{"id":12852,"date":"2026-07-16T14:41:13","date_gmt":"2026-07-16T11:41:13","guid":{"rendered":"https:\/\/fspirits.com\/?post_type=product&#038;p=12852"},"modified":"2026-07-16T14:41:14","modified_gmt":"2026-07-16T11:41:14","slug":"js-php-file-watcher","status":"publish","type":"product","link":"https:\/\/fspirits.com\/el\/product\/js-php-file-watcher\/","title":{"rendered":"JS PHP File Watcher"},"content":{"rendered":"<h2>Fspirits PHP File Watcher for Joomla<\/h2>\n<p><strong>Detect suspicious PHP file activity before it becomes a bigger problem.<\/strong><\/p>\n<p>Fspirits PHP File Watcher is a lightweight security monitoring <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> for <strong>Joomla 3 websites running PHP 7.4 or newer<\/strong>. It helps website owners, developers, and administrators detect newly added or modified PHP-like files on their <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/fspirits-hosting\/\"   >server<\/a> and receive fast email alerts when suspicious file activity appears after a clean baseline has been created.<\/p>\n<p>Many hacked Joomla websites are compromised through hidden PHP shells, backdoors, fake image files, malicious upload scripts, or modified extension files. These files are often placed inside folders such as <code>images<\/code>, <code>media<\/code>, <code>tmp<\/code>, <code>components<\/code>, <code><a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugins<\/a><\/code>, <code>modules<\/code>, or template directories. Fspirits PHP File Watcher gives you an extra layer of visibility by watching your Joomla installation for unexpected PHP file changes.<\/p>\n<p>\u0391\u03c5\u03c4\u03cc \u03c4\u03bf <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> is especially useful after a website cleanup, malware removal, Joomla repair, or <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/fspirits-hosting\/\"   >server<\/a> hardening operation. Once your site is clean, the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> creates a trusted baseline of existing PHP files. After that, it monitors the site and alerts you if new PHP-like files are added or existing PHP files are modified.<\/p>\n<h2>Main Purpose<\/h2>\n<p>The goal of Fspirits PHP File Watcher is simple:<\/p>\n<p><strong>To inform the administrator when PHP-like files are added or changed after the clean baseline.<\/strong><\/p>\n<p>This helps you react faster to possible reinfections, vulnerable extensions, hacked upload forms, compromised admin accounts, or suspicious <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/fspirits-hosting\/\"   >server<\/a> activity.<\/p>\n<h2>\u0392\u03b1\u03c3\u03b9\u03ba\u03ac \u03c7\u03b1\u03c1\u03b1\u03ba\u03c4\u03b7\u03c1\u03b9\u03c3\u03c4\u03b9\u03ba\u03ac<\/h2>\n<h3>Detects New PHP-Like Files<\/h3>\n<p>\u03a4\u03bf <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> checks for newly added executable PHP-style files, including:<\/p>\n<pre><code class=\"language-text\">.php\r\n.phtml\r\n.php3\r\n.php4\r\n.php5\r\n.phar\r\n<\/code><\/pre>\n<p>These file types are commonly used by attackers when they upload web shells or backdoors.<\/p>\n<h3>Detects Modified PHP Files<\/h3>\n<p>Fspirits PHP File Watcher can also alert you when existing PHP files are changed after the baseline.<\/p>\n<p>This is useful for detecting:<\/p>\n<ul>\n<li>Modified Joomla core files<\/li>\n<li>Changed template files<\/li>\n<li>Altered <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> or module files<\/li>\n<li>Injected backdoors inside legitimate PHP files<\/li>\n<li>Suspicious changes after an extension vulnerability<\/li>\n<\/ul>\n<h3>Clean Baseline System<\/h3>\n<p>After installation, the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> creates a baseline of the existing PHP files on your Joomla website.<\/p>\n<p>The baseline acts as the \u201cknown clean state\u201d of your site. Any future difference can be reported to the administrator.<\/p>\n<p>\u0391\u03c5\u03c4\u03cc \u03ba\u03b1\u03b8\u03b9\u03c3\u03c4\u03ac \u03c4\u03bf <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> ideal to use <strong>after cleanup<\/strong>, when you want to know if anything suspicious appears again.