Joomla PHP File Watcher for Security Monitoring

Fspirits PHP File Watcher for Joomla

Detect suspicious PHP file activity before it becomes a bigger problem.

Fspirits PHP File Watcher is a lightweight security monitoring plugin for Joomla 3 websites running PHP 7.4 or newer. It helps website owners, developers, and administrators detect newly added or modified PHP-like files on their server and receive fast email alerts when suspicious file activity appears after a clean baseline has been created.

Many hacked Joomla websites are compromised through hidden PHP shells, backdoors, fake image files, malicious upload scripts, or modified extension files. These files are often placed inside folders such as images, media, tmp, components, plugins, modules, or template directories. Fspirits PHP File Watcher gives you an extra layer of visibility by watching your Joomla installation for unexpected PHP file changes.

This plugin is especially useful after a website cleanup, malware removal, Joomla repair, or server hardening operation. Once your site is clean, the plugin creates a trusted baseline of existing PHP files. After that, it monitors the site and alerts you if new PHP-like files are added or existing PHP files are modified.

Main Purpose

The goal of Fspirits PHP File Watcher is simple:

To inform the administrator when PHP-like files are added or changed after the clean baseline.

This helps you react faster to possible reinfections, vulnerable extensions, hacked upload forms, compromised admin accounts, or suspicious server activity.

Key Features

Detects New PHP-Like Files

The plugin checks for newly added executable PHP-style files, including:

.php
.phtml
.php3
.php4
.php5
.phar

These file types are commonly used by attackers when they upload web shells or backdoors.

Detects Modified PHP Files

Fspirits PHP File Watcher can also alert you when existing PHP files are changed after the baseline.

This is useful for detecting:

  • Modified Joomla core files
  • Changed template files
  • Altered plugin or module files
  • Injected backdoors inside legitimate PHP files
  • Suspicious changes after an extension vulnerability

Clean Baseline System

After installation, the plugin creates a baseline of the existing PHP files on your Joomla website.

The baseline acts as the “known clean state” of your site. Any future difference can be reported to the administrator.

This makes the plugin ideal to use after cleanup, when you want to know if anything suspicious appears again.

Email Security Alerts

When suspicious PHP file activity is detected, the plugin sends an email alert to the administrator.

The alert can include:

  • Event type
  • File path
  • File size
  • Modified time
  • SHA1 value, if enabled
  • Scan details
  • Recommended action steps

This gives you fast visibility without needing to manually check the server every day.

Large Website Friendly

The plugin includes improved logic for large Joomla sites and e-shops.

For large sites, you can run the scanner by cron only and schedule it to check:

  • Once per day
  • Twice per day
  • At custom scan times

This avoids slowing down normal visitors and helps prevent timeout issues on large sites.

Cron-Only Mode

For big Joomla websites, the safest mode is Cron Only.

This means the plugin does not scan during normal website visits. Instead, your server runs the scan in the background using a cron job.

This is ideal for high-traffic websites, large Joomla installations, VirtueMart shops, and websites with thousands of files.

Optimized Linux Find Scanner

When available, the plugin can use the server’s native Linux find command for faster scanning.

This is usually much faster than a pure PHP recursive scan, especially on large websites with many folders and files.

If shell execution is not available, the plugin can fall back to PHP scanning.

Default Cache Exclusions

The plugin excludes common Joomla cache folders by default, including:

cache
administrator/cache
administrator/cache/plg_system_phpfilewatcher
logs

This helps reduce noise and avoids unnecessary scans of temporary files.

False Alert Protection

The plugin includes protection against incomplete scan problems.

If the configured scan limit is reached before the full scan is completed, the plugin does not incorrectly mark unseen files as missing. This prevents thousands of false alerts such as “file returned after previously being missing.”

This makes the plugin safer for very large Joomla sites.

Why This Plugin Is Useful

A hacked Joomla website is not always obvious immediately. Many attackers upload a small PHP file and leave it hidden for later access.

Common attack locations include:

/images
/media
/tmp
/cache
/templates
/plugins
/modules
/components
/administrator/components

A malicious PHP file inside a writable folder can be enough to reinfect the site, send spam, inject code, or give the attacker remote access.

