Melapress File Monitor


Get alerted via email of file changes on your WordPress sites to boost reliability & security

There are many benefits you can take advantage of when you install this hassle-free WordPress file integrity monitoring plugin on your website, such as:
* Keep track of the last code changes on your website for easier troubleshooting
* Identify leftover & backup files that can lead to sensitive business & technical data exposure
* Pinpoint malware injections early to avoid irreparable site damage
* Do the neccesary forensic work during a past-hack job

Keeping track of file changes on your WordPress website is a maintanence and security best practise every site owner should follow. This can only be done by installing a plugin. Use Melapress File Monitor to automatically scan your website for file changes.

The plugin alerts you of file changes via email. It helps you easily spot leftover and backup files that could leave your website exposed, and identify injected malware and code changes, so you can remove the files and clean malware infections at the earliest possible.

Maintained & Supported by Melapress

Melapress builds high-quality WordPress security & site management plugins like WP Activity Log, the #1 WordPress activity log plugin. Browse our list of WordPress plugins that help you better manage and improve the security of your WordPress website.

Why Do You Need a website file integrity monitoring plugin?

No single WordPress security solution is bullet proof. Every solution has its shortcomings. A complete security solution is made up of a suite of tools and plugins that work together, allowing you to address all of your website’s security requirements. The more tools and security layers you build, the harder it will be for attackers to succeed. It also makes it easier for you to block malicious attacks, and monitor the site’s security and health.

The Melapress File Monitor plugin provides you with the much needed visibility of modifications that happen on your website’s file system. File changes on your WordPress website can be an early sign of a malicious hack attack or a technical problem. Hence why security professionals recommend a website files monitor plugin.

The Melapress File Monitor plugin helps you:

  • Identify a possible hack attack during the early stages, allowing you to limit the damage
  • Find where exactly backdoors, trojans and other malware are injected on your site
  • Identify the infections and code changes during the post-hack forensics & cleanup
  • Catch red-handed the exploitation of 0-day vulnerabilities on your site
  • Ease the process of cleaning & recovering an infected hacked website

A Role Beyond WordPress Security

The scope of monitoring your website for file changes goes beyond detecting malicious attacks and malware infections. It is a WordPress website security and management best practice that can also help you:

  • Check the integrity of your WordPress core files
  • Find leftover files developers leave by mistake that could lead to sensitive information disclosure, such as backup files, database files etc
  • Keep track of where developers are doing code changes on your WordPress site
  • Troubleshoot and avoid unnecessary technical WordPress site problems

Melapress File Monitor Plugin Features

Melapress File Monitor is a very easy to use and zero admin plugin. Once installed it automatically starts scanning all the files on your WordPress site without requiring any manual intervention.

However don’t let the simplicity and automation fool you. Under the hood the Melapress File Monitor plugin is a fully blown and configurable tool that every WordPress site administrator should install on their WordPress sites and multisite network.

Instant Email Notifications

After a scan, the Melapress File Monitor plugin sends an email with the list of file changes it identifies on your WordPress sites and multisite networks.

The email includes all the details you require to keep tabs of the file changes on your website, such as:
* The filename and the path of the file
* A count of how many files were added, modified or deleted
* A highlight of the site admin changes that caused the file changes, such as the plugins or themes installs, uninstalls and updates.

No False Alarms – Just Genuine Alerts!

The Melapress File Monitor plugin uses an exclusive smart technology that detects WordPress core updates, plugins and themes installs, uninstalls and updates.

When you update the WordPress core, install a new plugin, update a theme, or delete a plugin it won’t flood you with hundreds of alerts prompting a false alarm! You only get alerted of genuine file changes that can have an effect on the functionality and security of your WordPress site!

Scans ALL Your Files, Including Custom Code

The Melapress File Monitor plugin can scan any type of file and it is not limited to WordPress and PHP files. Apart from the WordPress core files, plugins and themes files, it will also scan any other custom code files that you might have on your WordPress site.

It also compares the WordPress core files of your website to the list of files on the official WordPress repository, so it will also alert you if a WordPress core file has been tampered with, or changed.

To learn more on both the file integrity monitoring technologies the plugin uses refer to how the plugin detects file changes on WordPress

WordPress Multisite Networks Support

The Melapress File Monitor plugin can also detect file changes on WordPress multisite networks. When installed on a network, the plugin configuration and alerts are only available to the super administrators, preventing possible disclosure of sensitive information that could jeopardize the security of the sites on the network.

Other Notable Plugin Features

  • Optimized scanning technology that does not affect the performance of your site
  • Fully configurable file scan frequency (hourly, daily, weekly, time of the day)
  • Instant file integrity scans with just a click of a button
  • Ability to exclude directories, files and file types from the scan
  • Configurable maximum file size to scan
  • File changes data only available to administrators for better security

FREE Plugin Support

Support for the WordPress Files Monitor plugin is available for free via:

For any other queries, feedback, or if you simply want to get in touch with us please use our contact form.

As Featured On:

Further Reading & Information

The Melapress File Monitor plugin is developed by Melapress, developers of a number of WordPress security and admin plugins, including WP Activity Log, the most comprehensive WordPress activity log plugin, and Melapress Login Security, a login security and password policies plugin.

