What items are scanned by the website audit
The Site Audit currently performs 4 types of audits:
- Core fileSystem integrity audit
- File & folder permissions audit
- Malware audit
- Website best practices audit for WordPress & Joomla
Core filesystem integrity audit
This audit checks if any of the files distributed in the core WordPress or Joomla packages have been hacked or are missing. As shown above, the path to any missing or modified files is shown so it can be replaced with an original copy.
File & folder permissions audit
For most PHP-based CMS like WordPress and Joomla, files and folders should be set to specific permissions that allow for a combination of public accessibility on the web with editing restricted to users with appropriate privileges. System administrators refer to these permissions with the following codes:
- 0644 — permissions for individual files
- 0755 — permissions for folders
The File & Folder Permissions audit checks every file and folder in your WordPress or Joomla installation to make sure the permissions match this list. Any files or folders with permissions that do not match are flagged and listed in the audit results.
The preview below shows the result when file and folder permissions are set properly.
The Malware Scanner is a deep, inside-out scan that looks for common malware signatures and suspicious code. If any suspicious code is found, the files and suspicious pattern will be displayed as shown in the sample below.
Note: False-positives are common with signature scanners. Please check with the relevant software vendor if you have any questions about suspicious files identified by the malware scan.
Website configuration and server audit
This audit checks for many of the well-known best-practices for PHP-based content management systems such as WordPress and Joomla. Below is a sample result of this audit. If a problem is detected with the website configuration or server, information on how to fix the issue is displayed.
Best practice scanner
Below you'll find the full list of security best-practices for both Joomla and WordPress.
Search Knowledge base
- Does Watchful support managed hosts like WP Engine, Flywheel, and Pantheon?
- How do I generate reports for my clients?
- How to add Tags to your WordPress & Joomla websites in Watchful
- How to use the Add-on Auto Updater
- How to use the Update Scheduler
- Installing the Watchful client
- Scheduling remote backups for Joomla
- Scheduling remote backups for WordPress
- The three types of backups in Watchful
- What is included in the free plans?