Fspirits PHP File Watcher helps you notice this type of activity faster.

Ideal For

This plugin is perfect for:

  • Joomla 3 website owners
  • Joomla administrators
  • Web hosting providers
  • Web developers
  • Security cleanup work
  • Post-hack monitoring
  • VirtueMart shops
  • Large Joomla websites
  • Agencies managing multiple Joomla installations
  • Websites that were recently infected and cleaned

Recommended Use Cases

After Malware Cleanup

Install the plugin after cleaning a hacked Joomla site. Create a new baseline and monitor for reinfection.

After Restoring Joomla Core Files

Use the plugin after replacing suspicious or modified Joomla files with clean versions.

After Hardening File Permissions

Combine it with proper file permissions and server-level protection to detect suspicious activity.

Before and After Extension Updates

Monitor changes after installing or updating Joomla extensions.

Long-Term Security Monitoring

Run it once or twice per day using cron and receive alerts when suspicious PHP file activity appears.

Recommended Settings for Large Joomla Sites

For big sites, we recommend:

Run trigger: Cron only
Schedule mode: Once per day or Twice per day
Scanner engine: Auto
Use SHA1 hash: No
Alert on new files: Yes
Alert on modified files: Yes
Alert on deleted files: No
Alert when missing file returns: No
Max files per scan: 0
Max scan seconds: 120
Max alerts per email: 50

This setup gives good protection while avoiding unnecessary server load.

Example Cron Job

For a Joomla site installed in:

/home/example/public_html

You can run the plugin with:

/usr/bin/php /home/example/public_html/plugins/system/phpfilewatcher/cron.php

Example cron running every 15 minutes, while the plugin itself decides whether it is time to scan:

*/15 * * * * /usr/bin/php /home/example/public_html/plugins/system/phpfilewatcher/cron.php >/dev/null 2>&1

The plugin can be configured to actually scan only once or twice per day.

Requirements

Joomla: 3.x
PHP: 7.4 or newer
Database: Joomla-supported MySQL/MariaDB
Recommended: Linux hosting environment
Recommended for large sites: Cron access

Important Note

Fspirits PHP File Watcher is a security monitoring and alert plugin. It does not replace a firewall, malware scanner, backup system, or professional cleanup service.

Its purpose is to help you detect suspicious PHP file activity quickly, so you can investigate and respond before the problem becomes worse.

For best results, use it together with:

  • Updated Joomla core
  • Updated extensions
  • Strong administrator passwords
  • Two-factor authentication
  • Correct file permissions
  • Regular backups
  • Server-side malware scanning
  • Web application firewall protection

Summary

Fspirits PHP File Watcher is a practical Joomla security plugin that helps you monitor your website for suspicious PHP file changes.

It is simple, focused, and useful for real-world Joomla protection. After creating a trusted baseline, it watches for new or modified PHP-like files and alerts the administrator when something changes.

For Joomla 3 websites, especially older or previously infected installations, this plugin can become an important early-warning system against reinfections, hidden shells, and unwanted PHP file activity.

Picture of EbZoo

EbZoo

Are you ready to unlock a world of unbeatable deals and top-notch products? Look no further! EbZoo is your one-stop-shop for the finest quality offers curated just for you. Join the EbZoo family today and experience a world of convenience, quality, and limitless opportunities. Don't miss out on the best deals – shop at EbZoo now! 🛍️

Recent Posts

Follow Us

Sign up for our Newsletter

Subscribe Sending Data To InfoGate4All

Subscribe to our newsletter and get updates for special offers

Joomla PHP File Watcher for Security Monitoring

Original price was: 27.00 $.Current price is: 9.99 $.

In stock

Join our Newsletter: Stay Ahead of the Game!!!

Don’t miss out on exclusive updates, valuable opportunities, and special discounts on our products! Subscribe to our newsletter and be the first to know about the latest news and offers. Join our community today and enjoy insider benefits and updates directly in your inbox.

Subscribe Sending Data To InfoGate4All
Added to wishlist! VIEW WISHLIST