Keeping your WordPress sites secure is a never-ending game of cat and mouse.
100% protection against intrusion is impossible. We can do our best to stop it, but we must be ready to deal with any intrusions once they occur.
Shield Security already has several scanners that detect and repair alterations to your WordPress filesystem.
- detecting and repairing any changes to Core WordPress files.
- detecting and removing any files in your Core WordPress folders that are not part of WordPress.
So it looks like we have your WordPress Core covered.
But of course, WordPress is more than just its core files.
Making A Stand To Protect WordPress Plugins and Themes
It’s quite common for site hacks to involve quiet changes to scripts within your plugins and theme folders that can go unnoticed for months.
These are nearly impossible to detect without some sort of automatic scanning.
So with Shield Security 6.4, we’re introducing a brand new scanner that guards against unauthorized changes to your plugins and theme files. It’ll alert you as soon as it detects any changes.
It’s important to understand what this scanner IS and what it IS NOT.
To Help with these, we’ve provided a full explanatory video:
Plugins & Themes Guard Explanatory Video
Plugin & Theme Guard: What It Is Not
It is not a malware scanner – it does not detect the presence of malware on your site.
Plugin & Theme Guard: What It Is
It is a change-detection system.
The Guard will take a “snapshot” of your files, and, if they are modified in any way, deleted, or new files are added, the Guard will alert you.
The Guard does not care about what these changes are, whether they’re good, bad, intended, or unintentional. It only cares about changes.
If there’s a change, you will be notified.
The Guard: Important Notes
- The Guard only monitors active plugins and themes. If a plugin or theme is installed, but remains deactivated, it will not be monitored.
- The Guard will also monitor the Parent theme, if you’re using a Child theme.
- The Guard does not take a snapshot when you install a plugin, but only when you activate it. (If you deactivate it, monitoring for that plugin will stop).
- The Guard will update its snapshot if you use WordPress to install, update or re-install a plugin or theme.
- If you update a plugin or theme outside of WordPress e.g. using FTP, this will cause the Guard to alert you. The Guard doesn’t know anything about FTP. It only understands changes you make using WordPress.
- The Guard understands updates made by iControlWP and will update its snapshot correctly.
- The Guard will send alerts for changes made using WordPress’ built-in Editors. This is by-design.
When Does The Scanner Run?
The Guard’s scanner runs once every 24hrs using the WordPress Cron.
You can of course increase the frequency using the scan frequency setting released with Shield 6.2.
Understanding the Depth parameter
As you can imagine, scanning the file system for changes can be resource intensive.
To strike a balance between resource usage and protection, the Guard will only scan and monitor the 1st level of any plugin/theme folder. It doesn’t process any sub-folders.
You can change this default behaviour by specifying the “depth” of the scanner. The default depth is 1 (i.e. 1st level). To protect sub-folders, you can increase the depth parameter.
To protect all levels, you can set the depth to Zero (0).
You must understand that increasing the depth will cause processing times and resource usage to increase. It is up to you to decide which level of protection you want vs resource allocation.
The Guard: How To Handle Changes
The results of the scanner can be accessed only through the scanner Wizard. This wizard is the only way to respond to alerts sent from the Guard.
You will be presented with a clear list of all changes that have been detected. It is your role as the security administrator to decide whether these changes are “ok”, or whether they must be cleaned.
Shield Security can’t make this decision for you.
For plugins, your options include:
- Re-install / Upgrade. Shield will attempt to re-install (and potentially upgrade if an update is available) a plugin. This is only available for plugins from WordPress.org
- Deactivate – Shield can immediately deactivate the affected plugin
- Ignore Changes. If you feel that the changes detect are legitimate, you can ignore them. Shield wont alert you to these changes again.
For themes, your options include:
- Re-install / Upgrade. Just as with plugins above.
- Ignore Changes. Just as with plugins above.
You can make manual modifications in response to the scanner, using FTP for example, and then re-scan your site.
Requirements For The Plugins & Theme Guard
- Shield Security 6.4+
- PHP Version 5.4+
- WordPress 4.0+
- Shield Pro – upgrade here
Since late 2017, we made the decision to develop new features for Shield using PHP 5.4. To learn more about this decision, please see here.
Comments and Questions?
As always, we’re open to feedback and suggestions. Please feel free to leave your comments below.
Thank you for your support!