mySites.guru

Real-Time Alerts for File Changes & Logins

Real-Time Alerts for File Changes & Logins

mySites.guru is more than a suite of tools for managing multiple WordPress sites. Used by over 74,000 Joomla and WordPress sites, it also sends you real-time alerts when something happens on your sites - an admin login, a config change, a file that shouldn’t have been touched.

Real-time alerting triggers

Your site notifies mySites.guru based on the preferences you configure: someone logging into the admin console, saving Global Configuration, or other triggers you care about.

We’re always looking to add more triggers - if you have ideas, let us know.

mySites.guru alert preference settings showing toggles for admin login, configuration save, and file modification triggersThe available real-time triggers for Joomla and WordPress sites

Near real-time file monitoring

You can opt in to have specific files monitored on your site. When a monitored file is modified, your site informs mySites.guru and you get an alert.

This is “near real-time” because the check runs on every page load. If someone edits a file through the Joomla or WordPress admin, the alert fires immediately - the page request that saves the change is also the page request that detects it. The only time there’s a delay is if someone modifies a file over FTP and nobody visits the site for a while. Same idea as WordPress’s web-cron.

You can add unlimited files to the watch list, but in practice a short list of important files is enough - your configuration file, template files, and other files hackers tend to target. Not sure which files to monitor? Start by understanding what hidden files are already in your webspace - some of them may surprise you.

mySites.guru file monitoring configuration showing a list of watched files with their MD5 hashes

How the MD5 hash check works (the .myjoomla.configuration.php.md5 file)

If you’ve looked at your Joomla site’s file system and found a file called .myjoomla.configuration.php.md5, that’s the mySites.guru plugin doing its job. This is what it does.

When you enable real-time file monitoring for configuration.php (or any other file), the mySites.guru plugin calculates the MD5 hash of that file and writes it to a companion file. For configuration.php, the companion file is .myjoomla.configuration.php.md5. It contains nothing but the 32-character MD5 hash string of the file contents at the time it was last checked.

On every single page load - front-end or back-end, any visitor, any page - the plugin recalculates the MD5 hash of configuration.php and compares it to the hash stored in .myjoomla.configuration.php.md5. Two outcomes:

Hashes match: The file hasn’t changed. Nothing happens. The check adds negligible overhead - calculating an MD5 of a small config file takes microseconds.

Hashes don’t match: The file has been modified since the last check. The plugin immediately sends a notification to mySites.guru, which fires an email alert to you (and any team members who have alerts enabled for that site). The plugin then updates .myjoomla.configuration.php.md5 with the new hash, so the next page load won’t trigger a duplicate alert for the same change.

This works the same way for every file you add to the watch list. If you monitor index.php, you’ll get a .myjoomla.index.php.md5 file. Monitor wp-config.php on a WordPress site and you’ll get the equivalent companion hash file from the mySites.guru WordPress plugin.

Why configuration.php matters

configuration.php is one of the most important files on a Joomla site. It contains your database credentials, secret keys, error reporting settings, cache configuration, and tmp/log paths. If a hacker modifies this file, they can redirect your database connection, disable error reporting to hide their tracks, or change your tmp path to a location they control.

Getting an alert the instant configuration.php changes means you know about it before the hacker has time to do anything else. You don’t need to wait for a scheduled scan or manually check your files - the next page load catches it.

Is it safe to delete .myjoomla.configuration.php.md5?

Yes, deleting it won’t break your site. But the mySites.guru plugin will recreate it on the next page load and treat the file as if it’s being monitored for the first time. You won’t get a false alert - it simply recalculates the hash and stores it fresh. If you want to stop monitoring a file entirely, remove it from the watch list in your mySites.guru dashboard instead of deleting the hash file on disk.

Can You Whitelist Your Own IP?

