• Resolved Carl Gross


    Hello. If I install and activate your plugin, does it add any additional time to my home page load time?

    I don’t see any plugin files loaded by the browser. But that doesn’t mean the plugin isn’t doing things elsewhere to increase page load time.

    Thanks in advance.

Viewing 7 replies - 1 through 7 (of 7 total)
  • MATT M



    There should not be much of an impact on load time when installing and activating the plugin. It is worth mentioning that the File Change Detection feature can be the most resource-hungry feature. So if you do find that the page is loading a bit slow I recommend either disabling or editing what that module checks for.



    Thanks for the reply.

    >> It is worth mentioning that the File Change Detection feature can be the most resource-hungry feature. So if you do find that the page is loading a bit slow I recommend either disabling or editing what that module checks for.

    So is that to say the File Change Detection feature executes every time the home page is loaded, even for non-admins?

    My main concern is additional page load times for outside site visitors, i.e. those not logged in to my site.

    • This reply was modified 2 months, 2 weeks ago by Carl Gross.

    Hello. Any update to my follow-up question?


    I just wanted to mention that there is a wealth of information in the Changelog history. As a relevant example for this topic the following info is available in the 4.8.0 Changelog:

    New Feature: Introduces a scheduling framework for handling events. Cron is now used by default, and will switch to using an alternate scheduling system if it detects an error. To disable this detection set ITSEC_DISABLE_CRON_TEST in your wp-config.php file.
    Important: The ITSEC_FILE_CHECK_CRON and ITSEC_BACKUP_CRON constants have been deprecated. Use ITSEC_USE_CRON instead.

    This means potentially heavy events like File Change Detection and/or Database Backup are by default off loaded to WP Cron. And that means there is virtually no page request slow down.

    However if (for whatever reason) the plugin switches to using the page-load scheduler (this is the name of the ”alternate scheduling system” as mentioned in the changelog), yes, page requests might substantially slow down while processing a scheduled File Change Detection and/or Database Backup event.

    Personally I always set the line below in the wp-config.php file:

    define('ITSEC_USE_CRON', true);

    In the past I (and other users on this forum) experienced that the plugin started processing scheduled events using WP Cron but then unexpectedly switched to the page-load scheduler.

    Now there are several ways to keep an eye on scheduled events in WP Cron.
    You can use other plugins for monitoring WP Cron events (like WP Crontrol to name one).
    However the iTSec plugin also includes a Debug page, which lets you monitor all scheduled iTSec plugin events. It will even tell you which scheduler type is currently in use by the plugin.

    To enable the extra Debug page add the line below to the wp-config.php file:

    define('ITSEC_DEBUG', true);

    @beardedginger will be able to explain what exact functionality is available from the Debug page.

    To prevent any confusion, I’m not iThemes.

    @nlpro OK thanks, I appreciate all that. It’s pretty thorough, and gives me ways to check if those events are occuring with WP Cron, or on page load. I think that should be sufficient for now. We can consider this resolved.




    Great info. Thanks!

    Our 2-cents worth: (from our experience)

    – The “File Change Detection” module is not useful at all. It will only provide a string of data (i.e., files added, files deleted, etc.) without any recommendations or warnings if there’s a suspicious or malicious file change.

    – If a file change is malicious, we are relying on iTheme’s capability to detect a virus via the built-in “Sucuri SiteCheck” feature. If the “Sucuri SiteCheck” feature is not linked to the “File Change Detection” module then the module is practically useless – especially for non-developers. Perhaps useful for others.

    In short, we deactivated the “File Detection Module.” No more data dumping. To our surprise, our site speed increased!

    Don’t get us wrong, we do like the plugin, but some “features” need revamping.




    Actually the File Change Detection module received some interesting updates in the past that addressed several issues.

    If you are running the Free version of this plugin then it is up to you to determin whether any reported file changes are malicious. The free plugin will not do this for you.

    However the Pro plugin includes an extra setting named Compare Files Online. Below the full description of that setting (copy/paste from the latest release of the Pro plugin):

    When any WordPress core file or file in an iThemes plugin or theme has been changed on your system, this feature will compare it with the version on WordPress.org or iThemes (as appropriate) to determine if the change was malicious. Currently this feature only works with WordPress core files and plugins and themes by iThemes (plugins and themes from other sources will be added as available).

    Turns out the description has not been updated in the past. According to the Pro 4.7.4 Changelog:

    New Feature: Online Files Comparison now supports WordPress.org plugins.

    So the Pro feature is doing more than the current setting description makes you think…

    The bottom line is that the Pro plugin will filter any file changes and only report the ones the plugin thinks are malicious. Pretty neat ! Less noise.

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.