FIM (file integrity monitoring) can quickly detect file changes on the word press site. This is an important part of protecting the WordPress site. The operation is very simple. Compare the benchmark decryption with the current hash of the monitoring file. If changes occur, you will be notified. However, the imperfect method of monitoring file integrity has great problems. That is, detection errors (also known as detection errors). All file changes on the WordPress website are not harmful or a sign of an attack. Many parts are harmless and expected maintenance parts. Therefore, misreading can lead to the following problems:
Administrators can ignore potentially malicious file changes (cry wolf condition). Not all WordPress webmasters can recognize illegal and illegal alerts, so error alerts will appear. This article introduces the working principle of file integrity monitoring, the file and directory structure of word press, and how to correctly configure the file change monitoring plug-in of word press. Understanding file integrity monitoring and file hashing 101 file hashes and checksums helps to understand how FIM works. In short, encrypted hashes generate specific outputs based on specific inputs. Hash function is a one-way non reversible function. That is, if you only know the results, you cannot process the input in reverse.
For example, you can use MD5 hashes to check the integrity of text. In the following example, the MD5 checksum generator is used to generate the hash of the quick brown fox statement. Male like the screenshot below, you can enter the same text multiple times and get the same results. However, after adding or deleting a single character, although it is still the same number of characters, the hash value will be completely changed. In the following example, we change the source text to fast brown fox. Male: so, why is this important for word press file change monitoring? The output of the simple: hash function is used to verify that the file has changed. As long as you make some changes to the file, the file hash changes. The file integrity monitoring plug-in simplifies this comparison.
Note: to learn more about fim, please read file integrity monitoring on the WordPress website. What is the cause of false detection? But it is not enough to blindly accept the results of our monitoring tools. We must be able to explain their meaning and eliminate potential false negation and false affirmation. In terms of security, false positives are false alarms that detect that our tools end up wrong. It’s like baking bread in the kitchen, ringing the fire alarm and waking everyone else. The above voice is against it. Although there are malicious activities, they are not detected in our tools. In general, false positives are a more common problem due to the way file integrity monitoring works.
An error alert occurs when the plug-in monitors file changes without context. All file changes are not bad. For example, if you update word press or the plug-in, some files will change. In this case, you need to change the file. This is not an alarm clock. If you want to understand the directory structure of word press, how do you know which file changes should be noticed? Starting from understanding the WordPress directory structure, scenario changes may occur. The most important file directories to monitor are:\/ WP content \/ uploads \/ – uploading static files (images, videos, documents, etc.) is common in this directory and can be excluded from the warning. Executable files such as PHP files are files that need attention here\/ wp-conten
If you use the T \/ cache \/ – cache plug-in, it is difficult to monitor the directory. Because the cache plug-in can legally use executable files. If you do not use the cache plug-in, it is easier to monitor changes in this directory\/ WP content \/ plugins – changes in this directory occur only when plug-ins are installed, updated, or removed. It is worth noting that plug-ins can only change files in their own directory (the cache plug-in is in the cache, or some data is stored in the upload directory)\/ Like WP content \/ themes \/ – the previous directory, changes here only occur when installing, updating, modifying, or deleting themes. WordPress root directory – this directory should not be changed unless there is a custom solution or code. WordPress core files – WordPress updates are the only reason these files must be changed. The above information can now determine whether file changes are not a problem. For example, if you update a plug-in, you will see that the plug-in file has changed in the plug-in’s folder. However, you cannot predict that the folders in the core file or other plug-ins will change. Similarly, plug-in, core, or other file changes should not be displayed if the update has not yet started. Such unexpected file changes can lead to malware or website corruption.
The right tools can minimize misjudgment without sacrificing security. For example, one of the advantages of the website file change monitor plug-in for WordPress is to detect WordPress, plug-ins, and topic updates to avoid misjudgments and trouble alerts. A practical example of WordPress file change monitoring now that we understand how file integrity monitoring works and the expected file changes, let’s check whether the website file change monitor works. To start, after activating the plug-in, the plug-in will automatically perform the initial condition scan.
Male plug-in and file change report caused by installing, updating and deleting topics after installing a new plug-in, the website file change monitor plug-in clearly reports the changes of the file system as the installation of a new plug-in. The path and plug-in name of the new file detected are also reported. This helps those unfamiliar with the internal operations of word press to better understand the reported file changes, thereby reducing error alerts. You can also click the information icon to view the complete list of files added during the installation of the new plug-in. The plug-in also reports the number of files associated with this update.
Male plug-ins report all other plug-ins and topic updates in the same way. This means that the plug-in can clearly show the installation, update or deletion of the plug-in or theme, so as to decide whether the file change is legal or not according to the information. The file change report caused by the WordPress core update now updates the WordPress core. When updating WordPress, especially when changing files in the root directory. After performing the WordPress update, the added file section will display the following: More than one file has been added to the \/ WP content \/ themes \/ twentytwenty \/ folder. This means that the update contains new topics. The plug-in did not report the file as a theme installation because it was copied directly to the file system through updates. Multiple new word press core files in the WP admin and WP includes folders (shown in green). Click the information icon to view the entire list of files. From the files modified during the update, in the core update type file
