Contact Support

24/7 Customer Support

+30 6974 319 263

Talk to a real technician now.

All Systems Operational

Online store always open

JS PHP File Watcher

Fspirits PHP File Watcher is a Joomla 3 security plugin that monitors your website for newly added or modified PHP-like files and alerts the administrator by email. Ideal after malware cleanup, it creates a clean baseline and helps detect suspicious file activity, hidden shells, backdoors, and possible reinfections early. Includes cron-only scanning, large-site support, cache exclusions, and false-alert protection for safer monitoring on busy Joomla websites.

That's Not All! Check Out More Amazing Features!

Fspirits PHP File Watcher for Joomla

Detect suspicious PHP file activity before it becomes a bigger problem.

Fspirits PHP File Watcher is a lightweight security monitoring plugin for Joomla 3 websites running PHP 7.4 or newer. It helps website owners, developers, and administrators detect newly added or modified PHP-like files on their server and receive fast email alerts when suspicious file activity appears after a clean baseline has been created.

Many hacked Joomla websites are compromised through hidden PHP shells, backdoors, fake image files, malicious upload scripts, or modified extension files. These files are often placed inside folders such as images, media, tmp, components, plugins, modules, or template directories. Fspirits PHP File Watcher gives you an extra layer of visibility by watching your Joomla installation for unexpected PHP file changes.

This plugin is especially useful after a website cleanup, malware removal, Joomla repair, or server hardening operation. Once your site is clean, the plugin creates a trusted baseline of existing PHP files. After that, it monitors the site and alerts you if new PHP-like files are added or existing PHP files are modified.

Main Purpose

The goal of Fspirits PHP File Watcher is simple:

To inform the administrator when PHP-like files are added or changed after the clean baseline.

This helps you react faster to possible reinfections, vulnerable extensions, hacked upload forms, compromised admin accounts, or suspicious server activity.

Key Features

Detects New PHP-Like Files

The plugin checks for newly added executable PHP-style files, including:

.php
.phtml
.php3
.php4
.php5
.phar

These file types are commonly used by attackers when they upload web shells or backdoors.

Detects Modified PHP Files

Fspirits PHP File Watcher can also alert you when existing PHP files are changed after the baseline.

This is useful for detecting:

  • Modified Joomla core files
  • Changed template files
  • Altered plugin or module files
  • Injected backdoors inside legitimate PHP files
  • Suspicious changes after an extension vulnerability

Clean Baseline System

After installation, the plugin creates a baseline of the existing PHP files on your Joomla website.

The baseline acts as the “known clean state” of your site. Any future difference can be reported to the administrator.

This makes the plugin ideal to use after cleanup, when you want to know if anything suspicious appears again.

Email Security Alerts

When suspicious PHP file activity is detected, the plugin sends an email alert to the administrator.

The alert can include:

  • Event type
  • File path
  • File size
  • Modified time
  • SHA1 value, if enabled
  • Scan details
  • Recommended action steps

This gives you fast visibility without needing to manually check the server every day.

Large Website Friendly

The plugin includes improved logic for large Joomla sites and e-shops.

For large sites, you can run the scanner by cron only and schedule it to check:

  • Once per day
  • Twice per day
  • At custom scan times

This avoids slowing down normal visitors and helps prevent timeout issues on large sites.

Cron-Only Mode

For big Joomla websites, the safest mode is Cron Only.

This means the plugin does not scan during normal website visits. Instead, your server runs the scan in the background using a cron job.

This is ideal for high-traffic websites, large Joomla installations, VirtueMart shops, and websites with thousands of files.

Optimized Linux Find Scanner

When available, the plugin can use the server’s native Linux find command for faster scanning.

This is usually much faster than a pure PHP recursive scan, especially on large websites with many folders and files.

If shell execution is not available, the plugin can fall back to PHP scanning.

Default Cache Exclusions

The plugin excludes common Joomla cache folders by default, including:

cache
administrator/cache
administrator/cache/plg_system_phpfilewatcher
logs

This helps reduce noise and avoids unnecessary scans of temporary files.

False Alert Protection

The plugin includes protection against incomplete scan problems.

If the configured scan limit is reached before the full scan is completed, the plugin does not incorrectly mark unseen files as missing. This prevents thousands of false alerts such as “file returned after previously being missing.”

This makes the plugin safer for very large Joomla sites.

