However that option isn’t available to a lot of bloggers, hence the scripts.

The 3 security plugins are intended for bloggers who don’t have access or knowledge to run scripts outside of WP.

If you do have access to running scripts on your server a cron job to check the files and using .htaccess to ban problem ips/bots is a better way to go.

But if the WordPress site gets hacked (iframe, gumblar), wouldn’t the site not load making the plugin ineffective?

Maybe have a mini script outside of the WordPress framework and have a cron job running every few hours checking the files. Would that make sense.. Not a programmer.

Thanks, Mike

You didn’t have to threaten, I encouraged you to go public several hours ago. Which you chose not to do. I even offered to link to a better plugin or what ever you had to offer.

It is in all of our best interests to keep the internet safe.

It is my understanding that ctime is not available on all systems. Also if someone can get into your file system, changed files are the least of your concerns. This program will list all files changed by datestamp. I think I’ve made that obvious.

It is well known that timestamps can be changed. This is not news. This is however something the average script kiddie will be able to pull off.

If you are really concerned you will need to go far beyond ctime and run diff or something similar as well. But always there are tradeoffs. Diff would not be available to everyone and much more time consuming, not to mention you’d need to cache copies of the files somewhere.

Please, we would all love for you to update Bad Behavior and write a better tripwire program. I write plugins to do what I need that has not yet been done. It is not my main interest. I would much rather just download what I need and not have to write everything myself.

So quit your bloody whining and do something constructive.