Translate the plugin in your own language

If you want to help us translate this plugin in your own language please contact us. We will credit all translators.

From within WordPress

  1. Visit ‘Plugins > Add New’
  2. Search for ‘Melapress File Monitor’
  3. Install & activate the Melapress File Monitor from your Plugins page.


  1. Download the plugin from the WordPress plugins repository
  2. Unzip the zip file and upload the website-file-changes-monitor folder to the /wp-content/plugins/ directory
  3. Activate the Melapress File Monitor plugin through the ‘Plugins’ menu in WordPress


  • The plugin is very easy to install and configure – follow the install wizard through which you can configure the scan frequency and times, email notification settings, which file extensions to exclude from a scan and other scan details via an easy to follow setup wizard.
  • Once the wizard is completed the first time scan starts automatically.
  • In the plugin dashboard you can see the recent list of file changes events, which should give you a good overview of the detected file changes.
  • The plugin’s smart technology does not just report file changes. It can detect if a new plugin has been added, updated, or removed, and it reports the details rather than just flagging a file change.
  • The plugin can also detect when new files are added to the core of your website, even if it is not a WordPress or php file.
  • You can use the plugin’s search filter to search for specific files and find what you need for in just seconds, in case you have a good number of file changes events.
  • The plugin can also detect changes in the WordPress core. During the scan it compares the core on your website to that on the official repository, and if there are any differences, it will report them to you.
  • The plugin is fully configurable and can easily be fine tuned to meet your requirements. Every setting in the setup wizard, and many other settings, can be configured at any time from the plugin’s Settings page.


11, Abril de 2024 5 replies
On a custom, self-managed VPS this plug brought my server to its knees, resulting in constant 504 gateway timeouts until I deleted it. Glad I only tested this on one site, I will not use it again and will keep my files locked down instead.
9, Marzu de 2024 1 reply
I agree that the new version is very bad. Before version 2.0, everything was fast and simple. Now it ‘s something clumsy . I had to abandon this plugin and use a solution that gives the same result in 3 seconds.
27, Xunetu de 2023
I use this plugin on a daily basis to be notified if any malicious files are added to my server without my knowledge. Had a small issue with another plugin causing some conflicts and this plugin support team gave me a code snippet to resolve the issue and it was not even there plugin causing the conflict. Now that is customer service 🙂
13, Xunetu de 2023
This plugin gives you a hawk’s eye over each file of your website helping you identify website hacks (if any) right away as hacks involve adding/modifying/deletion of files. This plugin helps you not anymore panic wondering which files were injected into the website as part of website attacks — Malware, virus, etc., And, this plugin comes with needed functionalities to make things easy — very thoughtful. If this is not enough, this plugin is TOTALLY FREE! Great work. God bless. Note: I use Litespeed Cache – I had to tweak the litespeed Cache’s setting: Cache > Excludes > Do Not Cache Roles – Administrator (had to check the “Administrator” box).
27, Xunu de 2023
I would like to see randomize function added to the scan start times so that the scan time does not start at exactly the same time each hour/day/week. I also think there should be an increment between hourly and day. and day and week. Why not put each __ hour and let the user input a more precise scanning interval? (e.g. every 4 hours; every 2 days). There is also a cosmetic error where the path displayed in the log for each row can get bunched up in a tiny column. But other than that, it seems to do everything it is supposed to do. very simple plugin that monitors file changes + email you of a summary of any detected changes. I decided to give it 4.5 stars now, so they get the benefit rounding up. For those not using another plugin like WordFence Pro, or want a simpler way to scan for file changes, this is a good candidate.
28, Abril de 2023
Very good plugin to detect malware in your wordpress installation. Using this plugin I was able to clean my site from malware.Highly recommended. Support team is awsome.
Read all 25 reviews

Contributors & Developers

“Melapress File Monitor” is open source software. The following people have contributed to this plugin.


“Melapress File Monitor” has been translated into 3 locales. Thank you to the translators for their contributions.

Translate “Melapress File Monitor” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.


2.0.2 (2024-05-15)

  • Improvements

    • Added an option in the first-time plugin configuration wizard for administrators to choose whether or not to receive email notifications with scan reports.
    • Added a close button in the setup wizard for a more streamlined user experience.
    • Optimized some JavaScript timings within the plugin for improved overall speed and efficiency.
    • Users now have the option to cancel the current scan in progress from the plugin’s settings.
    • Enhanced the email deliverability of the plugin by changing the default “from” address to match the website’s domain.
    • Updated the integration with the WP Activity Log plugin – now scan start / stop, file changes are reported in the activity log.
    • Minor text updates and improvements across plugin’s wizards and pages.
  • Bug fixes

    • Resolved the issue with folder exclusion by path; the plugin will no longer report changes from excluded folder paths.
    • Removed the redundant “month day” option from the weekly scan settings and left only the relevant “week day” as option.
    • Users with no admin role will no longer be able to see file change notices.
    • Corrected the domain text inside the plugin to match the plugin’s slug label.
    • Fixed the occasional issue where file changes listings were not showing up in email notifications.