - No firewall or traffic filtering
- Does NOT scan for malware - No virus/malware pattern detection
- Does NOT fix vulnerabilities - No automatic security patching
- Does NOT harden WordPress - No login protection, 2FA, or security headers
- Does NOT prevent intrusions - No brute force protection or IP blocking
- Does NOT monitor user activity - No login tracking or user auditing
- Does NOT clean infections - No automatic malware removal
- Does NOT check plugin/theme vulnerabilities - No vulnerability database checks
- Does NOT protect against SQL injection - No query filtering
- Does NOT implement WAF - No Web Application Firewall features
Use this plugin when you need:
- Regulatory compliance requiring file integrity monitoring (PCI DSS, HIPAA, etc.)
- Forensic capabilities to investigate what changed in your files
- Detection of unauthorized file modifications
- Detailed audit trails for security compliance
- To complement your existing security plugin with deep file monitoring
This plugin works best ALONGSIDE traditional security plugins like Wordfence, Sucuri, or iThemes Security that handle active threat prevention. Think of it as your "security camera" that records what happened, not your "security guard" that stops threats.
- SHA-256 checksum generation for all files
- Configurable file type scanning (PHP, JS, CSS, HTML by default)
- Smart exclusion patterns for cache and temporary directories
- Memory-efficient scanning with real-time progress tracking
- Batch processing for large installations
- Pre-generated diffs for better performance
- Sensitive file protection (wp-config.php, .env, etc.)
- AES-256-GCM encryption for all stored file content
- Authenticated encryption with tamper detection
- Secure key derivation from WordPress salts
- Automatic encryption of cached file data
- Protection of sensitive file content at rest
- Multiple independent scan schedules
- Flexible frequency options:
- Hourly: Run at specific minutes past the hour
- Daily: Run at any time of day
- Weekly: Choose day and time
- Timezone-aware scheduling
- Action Scheduler integration (not WP Cron) for reliability
- Enable/disable schedules without deletion
- Track file changes, additions, and deletions
- View scan history with complete audit trail
- Compare checksums between scans with diff viewing
- Dashboard widget for at-a-glance monitoring
- Comprehensive system logging with levels and contexts
- Bulk operations for scan management
- Modern PHP 8.0+ with type declarations
- PSR-4 autoloading via Composer
- Dependency injection container
- Repository pattern for data access
- Service layer architecture
- Comprehensive PHPUnit test suite
- Email notifications for detected changes
- Slack webhook integration with testing
- Customizable notification templates
- Configure which changes trigger alerts
- Resend notifications for past scans
- Native WordPress admin UI
- Inherits WordPress admin color schemes
- WP-CLI command support
- Translation ready
- PHP 8.0 or higher with OpenSSL extension
- WordPress 5.8 or higher
- MySQL 5.7+ or MariaDB 10.2+
- Action Scheduler (provided by WooCommerce, Action Scheduler plugin, or similar)
- Properly configured WordPress salts (AUTH_KEY, SECURE_AUTH_KEY, etc.)
- Composer (for development)
- Download the plugin ZIP file
- Navigate to Plugins → Add New in WordPress admin
- Click Upload Plugin and select the ZIP file
- Click Install Now and then Activate
- Upload the
84em-file-integrity-checkerfolder to/wp-content/plugins/ - Run
composer installin the plugin directory - Activate the plugin through the WordPress admin
cd wp-content/plugins
git clone [repository-url] 84em-file-integrity-checker
cd 84em-file-integrity-checker
composer installNavigate to File Integrity → Settings to configure:
- File Extensions: Choose which file types to scan
- Excluded Directories: Paths to skip during scanning
- Max File Size: Skip files larger than this size
- Email Notifications: Get alerts when changes are detected
- Retention Period: How long to keep scan history
- Slack Integration: Configure webhook for Slack notifications with test button
- Logging: Configure system log levels (debug, info, warning, error) and retention
- Go to File Integrity → Schedules
- Click Create New Schedule
- Configure:
- Name: Descriptive name for the schedule
- Frequency: Hourly, daily, or weekly
- Time: When to run the scan
- Active: Enable immediately or keep disabled
Daily Security Scan
- Frequency: Daily
- Time: 2:00 AM
- Purpose: Regular overnight integrity check
Hourly Quick Scan
- Frequency: Hourly
- Time: :15 (15 minutes past each hour)
- Purpose: Frequent monitoring for critical sites
Weekly Deep Scan
- Frequency: Weekly
- Day: Sunday
- Time: 3:00 AM
- Purpose: Comprehensive weekly audit
The plugin provides comprehensive CLI support for automation and scripting.
# Run a manual scan
wp 84em integrity scan
# Run with specific type
wp 84em integrity scan --type=scheduled
# Output in different formats
wp 84em integrity scan --format=json# List recent scan results
wp 84em integrity results
# View specific scan details
wp 84em integrity results 123# List all schedules
wp 84em integrity schedules list
# Create a new schedule
wp 84em integrity schedules create \
--name="Daily Scan" \
--frequency=daily \
--time=02:00 \
--active
# Enable/disable schedules
wp 84em integrity schedules enable --id=1
wp 84em integrity schedules disable --id=1
# Delete a schedule
wp 84em integrity schedules delete --id=1
# Recalculate all schedule next run times
wp 84em integrity recalculate_schedules# List all settings
wp 84em integrity config list
# Get specific setting
wp 84em integrity config get notification_email
# Update settings
wp 84em integrity config set notification_email [email protected]
wp 84em integrity config set max_file_size 10485760- Activate the plugin - Database tables are created automatically
- Configure settings - Set file types and exclusions
- Run initial scan - Establish baseline checksums
- Create schedules - Set up automated scanning
- Configure notifications - Get alerts for changes
- Dashboard Overview: Check the dashboard widget for quick status
- Review Changes: When changes are detected, review the scan details
- View Diffs: See the pre-generated diffs for modified files
- Investigate: Determine if changes are authorized
- Take Action: Address any unauthorized modifications
- Document: Keep notes on legitimate changes
- Manage History: Use bulk operations to clean up old scan results
- Regular Scans: Schedule daily scans during low-traffic periods
- Baseline After Updates: Run manual scan after plugin/theme updates
- Monitor Critical Files: Focus on PHP files in wp-admin and wp-includes
- Retention Policy: Keep 30-90 days of history for compliance
- Email Alerts: Configure notifications for production sites
- Exclude Dynamic: Skip cache, uploads, and backup directories
The plugin creates five custom tables:
Stores scan metadata and statistics including scan duration, memory usage, and type
Contains individual file checksums, change tracking, pre-generated diff content, and sensitive file flags
Manages multiple scan schedules with configurations and Action Scheduler integration
Temporary cache for file content (48-hour TTL) used during diff generation at scan time
System activity logging with levels (debug, info, warning, error), contexts, and user tracking
- Capability Checks: All admin actions require
manage_optionscapability - Nonce Verification: CSRF protection on all forms and AJAX endpoints
- Data Sanitization: Input validation and output escaping
- SQL Injection Prevention: Prepared statements for all queries
- File Access Validation: Path traversal prevention and sensitive file protection
- Sensitive File Protection: No content storage or diffs for wp-config.php, .env, keys, etc.
- Batch Processing: Handles large file sets efficiently
- Memory Management: Streaming for large files
- Database Indexing: Optimized queries for fast retrieval
- Progress Tracking: Real-time feedback during scans via AJAX
- Configurable Limits: Set max file size to skip large files
- Efficient Diff Generation: Diffs generated at scan time, not on-demand
- Temporary Cache: 48-hour content cache with automatic cleanup
- Background Processing: Uses Action Scheduler for non-blocking operations
"Action Scheduler not available"
- Install WooCommerce or Action Scheduler plugin
- Scheduling features require Action Scheduler library
Scan times out
- Increase PHP max_execution_time
- Reduce max file size setting
- Add more directories to exclusion list
Memory errors
- Increase PHP memory_limit
- Exclude large directories like uploads
- Reduce file size limit
No changes detected
- Verify file permissions are readable
- Check excluded directories settings
- Ensure scan completed successfully
Enable WordPress debug mode for detailed logging:
define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', false );Check logs at: wp-content/debug.log
84em-file-integrity-checker/
├── 84em-file-integrity-checker.php # Main plugin file
├── composer.json # Dependencies and autoloading
├── package.json # NPM dependencies for build tools
├── build.sh # Production build script
├── phpunit.xml # Test configuration
├── src/ # Source code (PSR-4)
│ ├── Admin/ # Admin interface classes
│ ├── CLI/ # WP-CLI commands
│ ├── Container.php # Dependency injection
│ ├── Core/ # Core functionality
│ ├── Database/ # Data access layer
│ ├── Plugin.php # Bootstrap class
│ ├── Scanner/ # File scanning logic
│ ├── Security/ # Security implementations
│ ├── Services/ # Business logic
│ └── Utils/ # Helper utilities
├── tests/ # PHPUnit tests
│ ├── Unit/ # Unit tests
│ └── Integration/ # Integration tests
├── views/ # Admin templates
│ └── admin/ # Admin page views
└── assets/ # Frontend resources
├── css/ # Stylesheets
└── js/ # JavaScript
# Run all tests
composer test
# Run unit tests only
composer test:unit
# Run integration tests
composer test:integration
# Run specific test file
vendor/bin/phpunit tests/Unit/Scanner/ChecksumGeneratorTest.phpThe plugin follows WordPress coding standards with modern PHP practices:
- PSR-4 autoloading
- Type declarations
- Dependency injection
- Repository pattern
- Service layer pattern
The plugin uses a container-based architecture for easy extension:
// Register a custom service
$container->register( CustomService::class, function( $container ) {
return new CustomService(
$container->get( IntegrityService::class )
);
});For bug reports and feature requests, please use the GitHub issues tracker.
This plugin is licensed under the MIT License.
Developed by 84EM - Remote WordPress Development Agency
- Action Scheduler - Reliable background processing
- Composer - Dependency management
- PHPUnit - Testing framework
- WordPress - Content management system
We welcome contributions! Please feel free to submit pull requests, report bugs, and suggest features through the GitHub repository.
84EM File Integrity Checker - Enterprise-grade file monitoring for WordPress