National Cyber Warfare Foundation (NCWF)

What Is File Integrity Monitoring (& Scanning) for WordPress, and do you need it?


0 user ratings
2023-08-20 15:53:05
milo
Red Team (CNA)

 - archive -- 

Everyone who owns a WordPress website knows how difficult it is to manage its files. Leftover backup, database and source code files that developers and plugins leave behind are very common. These leftover files are one of the most common sources of sensitive data breaches. Do you know if there are any on your WordPress site?

And have you ever had to clean a WordPress website from a malware infection? In case of a successful hack attack it is almost impossible to detect the infiltration and identify all the source code changes. Do you know how to find out which code was compromised?

This article explains how File integrity monitoring (FIM), also commonly known as file changes scanning, helps you answer all these questions. IT also explains how you can get a better overview of your WordPress sites files with a plugin.

What is file integrity monitoring (FIM)?

File integrity monitoring (FIM) is a process that scans files on a system to determine if they have been corrupted or tampered with. File integrity monitors or scanners are used to scan the operating system (OS), databases, application software and any other files found on  system, like a WordPress website.

File Integrity monitoring (aka file integrity scanning or file integrity checking) software works by creating a fingerprint (cryptographic hash) of a file or number of files. When the content of a file changes, so does its fingerprint. Therefore, when the file integrity scanner identifies the change in the file’s fingerprint it notifies the administrator.

File integrity monitoring on WordPress websites

In case of your website, a WordPress file integrity scanner plugin such as the Website File Changes Monitor helps you keep track of the integrity of your WordPress website and files. It helps you guarantee that the:
     new theme or plugin you installed has not modified any files on your site
     your admin / dev team only changed the files they are supposed to change
     no developers’ leftover files (such as database and unused code / script files) that could leave you exposed are on the site
     in case of a hack you can easily spot which files were tampered and where the malware was injected
     you are always automatically alerted of file changes on your WordPress website.
So with File Integrity Monitoring (FIM) in place you can monitor and protect the security of your files and WordPress website.

But I have a WordPress security plugin with a firewall

It is good practise to install a WordPress security & firewall plugin on your website. However, every WordPress security solution has its pros and cons. There is no master of all solution. The more tools you have at your disposal, the easier it is to identify and block hack attacks. With the right tools you can also learn about the attacks and improve the security of your WordPress site.

The ideal WordPress security solution

In an ideal scenario, the firewall blocks malicious hack attacks. The WordPress activity logs keep a record of what everyone is doing and also help you learn how attackers are trying to hack into your WordPress site. Logs also help you identify malicious activity, allowing you to thwart attacks before they happen.

The WordPress file integrity monitoring pluginhelps you ensure that no files on your site can leak sensitive data and identify the malware / code changes during a post-attack analysis. It helps you find where exactly backdoors, trojans and other malware is injected and eases the process of cleaning and recovering your hacked WordPress website.

Which WordPress file integrity monitoring plugin should I use?

There are quite a few available on the official WordPress plugins repository, and many all in one security plugins also have a file integrity scanning module in them. However, the Website File Changes Monitor plugin for WordPressstands out because it:

     scans all your files including any customization you might have on your WordPress site
     uses an exclusive smart technology that detects WordPress core updates, plugins and themes installs, uninstalls and updates so it does not flood you with hundreds of false positive alerts prompting a false alarm.



Also, the plugin identifies file changes by comparing the fingerprints between scans rather than comparing the scan results of your website to a central repository, which typically also generates a lot of false positives.

Getting started with file integrity scanning on your WordPress

The Website File Changes Monitor plugin for WordPress is very easy to use. Once installed it starts scanning your site for file changes automatically.

The plugin is a zero-admin plugin. All non-executable media files, such as JPGs, are automatically excluded from the scan. Therefore you do not have to configure much unless you want to exclude something else, or change the scan schedule. Download the WordPress file changes plugin from the official repository and add an additional layer of WordPress security to your site!






Source: EthicalHacking
Source Link: http://www.ehacking.net/2019/06/what-is-file-integrity-monitoring.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.