<\/p>\n<h3>Email Security Alerts<\/h3>\n<p>When suspicious PHP file activity is detected, the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> sends an email alert to the administrator.<\/p>\n<p>The alert can include:<\/p>\n<ul>\n<li>Event type<\/li>\n<li>File path<\/li>\n<li>File size<\/li>\n<li>Modified time<\/li>\n<li>SHA1 value, if enabled<\/li>\n<li>Scan details<\/li>\n<li>Recommended action steps<\/li>\n<\/ul>\n<p>This gives you fast visibility without needing to manually check the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/fspirits-hosting\/\"   >server<\/a> every day.<\/p>\n<h3>Large Website Friendly<\/h3>\n<p>\u03a4\u03bf <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> includes improved logic for large Joomla sites and e-shops.<\/p>\n<p>For large sites, you can run the scanner by cron only and schedule it to check:<\/p>\n<ul>\n<li>Once per day<\/li>\n<li>Twice per day<\/li>\n<li>At custom scan times<\/li>\n<\/ul>\n<p>This avoids slowing down normal visitors and helps prevent timeout issues on large sites.<\/p>\n<h3>Cron-Only Mode<\/h3>\n<p>For big Joomla websites, the safest mode is <strong>Cron Only<\/strong>.<\/p>\n<p>This means the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> does not scan during normal website visits. Instead, your <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/fspirits-hosting\/\"   >server<\/a> runs the scan in the background using a cron job.<\/p>\n<p>This is ideal for high-traffic websites, large Joomla installations, VirtueMart shops, and websites with thousands of files.<\/p>\n<h3>Optimized Linux Find Scanner<\/h3>\n<p>When available, the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> can use the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/fspirits-hosting\/\"   >server<\/a>\u2019s native Linux <code>find<\/code> command for faster scanning.<\/p>\n<p>This is usually much faster than a pure PHP recursive scan, especially on large websites with many folders and files.<\/p>\n<p>If shell execution is not available, the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> can fall back to PHP scanning.<\/p>\n<h3>Default Cache Exclusions<\/h3>\n<p>\u03a4\u03bf <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> excludes common Joomla cache folders by default, including:<\/p>\n<pre><code class=\"language-text\">cache\r\nadministrator\/cache\r\nadministrator\/cache\/plg_system_phpfilewatcher\r\nlogs\r\n<\/code><\/pre>\n<p>This helps reduce noise and avoids unnecessary scans of temporary files.<\/p>\n<h3>False Alert Protection<\/h3>\n<p>\u03a4\u03bf <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> includes protection against incomplete scan problems.<\/p>\n<p>If the configured scan limit is reached before the full scan is completed, the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> does not incorrectly mark unseen files as missing. This prevents thousands of false alerts such as \u201cfile returned after previously being missing.\u201d<\/p>\n<p>\u0391\u03c5\u03c4\u03cc \u03ba\u03b1\u03b8\u03b9\u03c3\u03c4\u03ac \u03c4\u03bf <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> safer for very large Joomla sites.<\/p>\n<h2>\u0393\u03b9\u03b1\u03c4\u03af \u03b1\u03c5\u03c4\u03cc <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >Plugin<\/a> Is Useful<\/h2>\n<p>A hacked Joomla website is not always obvious immediately. Many attackers upload a small PHP file and leave it hidden for later access.<\/p>\n<p>Common attack locations include:<\/p>\n<pre><code class=\"language-text\">\/images\r\n\/media\r\n\/tmp\r\n\/cache\r\n\/templates\r\n\/<a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugins<\/a>\r\n\/modules\r\n\/components\r\n\/administrator\/components\r\n<\/code><\/pre>\n<p>A malicious PHP file inside a writable folder can be enough to reinfect the site, send spam, inject code, or give the attacker remote access.<\/p>\n<p>Fspirits PHP File Watcher helps you notice this type of activity faster.