File Integrity and Unauthorized Change Detection Checklist

halfbrain_logo512adminJune 16, 2026
0 lượt xem

File Integrity and Unauthorized Change Detection Checklist

Unauthorized file changes are a major signal of compromise. Attackers may add PHP files, modify themes, inject redirects, edit config files or create hidden backdoors. File integrity review helps detect changes before they spread.

Core principle

Healthy systems have expected files in expected places. Unexpected executable files, recent modifications and unknown plugin folders should be investigated.

Checklist

  1. Record the website root path.
  2. Check recently modified files.
  3. Check executable files inside uploads.
  4. Check unknown plugin folders.
  5. Check unknown theme files.
  6. Compare WordPress core with a clean version if possible.
  7. Check wp-config.php changes.
  8. Check suspicious hidden files carefully.
  9. Document findings before deleting files.
  10. Monitor the same paths after cleanup.

Reusable lesson

File integrity thinking applies to WordPress, custom PHP apps, uploaded assets, config files, Docker bind mounts and automation scripts.

Checklist Type WordPress Security
Level Intermediate
Risk Level Critical Risk
Estimated Time 45–120 minutes

When to Use This Checklist

Use this checklist when a website may be hacked, redirected, injected or modified without permission.

Required Tools

SSH access, website root path, backup, WordPress files, plugin list, theme list, file timestamps

Before You Start

Do not delete suspicious files before documenting them and taking a backup of the current state for investigation.

Structured Checklist Steps

  1. Record root path.
  2. Find recently modified files.
  3. Check uploads for executable files.
  4. Check plugin folders.
  5. Check theme files.
  6. Compare core files.
  7. Check wp-config.php.
  8. Check hidden files.
  9. Document findings.
  10. Monitor after cleanup.

Verification Steps

  1. Recent file changes are reviewed.
  2. No unknown executable file remains in uploads.
  3. Unknown plugin or theme folders are investigated.
  4. Important config files are verified.
  5. Post-cleanup monitoring is active.
See also  High CPU Usage Checklist for VPS Websites

Rollback Plan

If removing a suspicious file breaks the site, restore it from backup temporarily, then analyze whether it was required application code or part of a compromise.

Common Mistakes

  • Deleting files without backup.
  • Ignoring uploads folder.
  • Assuming hidden files are always safe.
  • Not checking wp-config.php.
  • No monitoring after cleanup.

Related Commands

find /var/www/example.com -type f -mtime -7
find /var/www/example.com/wp-content/uploads -name "*.php"
ls -la /var/www/example.com/wp-content/plugins
ls -la /var/www/example.com/wp-content/themes
stat /var/www/example.com/wp-config.php

Share:

Disclaimer: The guides, checklists, commands, and examples on HalfBrain.net are provided for educational and operational reference only. Server environments, hosting providers, software versions, security settings, and WordPress configurations can vary, so you should always review commands before running them on your own system. We do our best to keep the content accurate and useful, but we cannot guarantee that every command, configuration, or recommendation will fit every environment. Always back up your website, database, and server configuration before making changes. HalfBrain.net is not responsible for data loss, downtime, security incidents, misconfiguration, or other issues that may result from applying the information on this website. Use the material at your own discretion.

halfbrain_logo512
admin

HalfBrain.net is a practical field notebook for people who want to self-operate websites, VPS servers, Linux systems, Docker stacks, Nginx configurations, DNS records, SSL certificates, and AI automation workflows. Our goal is simple: turn messy infrastructure problems into clear, repeatable checklists, commands, and operating procedures. We focus on practical execution, not theory for theory’s sake.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related articles: