Watchful includes a number of tools to help detect intruders on your WordPress website.
The early warning audit runs every day and looks for changes to your core files and services. This includes changes to critical files such as the main WordPress configuration file and things like the PHP and MySQL version on your server. It also detects recently installed and deleted plugins, and checks your site for updates and backup status.
Everything detected by the early warning audit is added to your site activity logs. By matching dates/times in the site activity logs to the discovery of any problems you experience on your site, you can usually find the source of these issue.
Watchful also includes in-depth, system-wide scans for file and folder permissions, missing core files, and potential malware. You can perform these scans at any time to detect signs of intrusion.