<\/p>\n<h2>Ideal For<\/h2>\n<p>\u0391\u03c5\u03c4\u03cc \u03c4\u03bf <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> is perfect for:<\/p>\n<ul>\n<li>Joomla 3 website owners<\/li>\n<li>Joomla administrators<\/li>\n<li>\u0399\u03c3\u03c4\u03bf\u03c3\u03b5\u03bb\u03af\u03b4\u03b1 <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/fspirits-hosting\/\"   >\u03c6\u03b9\u03bb\u03bf\u03be\u03b5\u03bd\u03af\u03b1<\/a> providers<\/li>\n<li>Web developers<\/li>\n<li>Security cleanup work<\/li>\n<li>Post-hack monitoring<\/li>\n<li>VirtueMart shops<\/li>\n<li>Large Joomla websites<\/li>\n<li>Agencies managing multiple Joomla installations<\/li>\n<li>Websites that were recently infected and cleaned<\/li>\n<\/ul>\n<h2>Recommended Use Cases<\/h2>\n<h3>After Malware Cleanup<\/h3>\n<p>Install the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> after cleaning a hacked Joomla site. Create a new baseline and monitor for reinfection.<\/p>\n<h3>After Restoring Joomla Core Files<\/h3>\n<p>Use the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> after replacing suspicious or modified Joomla files with clean versions.<\/p>\n<h3>After Hardening File Permissions<\/h3>\n<p>Combine it with proper file permissions and <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/fspirits-hosting\/\"   >server<\/a>-level protection to detect suspicious activity.<\/p>\n<h3>Before and After Extension Updates<\/h3>\n<p>Monitor changes after installing or updating Joomla extensions.<\/p>\n<h3>Long-Term Security Monitoring<\/h3>\n<p>Run it once or twice per day using cron and receive alerts when suspicious PHP file activity appears.<\/p>\n<h2>Recommended Settings for Large Joomla Sites<\/h2>\n<p>For big sites, we recommend:<\/p>\n<pre><code class=\"language-text\">Run trigger: Cron only\r\nSchedule mode: Once per day or Twice per day\r\nScanner engine: Auto\r\nUse SHA1 hash: No\r\nAlert on new files: Yes\r\nAlert on modified files: Yes\r\nAlert on deleted files: No\r\nAlert when missing file returns: No\r\nMax files per scan: 0\r\nMax scan seconds: 120\r\nMax alerts per email: 50\r\n<\/code><\/pre>\n<p>This setup gives good protection while avoiding unnecessary <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/fspirits-hosting\/\"   >server<\/a> load.<\/p>\n<h2>Example Cron Job<\/h2>\n<p>For a Joomla site installed in:<\/p>\n<pre><code class=\"language-text\">\/home\/example\/public_html\r\n<\/code><\/pre>\n<p>You can run the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> with:<\/p>\n<pre><code class=\"language-bash\">\/usr\/bin\/php \/home\/example\/public_html\/<a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugins<\/a>\/system\/phpfilewatcher\/cron.php\r\n<\/code><\/pre>\n<p>Example cron running every 15 minutes, while the <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> itself decides whether it is time to scan:<\/p>\n<pre><code class=\"language-bash\">*\/15 * * * * \/usr\/bin\/php \/home\/example\/public_html\/<a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugins<\/a>\/system\/phpfilewatcher\/cron.php &gt;\/dev\/null 2&gt;&amp;1\r\n<\/code><\/pre>\n<p>\u03a4\u03bf <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> can be configured to actually scan only once or twice per day.<\/p>\n<h2>Requirements<\/h2>\n<pre><code class=\"language-text\">Joomla: 3.x\r\nPHP: 7.4 or newer\r\nDatabase: Joomla-supported MySQL\/MariaDB\r\nRecommended: Linux <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/fspirits-hosting\/\"   >\u03c6\u03b9\u03bb\u03bf\u03be\u03b5\u03bd\u03af\u03b1<\/a> environment\r\nRecommended for large sites: Cron access\r\n<\/code><\/pre>\n<h2>Important Note<\/h2>\n<p>Fspirits PHP File Watcher is a <strong>security monitoring and alert <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a><\/strong>. It does not replace a firewall, malware scanner, backup system, or professional cleanup service.<\/p>\n<p>Its purpose is to help you detect suspicious PHP file activity quickly, so you can investigate and respond before the problem becomes worse.<\/p>\n<p>For best results, use it together with:<\/p>\n<ul>\n<li>Updated Joomla core<\/li>\n<li>Updated extensions<\/li>\n<li>Strong administrator passwords<\/li>\n<li>Two-factor authentication<\/li>\n<li>Correct file permissions<\/li>\n<li>Regular backups<\/li>\n<li><a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/fspirits-hosting\/\"   >Server<\/a>-side malware scanning<\/li>\n<li>Web application firewall protection<\/li>\n<\/ul>\n<h2>\u03a0\u03b5\u03c1\u03af\u03bb\u03b7\u03c8\u03b7<\/h2>\n<p>Fspirits PHP File Watcher is a practical Joomla security <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> that helps you monitor your website for suspicious PHP file changes.