mySites.guru

Real-Time Alerts for File Changes & Logins

Real-Time Alerts for File Changes & Logins

mySites.guru is more than a suite of tools for managing multiple WordPress sites. Used by over 74,000 Joomla and WordPress sites, it also sends you real-time alerts when something happens on your sites - an admin login, a config change, a file that shouldn’t have been touched.

Real-Time Alerting Triggers

Your site notifies mySites.guru based on the preferences you configure: someone logging into the admin console, saving Global Configuration, or other triggers you care about.

We’re always looking to add more triggers - if you have ideas, let us know.

mySites.guru alert preference settings showing toggles for admin login, configuration save, and file modification triggersThe available real-time triggers for Joomla and WordPress sites

Near real-time file monitoring

You can opt in to have specific files monitored on your site. When a monitored file is modified, your site informs mySites.guru and you get an alert.

This is “near real-time” because the check runs on every page load. If someone edits a file through the Joomla or WordPress admin, the alert fires immediately - the page request that saves the change is also the page request that detects it. The only time there’s a delay is if someone modifies a file over FTP and nobody visits the site for a while. Same idea as WordPress’s web-cron.

You can add unlimited files to the watch list, but in practice a short list of important files is enough - your configuration file, template files, and other files hackers tend to target. Not sure which files to monitor? Start by understanding what hidden files are already in your webspace - some of them may surprise you.

mySites.guru file monitoring configuration showing a list of watched files with their MD5 hashes

How the MD5 hash check works (the .myjoomla.configuration.php.md5 file)

If you’ve looked at your Joomla site’s file system and found a file called .myjoomla.configuration.php.md5, that’s the mySites.guru plugin doing its job. Here’s exactly what’s happening.

When you enable real-time file monitoring for configuration.php (or any other file), the mySites.guru plugin calculates the MD5 hash of that file and writes it to a companion file. For configuration.php, the companion file is .myjoomla.configuration.php.md5. It contains nothing but the 32-character MD5 hash string of the file contents at the time it was last checked.

On every single page load - front-end or back-end, any visitor, any page - the plugin recalculates the MD5 hash of configuration.php and compares it to the hash stored in .myjoomla.configuration.php.md5. Two outcomes:

Hashes match: The file hasn’t changed. Nothing happens. The check adds negligible overhead - calculating an MD5 of a small config file takes microseconds.

Hashes don’t match: The file has been modified since the last check. The plugin immediately sends a notification to mySites.guru, which fires an email alert to you (and any team members who have alerts enabled for that site). The plugin then updates .myjoomla.configuration.php.md5 with the new hash, so the next page load won’t trigger a duplicate alert for the same change.

This works the same way for every file you add to the watch list. If you monitor index.php, you’ll get a .myjoomla.index.php.md5 file. Monitor wp-config.php on a WordPress site and you’ll get the equivalent companion hash file from the mySites.guru WordPress plugin.

Why configuration.php matters

configuration.php is one of the most important files on a Joomla site. It contains your database credentials, secret keys, error reporting settings, cache configuration, and tmp/log paths. If a hacker modifies this file, they can redirect your database connection, disable error reporting to hide their tracks, or change your tmp path to a location they control.

Getting an alert the instant configuration.php changes means you know about it before the hacker has time to do anything else. You don’t need to wait for a scheduled scan or manually check your files - the next page load catches it.

Is it safe to delete .myjoomla.configuration.php.md5?

Yes, deleting it won’t break your site. But the mySites.guru plugin will recreate it on the next page load and treat the file as if it’s being monitored for the first time. You won’t get a false alert - it simply recalculates the hash and stores it fresh. If you want to stop monitoring a file entirely, remove it from the watch list in your mySites.guru dashboard instead of deleting the hash file on disk.

