The Early Warning Audit is Watchful’s persistent scanner that looks for signs of intrusion on your site. It performs a security scan for WordPress and Joomla sites in your Watchful dashboard up to 8 times per day.

The scan looks for changes in critical system files, plugins/extensions that have been added or removed, IP address or URL of each site, and services such as PHP, MySQL and Apache.

We recently released new versions of Watchful for WordPress (version 1.2.18) and Joomla (version 1.12.2) that scan an extended set of critical system files. The scans look for changes as well as the presence/absence of specific files.

Security scan for WordPress

Including the latest additions, here are the files monitored in the security scan for WordPress relative to the installation root:

  • index.php
  • .htaccess
  • wp-config.php
  • wp-admin/index.php
  • wp-admin/.htaccess
  • wp-content/themes/[theme_name]/footer.php
  • wp-content/themes/[theme_name]/functions.php
  • wp-content/themes/[theme_name]/header.php
  • wp-content/themes/[theme_name]/index.php
  • wp-content/themes/[theme_name]/style.css

Security scan for Joomla

Including the latest additions, here are the files monitored in the security scan for Joomla relative to the installation root:

  • index.php
  • .htaccess
  • configuration.php
  • administrator/index.php
  • templates/[theme_name]/index.php
  • templates/[theme_name]/error.php
  • templates/[theme_name]/component.php
  • administrator/templates/[theme_name]/index.php

As you can see, the files monitored are the key targets for intruders looking to cripple or deface your site, or insert malicious links in your themes and templates.

For both WordPress and Joomla, the security scan will process common files in each of the installed themes/templates whether or not they are in use.

How are file changes detected?

First, Watchful determines if a file is required. For example, the security scan for WordPress knows that style.css is required by all themes. If this file is missing, it is flagged and you will be notified.

On the other hand, error.php is common in Joomla templates but it is not formally required. If this file is missing it will not raise an alert.

After the presence of all the required files is complete, Watchful then scans all the files shown above and records the timestamp and the checksum for each. By comparing the results to those from the prior scan, Watchful can determine if any changes have been made to the files.

What can I expect for notifications?

When changes are detected by the security scan for WordPress, a detailed entry is made in the logs and an email notification is sent. The same is true when scanning Joomla sites.

Shown below is a preview of the log entries you can expect when a change is detected.

Results from the security scan for WordPress appear in the site logs
Results from the security scan for WordPress appear in the site logs.

Premium vs. Free

The Early Warning Audit — including the security scan for WordPress and Joomla — is included with all plans.

Websites in free accounts are scanned once per day. Those in Premium accounts are scanned eight (8) times per day. Since more frequent scans are will detect changes sooner, please consider upgrading to a Premium account.

Leave a Reply

Your email address will not be published. Required fields are marked *