New VaultPress Security Scanning

One of the goals for VaultPress is take as much of the guesswork out of securing your WordPress site as possible. In that spirit, we’ve just enabled a brand new security feature for all of our premium customers, a WordPress core file scanner.

How it works

VaultPress knows which version of WordPress your site is running. For each particular version of WordPress, we know what the MD5 checksum for each of the core files should be (an MD5 checksum is a kind of digital fingerprint for a file, that can be used to validate the integrity of that file).

Our new core file scanner scans your site and does the following:

  • Checks that each of the expected core files exists
  • Checks the MD5 checksum of each file
  • Stores information about each file from PHP’s stat() function

On our initial scan of your site, we perform all three of these steps for each of the 750+ WordPress core files. This scan creates a baseline that we can compare against in future scans. If the MD5 checksum of a core file doesn’t match, we notify you through an alert in the security tab of your VaultPress dashboard. A variation in the checksum means that the file has been modified from the original version that came with your WordPress install.

If you weren’t the one who modified a file, it’s possible that your site has been hacked and malicious code injected. In that case, you can contact the VaultPress Safekeeper team from your dashboard and we’ll help you diagnose and correct the problem.

For the next version of the scanner, we plan to store a unified diff of core file changes — that will enable us to show you exactly what was modified in any given core file. We also plan to add malicious code detection to further enhance your site’s security with VaultPress.

About Brian

Code Wrangler for Automattic
This entry was posted in Announcements, Features, Security and tagged , , . Bookmark the permalink.

16 Responses to New VaultPress Security Scanning

  1. Pingback: VaultPress For WordPress: Now Better, Faster, Stronger | The Blog Herald

  2. Pingback: VaultPress goes beyond backups to hacking protection

  3. Pingback: New VaultPress Security Scanning — Matt Mullenweg

  4. testbeta says:

    VaultPress blog design is now wide, it is more in the league of twenty ten, thematic, hybrid now.

    It’s a great service maybe for folks like scobleizer.com, I can’t spend much money on it would rather have my security checks in place. VaultPress costs more than server and domain registration combined so no, WordPress upgrades, VideoPress, and now VaultPress aren’t made for me, i can’t have it, but these are great.

  5. Pingback: WPWeekly Episode 107 – Interview With Grant Griffiths

  6. Pete says:

    this sounds great, I’m getting this now

  7. Arpit Jacob says:

    There is wordpress plugin that does the same thing.

    http://wordpress.org/extend/plugins/wordpress-file-monitor/

    I use this myself it emails me everytime when any changes are made to any file on your site.

  8. Trevor Turk says:

    Security should not be a premium feature. Please consider offering the MD5 checksum as a free plugin.

  9. Gary says:

    Nice. Any extra Security is great. VaultPress is certainly a great Plugin for a fantastic product!

  10. Elena says:

    Definitely a must, agreed MD5 checksum should be available for free too.

  11. Chris Cree says:

    I’m glad VaultPress is adding in security features on top of backups. I’m looking forward to being able to use VaultPress on a multi-site project I am putting together, assuming that multi-site support is on the way soon… :)

  12. Scott says:

    The only reason I’m not signing up for VaultPress is because the security scanning is only in the $40/m package. If it was in the $15/m package I would sign up in a second.

  13. Pingback: VaultPress Includes Security Scanning | Church Mag

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s