One of the goals for VaultPress is take as much of the guesswork out of securing your WordPress site as possible. In that spirit, we’ve just enabled a brand new security feature for all of our premium customers, a WordPress core file scanner.
How it works
VaultPress knows which version of WordPress your site is running. For each particular version of WordPress, we know what the MD5 checksum for each of the core files should be (an MD5 checksum is a kind of digital fingerprint for a file, that can be used to validate the integrity of that file).
Our new core file scanner scans your site and does the following:
- Checks that each of the expected core files exists
- Checks the MD5 checksum of each file
- Stores information about each file from PHP’s stat() function
On our initial scan of your site, we perform all three of these steps for each of the 750+ WordPress core files. This scan creates a baseline that we can compare against in future scans. If the MD5 checksum of a core file doesn’t match, we notify you through an alert in the security tab of your VaultPress dashboard. A variation in the checksum means that the file has been modified from the original version that came with your WordPress install.
If you weren’t the one who modified a file, it’s possible that your site has been hacked and malicious code injected. In that case, you can contact the VaultPress Safekeeper team from your dashboard and we’ll help you diagnose and correct the problem.
For the next version of the scanner, we plan to store a unified diff of core file changes — that will enable us to show you exactly what was modified in any given core file. We also plan to add malicious code detection to further enhance your site’s security with VaultPress.
VaultPress Blog 
Pingback: VaultPress For WordPress: Now Better, Faster, Stronger | The Blog Herald
Pingback: VaultPress goes beyond backups to hacking protection
Pingback: New VaultPress Security Scanning — Matt Mullenweg
Awesome.
VaultPress blog design is now wide, it is more in the league of twenty ten, thematic, hybrid now.
It’s a great service maybe for folks like scobleizer.com, I can’t spend much money on it would rather have my security checks in place. VaultPress costs more than server and domain registration combined so no, WordPress upgrades, VideoPress, and now VaultPress aren’t made for me, i can’t have it, but these are great.
Pingback: WPWeekly Episode 107 – Interview With Grant Griffiths
this sounds great, I’m getting this now
There is wordpress plugin that does the same thing.
http://wordpress.org/extend/plugins/wordpress-file-monitor/
I use this myself it emails me everytime when any changes are made to any file on your site.
Security should not be a premium feature. Please consider offering the MD5 checksum as a free plugin.
Check out the Exploit Scanner plugin.
Nice. Any extra Security is great. VaultPress is certainly a great Plugin for a fantastic product!
Definitely a must, agreed MD5 checksum should be available for free too.
I’m glad VaultPress is adding in security features on top of backups. I’m looking forward to being able to use VaultPress on a multi-site project I am putting together, assuming that multi-site support is on the way soon… 🙂
The only reason I’m not signing up for VaultPress is because the security scanning is only in the $40/m package. If it was in the $15/m package I would sign up in a second.
Thanks for the feedback Scott.
Pingback: VaultPress Includes Security Scanning | Church Mag