File Change, Malware, and Database Scans with All In One WP Security & Firewall

Posted OnSep 19, 2014     CategoryPlugins, Users & Security     Comments2 comments

In this section of the guide to the All In One WP Security & Firewal plugin, we will take a look through the Malware, Database, and File Change scans.

Step 1) Login to the WordPress Dashboard.

Step 2) On the left-hand sidebar of the Dashboard navigate to WP Security -> Scanner.

km-all-in-one-scanner-01a

The options for this feature are shown below.

  • File Change Detection

    If given an opportunity hackers can insert their code or files into your system which they can then use to carry out malicious acts on your site. Being informed of any changes in your files can be a good way to quickly prevent a hacker from causing damage to your site.

    In general, WordPress core and plugin files and file types such as .php or .js should not change often and when they do, it is important that you are made aware when a change occurs and which file was affected.

    The File Change Detection Feature will notify you of any file change which occurs on your system, including the addition and deletion of files by performing a regular automated or manual scan of your system’s files.

    This feature also allows you to exclude certain files or folders from the scan in cases where you know that they change often as part of their normal operation. (For example log files and certain caching plugin files may change often and hence you may choose to exclude such files from the file change detection scan).

    A. Perform Scan Now button When this button is clicked for the first time, a scan is run and the following message is displayed: The plugin has detected that this is your first file change detection scan. The file details from this scan will be used to detect file changes for future scans!. The next time you run a scan, any file changes will be shown here.
    B. View Last File Change button When this button is clicked the last file name that was changed will be displayed here. For example: wp-config.php.
    C. Security Points Button The Intermediate button displays the Feature Difficulty.

    The 0/20 button displays the Security Points assigned to this. Since no options are selected, the security points are set to 0/20.

    D. Enable Automated File Change Detection Scan: Place a check mark in this check box if you want the system to automatically/periodically scan your files to check for file changes based on the settings below.
    E. Scan Time Interval: Enter a value in the text box and select an option from the dropdown list when the scan is to run. The available options are:
    – Hours
    – Days
    – Weeks
    The default value is 4 Weeks.
    F. File Types To Ignore: Enter each file type or extension on a new line which you wish to exclude from the file change detection scan.
    G. Files/Directories To Ignore: Enter each file or directory on a new line which you wish to exclude from the file change detection scan.
    H. Send Email When Change Detected: Place a check mark in the check box if you want the system to email you if a file change was detected and enter a valid email address in the textbox where you want the notifications sent to.

    km-all-in-one-scan-01b

    Once a check mark is placed in each check box, any files/folders to be excluded are entered and the Save Settings button is clicked, the security points will be assigned the full value.

    km-all-in-one-scan-01c

  • Malware Scan

    The word Malware stands for Malicious Software. It can consist of things like trojan horses, adware, worms, spyware and any other undesirable code which a hacker will try to inject into your website.

    Often when malware code has been inserted into your site you will normally not notice anything out of the ordinary based on appearances, but it can have a dramatic effect on your site’s search ranking.

    This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings.

    Due to the constantly changing and complex nature of Malware, scanning for such things using a standalone plugin will not work reliably. This is something best done via an external scan of your site regularly.

    To install this software, you will need to sign up here. There is a fee associated with this feature.

  • DB Scan

    Currently this feature has been deactivated as it can produce a false positive result. It will be re-introduced after this issue has been resolved.

The next step in the guide will focus on the Maintenance feature.

 


2 comments

Comments

  1. Sam Choong Wai

    Everytime I did a scan, the message “The plugin has detected that this is your first file change detection scan. The file details from this scan will be used to detect file changes for future scans!” appear, no matter how many times I scanned, it looks like the scanner didn’t record the scan result at all.

Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to friend