Considering their immense popularity, WordPress sites are a common target for cybercriminals. Site owners need to stay alert, given that hackers keep developing new methods to break through security measures. Custom security alerts are now an important part of site protection. They help spot suspicious activities in real time, such as unauthorised logins, unexpected file changes, and plugin issues.
We’re exploring the key security alerts every WordPress user needs to set up and the best ways to manage them, with a particular focus on Shield Security PRO. This plugin helps you reduce the number of alerts you receive while still providing comprehensive protection.
Ready? Let’s get right into it.
What types of security alerts are most important for WordPress sites?
WordPress sites face many cyber threats daily. To stay ahead of attackers, set up these essential security alerts:
- Unusual login activity: Alerts about suspicious login attempts, such as multiple failed logins from unfamiliar IP addresses. These indicate potential brute-force attacks and allow quick action like blocking IP addresses.
- Malware detection: Early warnings about malware that can steal information, deface sites, or conduct phishing attacks. Prompt alerts enable immediate site cleaning and damage prevention.
- Unauthorised file changes: Notifications of unexpected changes to WordPress files, which may signal security breaches. Hackers often modify files to inject malicious code or create backdoors.
- Plugin and theme vulnerabilities: Alerts for newly discovered security flaws in plugins and themes. These notifications often include updates and other information for remediation, allowing you to be proactive and prevent potential exploits.
- Core WordPress updates: Notifications about new WordPress core updates. These updates often include critical security patches for newly discovered vulnerabilities.
How to set up custom security alerts for WordPress
Option 1: Using GitHub Dependabot to detect vulnerabilities through repository scans
If you’re a WordPress developer managing custom themes or plugins on GitHub, Dependabot can streamline your security workflow. Dependabot is a feature built into GitHub that scans repositories for any known vulnerabilities in their dependencies.
When enabled on a repository, Dependabot runs ongoing scans on all dependencies. If it detects any vulnerabilities, it takes action across three areas:
- Dependabot alerts make you aware of any known vulnerabilities in the repository.
- Dependabot security updates raise pull requests to update the affected dependencies.
- Dependabot version updates raise pull requests to keep all dependencies updated automatically.
Here’s an example of how it’d fit into your workflow: If you’re developing a WooCommerce extension that integrates with payment gateways, Dependabot can monitor the libraries you use for payment processing. When new versions or security vulnerabilities are detected, it alerts you and automatically creates pull requests to update these dependencies, ensuring your extension remains secure and compatible.
Dependabot sources and provides information about vulnerabilities from the GitHub Advisory Database, a crowdsourced collection of vulnerabilities and security advisories.
To configure Dependabot alerts on a repo, follow these steps:
1. Open up the repo and go to the Settings tab.
2. In the menu on the left, scroll to Security and click on Code security and analysis.
3. Scroll to the Dependabot section. Enable Dependabot alerts. You can also enable Dependabot security updates and Dependabot version updates if you want.
4. Go to the Security tab of your repo, where you might see a list of vulnerabilities identified already.
The alerts you get should come with detailed information about each vulnerability, from their severity score to the attack vector, as shown below:
If you’ve only enabled Dependabot alerts and none of the updates, you can address these issues yourself on a case-by-case basis as they’re brought to your attention. Alternatively, you could manually open a pull request for Dependabot to apply a recommended fix like upgrading to the latest version.
You can access all alerts through your GitHub notifications area or have them sent to your email on a schedule.
Of course, the Dependabot route isn’t for everyone. This is due to several reasons, including the fact that:
- It’s too complex for non-developers and may overwhelm the average WordPress site owner.
- Dependabot only scans dependencies, not WordPress core files or standard plugins and themes.
- Automatic updates could cause compatibility issues with other WordPress components.
- It’s unnecessary for basic WordPress sites without custom code.
Luckily, there are easier ways to tailor security alerts in WordPress.
