How to Keep an Audit of Your WordPress Security Logs?
Every now and then, WordPress websites break. They also get hacked, defaced and infected. There are numerous WordPress-driven sites that become a target of malicious activities. The tracking of security logs isn’t a new concept. If a site’s performance and traffic can be monitored, so can be done with security logs. An audit of security logs keeps track of everything. It helps in the forensic work if your site malfunctions or get hacked.
Such an audit comes handy in many other cases. A WordPress audit plugin works similar to a web analytics tool. An analytics tool records insights about your site visitors, their demographics, which pages they open, where they click and a lot other stuff. Similarly, a WordPress audit plugin tracks all the activities being performed by logged-in users of your site. It records all the activities taking place on the backend such as what post was added, modified, or deleted and when, what plugin was installed, when, and everything in between.
But where does an audit of security logs fit into all of this? Today, in this post, you will learn about the importance of WordPress security logs and how to keep them.
Importance of Monitoring Security Logs
Most web hosts keep error logs where all the bugs and issues concerning a hosted website are recorded. These logs are very useful because they list each and every error that a website encounters and its time are tracked down to the second. Now if anything goes wrong, i.e. a site break, the first place web hosts will examine the section for error logs.
The presence of data inside these error logs makes troubleshooting a lot easy. Though this information is available on your server, it is not easily understandable by the untrained eye. However, a WordPress audit plugin not only makes this data easy to read but also offers the following benefits:
- Activities of Users: You will know which user created which post, installed which plugin and exactly when. All the activities of logged-in users are recorded in a WordPress audit.
- Forensic Work: Ever need to retrace your steps to find out what broke your site? This is very useful in case you crashed your site and wanted to find the cause.
- Security Benefits: Hundreds of thousands of hacking attacks are performed on WordPress sites every day. One of the best ways to stay ahead of the curve is to know the method hackers are employing to exploit your site. Failed login attempts, file changes, plugins installed and the whole shebang is recorded. All these help in detecting the suspicious activity before things point south.
Although most sites can get by without the need of a WordPress audit plugin. But you will miss all the benefits listed above. A website does not get hacked until it does. So it’s better to have a security log plugin to help you in the case of a compromise.
Essentials of a Good Security Log Plugin
There are several WordPress audit plugins. But it’s a difficult decision to choose the best one. Here are the important features of a security audit plugin which you should consider.
- Email notifications: A good security logging plugin detects suspicious activity and sends email notifications about it.
- Failed logins: Lots of failed login attempts are a synonym to brute force attacks, which is a common type of hacking attacks on WordPress sites. Your security logging plugin should keep a record of all the failed login attempts as well as their source IP.
- File changes: Many times, hackers exploit a vulnerability and break into a site. What’s the first thing they do once they are in? They create a backdoor (LINK), which lets them in undetected even after the exploit they used to get in has been fixed. Your security logging plugin should also track file changes so you can detect backdoors if they exist.
- Plugins installed: While most WordPress plugins are miraculously compatible with each other. There are many plugins which are not compatible and may break the site. So if you know the plugin that was activated when the site broke, you know the root of the problem.
WP Security Audit Log
One of the best security logging plugins is WP Security Audit Log. It comes from the popular WordPress security specialists at WP White Security. It enables you to track everything that logged-in users do. It monitors failed login attempts, themes & plugins activated and the file changes that take place. It possesses all the features which an ideal log plugin must have.
Here is a list of the key features which the WP Security Audit Log plugin offers:
- User activity: It records all the users’ activity taking place on the backend of your site. You can clearly view what post was created, modified or deleted by which user and at what time. Not just that, WP Security Audit Log also tracks if a user changes its role, changes its password or email address.
- Files changes and uploads: When a user modifies or uploads a file, that action is logged too. You can find out the file edited or uploaded and the user who made that changes.
- Theme or plugin install: WP Security Audit Log also records when a user installs and activates a new theme or plugin. This comes in handy when a plugin breaks the site. You can easily find out through the security log by checking which plugin was last activated.
- Site settings change: When major site-wide settings like permalinks, administrator admin, etc. take place, they are recorded in the audit log as well.
- Widget changes: The plugin also records when a widget was added, deleted or moved.
- Failed login attempts: The plugin tracks failed login attempts when they were attempted and from which IP address. It details the exact number of login attempts. Other than that, when a user successfully logs in or out of the site, that is recorded as well.
How to Use It?
WP Security Audit Log is an easy to use and a straightforward plugin. It is free to download. Here is how to use it:
Search for the plugin under Plugins > Add New, install & activate it.
Once activated, you’ll find a new menu being added in the sidebar named against Audit Log. From here all the plugin’s settings will be configured.
Now go to Audit Log > Audit Log Viewer. This is security logging audit area. Here, you can see all the activity taking place on your site. There are columns assigned as per the time of activity the user is taking action and his source IP.
That is WP Security Audit Log in action. The user interface is easy to understand and makes sense.
By default, WP Security Audit Log records every user activity like posts, comments, menus, widgets, etc. Most of this information is not so crucial when compared to the day to day activities of a WordPress admin.
So if you want, you can disable any of these security alerts. Once disabled, these activities will not appear in Audit Viewer.
You can enable/disable alerts under Audit Log > Enable/Disable Alerts. Here, the alerts are categorized by separate tabs. So if you want to manage comment related alerts, go to Comments tab and so on.
By default, only administrators can access Audit Log. If you want to give access to any specific WordPress user, you can do so by going to Audit Log > Settings and adding the user to Can Manage Plugin field. There are many other options on the settings page.
There also exists the premium version of the plugin, which incorporates the additional capabilities to this plugin.
How Can This Plugin Be Improved?
I myself am a WordPress plugin developer — I tell you this to emphasize on what I am going to talk about. While this plugin is very good at what it does, I found a few issues which can very easily be addressed. I am going to make a list of these issues help the developers of this plugin improve it upon my feedback
- Menu Position: The audit log menu position is wrong. It is not the most important purpose of building a site. Which is why, I think it should be placed at the very end instead of at the very top. I have written more about menu position priority here.
- Colored Links: There are weird looking red colored links. It almost feels like those are broken links, and something is wrong with the plugin. Which is not true, the author is simply trying to upsell the add-ons. Which is completely OK with me. Just that colored links is a bad way to go about it. I do not like colors in the admin panel.
Keeping a log of all activities taking place on the backend of your website is important. It takes no less than 5 minutes to install and configure this plugin. It proves its worth in cases when you break your site and want to retrace your steps to get to the root cause of the problem.
Do you think an audit of your security logs is important? Have ever used this plugin? Let me know your thoughts in comments.
Finally, you can catch all of my articles on my profile page, and you can follow me or reach out at Twitter @mrahmadawais; to discuss this article. As usual, don’t hesitate to leave any questions or comments below, and I’ll aim to respond to each of them.