Intrusion scanner

Intrusion Scanner

Watchful includes a number of tools to help detect unauthorized access to your web site. The first tool in this arsenal is the early warning audit.

The early warning audit is an intrusion scanner runs every day and looks for changes to your core files and services. This includes changes to critical files such as the main WordPress configuration file and and the main index.php file of your theme. The audit also examines things like the PHP and MySQL version on your server, recently installed and deleted plugins, pending software updates and the status of your website backups.

Scanner Categories

The Early Warning Audit performs checks in the following categories:

  • File — Changes to the size, checksum, and/or time stamp of critical system files. This is CMS-dependent
  • Add-on — Changes to the installed extensions/plugins, themes/templates, and languages
  • IP/URL — Changes to the IP Address or URL of the website
  • System — Changes at the system/CMS level such as new admin accounts
  • Service — Changes in the version or status of critical services

Full details on what is checked by the scanner can be found in our knowledge base.

Notifications, logs and troubleshooting

When changes or other suspicious activity is detected by the audit, you’ll be notified so you can investigate and take the appropriate actions to resolve the problem. For example, a change in your configuration file might require the following actions:

  • Consult with team members to discover if the change was expected.
  • If the change was not expected, change all passwords and revert config file from recent backup.

In addition, everything detected by the early warning audit is added to your site activity logs. By matching dates/times in the site activity logs to the discovery of any problems you experience on your site, you can usually find the cause of these issue.

Create your 100% free account today. No commitment. No credit card required.