Option 2: Configuring custom security alerts in Shield Security PRO
If you don’t have a GitHub-WordPress workflow, your security alert needs might be better served by a plugin like Shield Security PRO. It makes it easy to set up alerts for the events that matter the most to you, but it also provides a range of security features that reduce the frequency of alerts altogether.
Setting up alerts for specific events
Shield Security PRO’s Instant Alerts feature notifies you of the following security events in real time:
- Shield Security PRO plugin deactivation.
- FileLocker changes.
- Vulnerabilities in various areas of your website.
- Changes to the Admin account.
To set these alerts up, go to Dashboard > Security Zones Config > Instant Alerts and enable the notifications you want sent to your email.
DIY WordPress security: Building your own rules and reports
While the pre-configured security rules you get with most security plugins cover many common threats, every WordPress site has unique needs. A custom security rules builder allows you to tailor your defences to your specific situation.
Luckily, Shield Security PRO lets you fine-tune your security to exactly how you need it.
The first way to do this is through custom security rules, which you can access through Dashboard > Custom Rules. You can build your own rules using ‘If/then’ logic around things like bots, requests, PHP, sessions, users, and Shield Security PRO itself.
You can also configure the frequency with which you receive security reports so you’re not overwhelmed. To set this up, go to Dashboard > Security Zones Config > Reporting, where you can specify an email address and your preferred schedule.
Reports key you in on the state of your site and supplement Instant Alerts so you’re never out of the loop. Setting them up on a schedule you’re comfortable with helps you keep alert fatigue at bay.
As stated earlier, Shield Security PRO provides comprehensive protection that reduces the alerts you receive anyway, as discussed below.
Beyond alerts: How Shield Security PRO protects your WordPress site
While alerts are undoubtedly important, Shield Security PRO takes WordPress protection one step further with its focus on proactive and automated security measures. The plugin minimises the need for constant user intervention, making it a top choice for site owners who want reliable protection without the headache.
One example of the plugin’s proactive approach is Activity Logging, which replaces excessive alerts and instead takes action as soon as it flags suspicious activity.
And that’s just scratching the surface. Here’s a breakdown of what else sets Shield Security PRO apart:
- Security admin lockdown: Restrict access to Shield Security PRO settings with a PIN. This extra layer prevents unauthorised users from altering your security setup.
- Brute-force blockade: The ability to limit logins blocks malicious login attempts and bot spam. It also stops brute force attacks by capping login tries from a single IP address.
- Two-factor authentication (2FA): Even if hackers crack a password, 2FA provides an additional barrier. This second verification step significantly reduces unauthorised access risks.
- Auto malware scanning and removal: The automated malware scanner continuously monitors for PHP threats and vulnerabilities. When it detects anything dangerous, it removes the malware automatically.
- Real-time threat detection: Features like the onboard Snapshot technology detect site changes instantly, regardless of how they’re made, ensuring comprehensive monitoring.
- Update management: Choose whether to hold off on new updates until any kinks are ironed out to avoid early-release bugs and vulnerabilities. The built-in vulnerability scanner also identifies potential security issues so you’re always protected even if you’re not on the absolute latest release.
- Competitive pricing: Starting at $129/year for one site, Shield Security PRO offers advanced features at a competitive price compared to other security solutions.
Remember, while Shield Security PRO is powerful, it’s not your only line of defence. Regular backups are your safety net if things go south. Don’t forget to train your team on security best practices and have a solid plan for handling data breaches.
Enjoy swift and effective threat response with Shield Security PRO
Shield Security PRO takes the hassle out of WordPress security. It keeps you in the loop with smart alerts, backed by a powerful set of tools that do the heavy lifting for you. No more constant worry about your site’s safety!
The Instant Alerts feature flags critical events like admin account changes, new vulnerabilities, and plugin deactivation. Automated tasks handle routine security checks without user input, while the Snapshot technology catches all site changes, regardless of how they’re made.
Put together, these tools free up your time and reduce security risks, while the simple interface makes security management accessible for all skill levels.
To boost your WordPress security immediately, start protecting your site with Shield Security PRO today!