Whitelist Your Own IP

You can whitelist IP addresses so your own changes don’t trigger false alarms. The same principle applies to uptime monitoring - whitelisting our monitoring IP prevents your server’s firewall from blocking the uptime checks.

mySites.guru IP whitelist configuration with fields for adding trusted IP addresses

SSL Expiration Alerting

mySites.guru has included SSL certificate expiration alerts since 2012. If your SSL certificate is approaching expiration, you’ll get an alert based on your preferences. You can also set the number of grace days before the alert fires.

mySites.guru SSL expiration alert settings showing grace period configuration

Send Alerts to Multiple People with Team Members

If you want alerts to go to more than one person, add team members to your account. Each team member can set their own notification preferences per site. You can also impersonate team members and configure their preferences on their behalf.

mySites.guru team member notification settings showing per-site alert preferences for multiple users

Alerting is one piece of what mySites.guru does - check the full feature list, or run a free security audit on one of your sites to see it in action.

Frequently Asked Questions

What events can trigger a real-time alert in mySites.guru?
Alerts can be triggered by events such as an admin login, saving of Global Configuration, or file modifications - with more triggers planned based on user feedback.
How does mySites.guru detect modified files on my site?
It calculates and stores the MD5 hash of each monitored file on your server, then recalculates it on every page load - if the hash has changed, an alert is sent immediately.
Can alerts be sent to multiple team members?
Yes. You can add team members to your account and each person can configure their own notification preferences per site, or you can set preferences on their behalf using the impersonation feature.
What is the .myjoomla.configuration.php.md5 file on my Joomla site?
It's created by the mySites.guru plugin for real-time file monitoring. It stores the MD5 hash of your configuration.php so the plugin can detect changes on every page load. It's safe to delete - the plugin will recreate it automatically.
How does mySites.guru monitor configuration.php for changes?
The mySites.guru plugin calculates the MD5 hash of configuration.php and stores it in a companion file called .myjoomla.configuration.php.md5. On every page load, it recalculates the hash and compares it. If the hashes don't match, the file has changed and you get an alert immediately.

More from the blog

Track SSL Certificate Expirations Easily

Track SSL Certificate Expirations Easily

mySites.guru checks every site's SSL certificate issuer, expiry date and full chain validity on every snapshot, alerting you before they expire.

Why you're getting downtime alerts (and why they matter)

Why you're getting downtime alerts (and why they matter)

How the mySites.guru uptime monitoring service works, why you might receive downtime alerts when your site seems fine, and what you can do about it.

WordPress Plugin Vulnerability Alerting

WordPress Plugin Vulnerability Alerting

mySites.guru cross-references every WordPress plugin on your sites against Wordfence, CVE and custom threat databases, flagging vulnerable plugins instantly.

What our users say

Krisztina
Krisztinafreelancer Joomla! dev
★★★★★

I've been using mySites.guru since 2015 - with the Audit tool, I was able to clean up a server with several hacked Joomla! websites . Then I started to discover other tools and I do the maintenance of 74 sites . Core and component updates take minutes on all of them, scheduled automatic backups and best practices keep data safe, ensuring peaceful sleep ;) Phil is responsive, I always got help when I needed, even if it was not strictly an issue with the service . Pricing is flexible, this has been my best investment ever . I could not live/work without it.

Read more reviews
Doris Dreher
Doris DreherOwner of Webdesign Einfach schön...
★★★★★

Thank you so much for your fantastic tool. Without it, I would never have noticed the installation of the backdoor plugins so quickly, and the cleanup work is so much more efficient. Best regards. Doris

Read more reviews

Read all 169 reviews →

Ready to Take Control?

Start with a free site audit. No credit card required.

Get Your Free Site Audit

Out of your depth? Need Help?

Phil Taylor

The Original Joomla Expert – Since 2004

Found issues with your Joomla or WordPress site? Get same-day expert help fixing errors, security issues, and performance problems. Flat-rate pricing, no hourly billing surprises.

  • ● Fix hacked or compromised sites
  • ● Resolve PHP errors & White Screen of Death
  • ● System upgrades & PHP 8 compatibility
  • ● Performance optimization & hosting issues
  • ● £120 flat rate per incident
Get Expert Help TODAY! →

If we can't add value, you don't pay • Same-day turnaround

20+ Years – Fixing Websites

Need Help Addressing Health Check Issues?

Phil Taylor has been fixing Joomla sites since 2004. If it were simple, you would have done it yourself by now. Get professional help from someone who's seen it all.

  • 20+ years of Joomla & PHP expertise
  • Same-day turnaround on most issues
  • No charge if we can't add value or fix the problem