The File Change Detection feature (located under SSL & Security -> “Settings” -> Hardening -> File Change Detection) enables a daily scan to monitor if any changes have been made to files in WordPress Core, or files from Plugins or Themes on your site.
If files are being modified without performing any updates, and without manually having modified those files via FTP this could indicate that your WordPress installation was infected by malware that targeted & modified those files on your server. For instance, if a file from your theme such as header.php is being reported in the scan results while you haven’t manually edited it, that file might have been changed to include malicious code.
If the scan detects any irregular modifications to files on your site, a Dashboard Notice will be added to inform you about this:
The concerned files are reported in a list under Detected File Changes. You can also export & download the full list of changed files as a text file.
What to do if false positives are reported
In some cases, Really Simple SSL might report that a file has unexpectedly changed; while it concerned a legitimate change.
This could be due to manually modifying a WordPress core, plugin or theme file via FTP, or you might have plugins enabled (e.g. a back-up plugin) which create additional (.php/.js) files. We recommend confirming whether you have any plugins that might create or modify files, to determine whether the file change was legitimate or not.
- Click the Ignore button for any legitimate modifications which should only occur once, so you will still be notified if that file changes in the future.
- If you have a plugin that creates or modifies files every now and then, click the Exclude button instead; so that this file will be skipped from appearing in any future scans.
- You can also manually exclude files or entire directories via the Exclude files/directories textblock.
