As many of you know, this site was hacked several times over the past year. Upgrading to WordPress 2.8.4 seems to have calmed the attacks. One of the things I do every day is to verify that the templates in WordPress haven’t been hacked or exploited.
Last week I installed a new plugin that monitors the file system and sends an email anytime there is a change. It’s called WordPress File Monitor and should be acquired by WordPress and provided by default. You can select how often the plugin should check for changes, whether it should email you when there is a change, choice to check based on modify date or hash, and paths to exclude (like cache directories). The WordPress File Monitor can monitor files outside of the WordPress install as well.
Just one word of caution as my friend and uber programmer Till notes…it’s a WordPress plugin so if someone gains access to your admin, they can just disable the plugin and have their way with your system. So consider the plugin one level of security for your blog.