Why This Plugin Is Useful

A hacked Joomla website is not always obvious immediately. Many attackers upload a small PHP file and leave it hidden for later access.

Common attack locations include:

/images
/media
/tmp
/cache
/templates
/plugins
/modules
/components
/administrator/components

A malicious PHP file inside a writable folder can be enough to reinfect the site, send spam, inject code, or give the attacker remote access.

Fspirits PHP File Watcher helps you notice this type of activity faster.

Ideal For

This plugin is perfect for:

  • Joomla 3 website owners
  • Joomla administrators
  • Web hosting providers
  • Web developers
  • Security cleanup work
  • Post-hack monitoring
  • VirtueMart shops
  • Large Joomla websites
  • Agencies managing multiple Joomla installations
  • Websites that were recently infected and cleaned

Recommended Use Cases

After Malware Cleanup

Install the plugin after cleaning a hacked Joomla site. Create a new baseline and monitor for reinfection.

After Restoring Joomla Core Files

Use the plugin after replacing suspicious or modified Joomla files with clean versions.

After Hardening File Permissions

Combine it with proper file permissions and server-level protection to detect suspicious activity.

Before and After Extension Updates

Monitor changes after installing or updating Joomla extensions.

Long-Term Security Monitoring

Run it once or twice per day using cron and receive alerts when suspicious PHP file activity appears.

Recommended Settings for Large Joomla Sites

For big sites, we recommend:

Run trigger: Cron only
Schedule mode: Once per day or Twice per day
Scanner engine: Auto
Use SHA1 hash: No
Alert on new files: Yes
Alert on modified files: Yes
Alert on deleted files: No
Alert when missing file returns: No
Max files per scan: 0
Max scan seconds: 120
Max alerts per email: 50

This setup gives good protection while avoiding unnecessary server load.

Example Cron Job

For a Joomla site installed in:

/home/example/public_html

You can run the plugin with:

/usr/bin/php /home/example/public_html/plugins/system/phpfilewatcher/cron.php

Example cron running every 15 minutes, while the plugin itself decides whether it is time to scan:

*/15 * * * * /usr/bin/php /home/example/public_html/plugins/system/phpfilewatcher/cron.php >/dev/null 2>&1

The plugin can be configured to actually scan only once or twice per day.

Requirements

Joomla: 3.x
PHP: 7.4 or newer
Database: Joomla-supported MySQL/MariaDB
Recommended: Linux hosting environment
Recommended for large sites: Cron access

Important Note

Fspirits PHP File Watcher is a security monitoring and alert plugin. It does not replace a firewall, malware scanner, backup system, or professional cleanup service.

Its purpose is to help you detect suspicious PHP file activity quickly, so you can investigate and respond before the problem becomes worse.

For best results, use it together with:

  • Updated Joomla core
  • Updated extensions
  • Strong administrator passwords
  • Two-factor authentication
  • Correct file permissions
  • Regular backups
  • Server-side malware scanning
  • Web application firewall protection

Summary

Fspirits PHP File Watcher is a practical Joomla security plugin that helps you monitor your website for suspicious PHP file changes.

It is simple, focused, and useful for real-world Joomla protection. After creating a trusted baseline, it watches for new or modified PHP-like files and alerts the administrator when something changes.

For Joomla 3 websites, especially older or previously infected installations, this plugin can become an important early-warning system against reinfections, hidden shells, and unwanted PHP file activity.

JS PHP File Watcher

Not Sure Yet?

See Amazing Additional Features And Details

Additional information

Compatibility

Joomla 3 (Please ask to modify for newer Joomla Versions)

PHP Version

PHP 7.4 or above

Product Type

Security Plugin

Delivery Method

Digital Download

Main Function

PHP File Monitoring, New File Detection, Modified File Detection, Email Alerts

Scan Mode

Cron Only, Once Per Day, Twice Per Day, Manual Force Scan

Best For

Joomla Websites, Malware Cleanup, Reinfection Monitoring, Large Websites, Web Administrators

Original price was: 27,00 €.Current price is: 9,99 €.

Do you have any questions?

Do you have an additional request?

Please feel free to fill out the following contact form.

We will be more than happy to work with you

Lets find the best possible solution together.

Main Contact Us And Support Form
support portal
×
en_GB
small_c_popup.png
Affiliate Newsletter Funnel

Join us in shaping the future of marketing!

Sign up in the newsletter form below to receive all the latest news and updates about amazing marketing tools and opportunities.