You can whitelist IP addresses so your own changes don’t trigger false alarms. The same principle applies to uptime monitoring - whitelisting our monitoring IP prevents your server’s firewall from blocking the uptime checks.

mySites.guru IP whitelist configuration with fields for adding trusted IP addresses

SSL expiration alerting

mySites.guru has included SSL certificate expiration alerts since 2012. If your SSL certificate is approaching expiration, you’ll get an alert based on your preferences. You can also set the number of grace days before the alert fires.

mySites.guru SSL expiration alert settings showing grace period configuration

Send alerts to multiple people with team members

If you want alerts to go to more than one person, add team members to your account. Each team member can set their own notification preferences per site. You can also impersonate team members and configure their preferences on their behalf.

mySites.guru team member notification settings showing per-site alert preferences for multiple users

Alerting is one piece of what mySites.guru does - check the full feature list, or run a free security audit on one of your sites to see it in action.

Real-time alerting is a core feature in our monitoring and alerting guide.

Frequently Asked Questions

What events can trigger a real-time alert in mySites.guru?
Alerts can be triggered by events such as an admin login, saving of Global Configuration, or file modifications - with more triggers planned based on user feedback.
How does mySites.guru detect modified files on my site?
It calculates and stores the MD5 hash of each monitored file on your server, then recalculates it on every page load - if the hash has changed, an alert is sent immediately.
Can alerts be sent to multiple team members?
Yes. You can add team members to your account and each person can configure their own notification preferences per site, or you can set preferences on their behalf using the impersonation feature.
What is the .myjoomla.configuration.php.md5 file on my Joomla site?
It's created by the mySites.guru plugin for real-time file monitoring. It stores the MD5 hash of your configuration.php so the plugin can detect changes on every page load. It's safe to delete - the plugin will recreate it automatically.
How does mySites.guru monitor configuration.php for changes?
The mySites.guru plugin calculates the MD5 hash of configuration.php and stores it in a companion file called .myjoomla.configuration.php.md5. On every page load, it recalculates the hash and compares it. If the hashes don't match, the file has changed and you get an alert immediately.

More from the blog

Track SSL Certificate Expirations Easily

Track SSL Certificate Expirations Easily

mySites.guru checks every site's SSL certificate issuer, expiry date and full chain validity on every snapshot, alerting you before they expire.

Why you're getting downtime alerts (and why they matter)

Why you're getting downtime alerts (and why they matter)

How uptime monitoring works, what triggers downtime alerts when your site seems fine, and how to monitor hundreds of sites from a single dashboard.

WordPress Plugin Vulnerability Alerting

WordPress Plugin Vulnerability Alerting

mySites.guru cross-references every WordPress plugin on your sites against Wordfence, CVE and custom threat databases, flagging vulnerable plugins instantly.

What our users say

Accredited Design LLC
Accredited Design LLCManaging Member
★★★★★

I've been with mySites.guru for years now, and it's a central function of my business. Managing multiple site updates at once has saved me untold hours of work to have otherwise needed to login to many sites individually. The other tools to remove unnecessary files, automate backups of websites and scan for malicious code are also extremely helpful. On many occasions, timely warnings from Phil Taylor about security holes in components, plugins and core CMS updates have saved me a lot of grief before bad things happened to my websites. When bad updates have already broken my websites, Phil was always two steps ahead and has surgically accurate information readily available to fix them. Sure, there are other similar services and self-hosted solutions out there, but having all of the things I've mentioned in one place and on one control panel are worth the price of admission in my book. Thank you Phil for all your hard work and for the service you provide to the Joomla and Wordpress communities!

Read more reviews
Johann de Jager
Johann de JagerBiographix
★★★★★

mySites.Guru is the Web industry's version of the Swiss Army Knife. I have total control over all my websites to manage logins, bulk add or update websites and plugins, monitor online status, scan websites for malware and more. mySites.Guru is my Big Brother that looks over my shoulder. If you are serious about managing website portfolio's effectively, this affordable service is a must.

Read more reviews

Read all 176 reviews →

Ready to Take Control?

Start with a free site audit. No credit card required.

Get Your Free Site Audit