Melapress File Monitor

Get notified of file and permission changes on your WordPress sites and boost reliability & security Melapress File Monitor is a WordPress file integrity monitoring plugin that keeps track of file and permission changes on your WordPress websites. It enables you to promptly identify code changes, file and directory permission changes, leftover files, malicious code, and malware injections - and take action. Install Melapress File Monitor on your website to:

• Detect malware, infected files or files altered by bad actors
• Keep track of the last code changes on your website for easier troubleshooting
• Identify changes in file and directory permissions
• Identify leftover & backup files that can lead to sensitive business & technical data exposure
• Spot malware injections early to avoid irreparable site damage
• Conduct essential WordPress forensic analysis after a cyberattack. The plugin allows you to monitor and log file and permission changes across your WordPress site. You can see changes directly in the WordPress dashboard for easy access. You can also configure the plugin to send you file and permission change alerts through email whenever it detects a change; keeping you informed wherever you are.

It helps you easily spot leftover and backup files that could leave your website exposed, and detect malware and code changes, so you can remove the files and clean malware infections at the earliest possible. Plugin Features Melapress File Monitor is a very easy to use plugin with zero admin work. No False Alarms - Just Genuine Alerts! This plugin uses an exclusive smart technology that detects WordPress core updates, plugin & theme installs, uninstalls, and updates. When you update the WordPress core, install a new plugin, update a theme, or delete a plugin it won't flood you with hundreds of alerts prompting a false alarm. You only get alerted of genuine file and permission changes that can have an effect on the functionality and security of your WordPress site! Instant Email Notifications After a scan, the plugin sends an email with the list of file and permission changes it identifies on your WordPress sites and multisite networks. The email includes all the details you require to track WordPress file changes, such as:

• The filename and the path of the file
• A count of how many files were added, modified or deleted
• A highlight of the site admin changes that caused the file changes, such as the plugins or themes installs, uninstalls, and updates.

Scans ALL Your Files, Including Custom Code Melapress File Monitor can scan any type of file and it is not limited to WordPress and PHP files. Apart from the WordPress core files, plugins and themes files, it will also scan any other custom code files that you might have on your WordPress site. It also compares the WordPress core files of your website to the list of files on the official WordPress repository, so it will also alert you if a WordPress core file has been tampered with, or changed. You can also choose to exclude specific files, directories, and extensions for complete control. To learn more on both the file integrity monitoring technologies the plugin uses refer to how the plugin detects file changes on WordPress WordPress Multisite Networks Support The Melapress File Monitor plugin can also detect file changes on WordPress multisite networks. When installed on a network, the plugin configuration and alerts are only available to the super administrators, preventing possible disclosure of sensitive information that could jeopardize the security of the sites on the network. Other Notable Plugin Features

• Optimized scanning technology that does not affect the performance of your site
• Fully configurable file scan frequency (hourly, daily, weekly, time of the day)
• Instant file integrity scans with just a click of a button
• Ability to exclude directories, files, and file types from the scan
• Configurable maximum file size to scan
• File changes data only available to administrators for better security

Free Plugin Support Support is available for free via:

• forums
• email

MAINTAINED & SUPPORTED BY MELAPRESS Melapress builds high-quality niche WordPress security & management plugins, including WP Activity Log, Melapress Login Security, and others. Visit the Melapress website for more information about the company and the plugins it develops.

2.3 (2026-02-26)

• New features
• Added support for wildcards in folder exclusions: you can now use *, **, and ? wildcards when defining the directories you want to exclude.
• Plugin improvements
• Excluded file extensions are now fully skipped during scans. Previously the plugin was still reading and hashing these files.
• Ignored directories are now properly excluded from file change detection as well as from the scan itself.
• Refactored the file comparison logic for improved performance, accuracy, and maintainability.
• Optimized the way the plugin stores certain data so it no longer creates 10s of 1000s of temporary records during scans in the wp_options table. They're now limited, most websites will see less than 20 temporary records in wp_options and strictly only during scans.
• Temporary files created by the phpfastcache library are now stored in wp-content/uploads/melapress-file-monitor/mfm-tmp/ and are properly removed after use.
• Improved the cron job's reliability to avoid scan interruptions and related scheduling issues.
• Applied a number of generic scan performance and speed improvements.
• Removed outdated Captcha 4WP references from the About page and updated branding assets.
• Bug fixes
• Fixed: PHP warning fileperms(): stat failed caused by phpfastcache writing temporary files to non-existent paths.
• Fixed: all database tables and cron jobs are now properly cleaned up on uninstall.
• Fixed: Cron job mfm_monitor_file_changes was not removed on plugin deactivation or uninstall due to an incorrect reference name.
• Fixed: Files above the configured size limit were still having permissions changes and other events reported.
• Fixed the PHP fatal error wp_is_valid_utf8() call to undefined function triggered in the setup wizard on completion.
• Fixed: PHP fatal error caused by phpfastcache returning a non-array value in Driver::driverRead().
• Fixed: TypeError when saving settings with a null value passed to strtoupper().
• Fixed: PHP fatal error Call to undefined method Directory_Runner::delete_all() in class-db-handler.php.
• Fixed: PHP notice for translation domain being loaded too early.
• Fixed: The scan status REST endpoint was publicly accessible without authentication.
• Fixed: Plugin was incorrectly identified as "File Manager" in WP Activity Log logs. Now it is correctly shown as "Melapress File Monitor".

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous version updates of Melapress File Monitor.