<\/p>\n<p>It is simple, focused, and useful for real-world Joomla protection. After creating a trusted baseline, it watches for new or modified PHP-like files and alerts the administrator when something changes.<\/p>\n<p>For Joomla 3 websites, especially older or previously infected installations, this <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\/\"   >plugin<\/a> can become an important early-warning system against reinfections, hidden shells, and unwanted PHP file activity.<\/p>","protected":false},"excerpt":{"rendered":"<div class=\"qMYqUG_convSearchResultHighlightRoot\">\n<div class=\"\" data-turn-id-container=\"request-6a2fe77a-a534-83ed-afeb-275d97d4b25b-2\" data-is-intersecting=\"true\">\n<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-6a2fe77a-a534-83ed-afeb-275d97d4b25b-2\" data-turn-id-container=\"request-6a2fe77a-a534-83ed-afeb-275d97d4b25b-2\" data-testid=\"conversation-turn-18\" data-turn=\"assistant\">\n<div class=\"text-base my-auto mx-auto pb-15 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n<div class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\" data-conversation-screenshot-content=\"\">\n<div class=\"flex max-w-full flex-col gap-4 grow\">\n<div class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" dir=\"auto\" tabindex=\"0\" data-message-author-role=\"assistant\" data-message-id=\"83668276-5684-4238-8acc-e93f8c12efc6\" data-turn-start-message=\"true\" data-message-model-slug=\"gpt-5-5-thinking\">\n<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n<div class=\"markdown prose dark:prose-invert wrap-break-word w-full dark markdown-new-styling\">\n<p class=\"PDq2pG_selectionAnchorContainer\" data-start=\"0\" data-end=\"463\" data-is-last-node=\"\" data-is-only-node=\"\">Fspirits PHP File Watcher is a Joomla 3 security <a  class=\"btl_autolink_hyperlink\"  href=\"https:\/\/fspirits.com\/go\/envato-wp-unlimited-thems\"   >plugin<\/a> that monitors your website for newly added or modified PHP-like files and alerts the administrator by email. Ideal after malware cleanup, it creates a clean baseline and helps detect suspicious file activity, hidden shells, backdoors, and possible reinfections early. Includes cron-only scanning, large-site support, cache exclusions, and false-alert protection for safer monitoring on busy Joomla websites.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>\n<\/div>\n","protected":false},"featured_media":12855,"template":"","meta":[],"product_brand":[2616],"product_cat":[49],"product_tag":[],"class_list":["post-12852","product","type-product","status-publish","has-post-thumbnail","product_brand-freespirits-web-services","product_cat-webservices","first","instock","sale","downloadable","virtual","purchasable","product-type-simple"],"_links":{"self":[{"href":"https:\/\/fspirits.com\/el\/wp-json\/wp\/v2\/product\/12852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fspirits.com\/el\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/fspirits.com\/el\/wp-json\/wp\/v2\/types\/product"}],"version-history":[{"count":1,"href":"https:\/\/fspirits.com\/el\/wp-json\/wp\/v2\/product\/12852\/revisions"}],"predecessor-version":[{"id":12854,"href":"https:\/\/fspirits.com\/el\/wp-json\/wp\/v2\/product\/12852\/revisions\/12854"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fspirits.com\/el\/wp-json\/wp\/v2\/media\/12855"}],"wp:attachment":[{"href":"https:\/\/fspirits.com\/el\/wp-json\/wp\/v2\/media?parent=12852"}],"wp:term":[{"taxonomy":"product_brand","embeddable":true,"href":"https:\/\/fspirits.com\/el\/wp-json\/wp\/v2\/product_brand?post=12852"},{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/fspirits.com\/el\/wp-json\/wp\/v2\/product_cat?post=12852"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/fspirits.com\/el\/wp-json\/wp\/v2\/product_tag?post=12852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}