In this article we’ll introduce one of Shield Security’s most important, core features: the Security Activity Log for WordPress.
One of the most critical tools we have in our security toolbelt is being able to view and monitor events on our WordPress sites, as they happen or after the fact.
If we can see all the events around an incident, we can build a clear picture of exactly what has happened and make smarter, more informed decisions.
This is why a full and details log of each and every event that happens on a WordPress site is critical to knowing what threats the website is facing and if, and how, they’re being handled.
Problems With The Original Activity Log
Some time ago we added a powerful “events” system into the Shield plugin which allowed us to revamp the older, legacy audit trail in many ways. But the reality is that this wasn’t enough to get Shield’s logging system to where it needs to be.
We’d also received numerous requests about the ability to send the logs to other places, such as log files or even to 3rd party apps like Slack.
Again, the legacy activity log just wasn’t up to such tasks.
As the Shield platform became increasingly advanced and complex, the audit log became evermore strained and it couldn’t keep up with the demands we, and our customers, required of it.
So we decided to rebuild it entirely from scratch.
Problems Solved With Shield’s New Security Activity Log
There are many advantages to the new security activity log, here are just a few of them:
Security Log Severity Levels
Every single event in the Shield system has a log “level” or “severity”. For the moment, we’ve kept the available levels to the following:
- Alert – a serious event that may require the attention and review of an admin
- Warning – an important event that has been handled, but may require attention
- Notice – an important event that has been handled
- Info – a non-important event
- Debug – informational or debug information
Of course there’s no need to be logging all of these levels all of the time.
By default, Shield will switch on Alert, Warning & Notice events. If you’re seeing any issues and you’d like more information about what’s happening on a site, you can enable extra levels as you require.
Unlimited Security Log Destinations
Shield logs all security events to the database. This has always been the case and is unchanged, (though you have the option to disable this).
With ShieldPRO you can also log events to the file system, and you can select which log levels are sent to that location (separately from the DB log levels).
We’ll add more logging locations with future ShieldPRO development.
Improved Security Log Display
Having high quality security logs for WordPress is only as useful as your ability to view the logs and extract the information you need from them.
We’ve moved log tables display to our preferred table UI system (datatables.js) and provided complete search and filtering options so you can drill down into the events on your sites with ease. You’ll be able to filter by IP addresses, log severity, event names, and more.
Tighter Integration With Traffic Data
The Traffic: Request Logging feature offers great insights into the realtime requests being sent to our sites in a way that analytics tools and server logs just can’t provide.
Bringing that data into the WP Activity Log has been difficult until now, because of the way Shield’s database and data was being stored.
The Traffic Log system has also been completely rewritten, too, so that we can easily integrate this data. You’ll now have the option to view the precise request information and parameters for any log entry directly from within the Security Activity Log table.
Important Changes To The Security Activity Log System And Options
As this is a complete rewrite of the security activity log system for Shield, there have been a number of changes that you may want to be aware of.
More Logs For ShieldFREE
In the older activity log ShieldFREE logs were limited to 100 entries. We felt this was a little prohibitive and so we’ve changed how the limits are handled. Instead of limiting the quantity, ShieldFREE will be limited to a maximum of 7 days worth of logs. If you want to store more logs, you’ll need to upgrade.
This means the options for limiting the quantity of DB-stored logs has been completely removed and replaced with a time-based limit option.
You Can Adjust Severity Levels For Each Log Destination
It’s never a good idea to log everything, all of the time. Instead, better to limit your logging to important events and when more information is needed, increase the logging.
By default, Shield will log only Alerts, Warnings, and Notices to the database. This may not capture all the events you’d like, so you can increase the logging levels as you desire.
You can independently configure the severity levels for DB log destination.
An example of how you might configure your logging in the DB-based logs to capture Alerts and Warnings. It’s generally not a good idea to capture Debug logs unless you actually need them.
What’s Next For Our Security Activity Log?
As we’ve alluded to earlier, we can “send” WordPress security logs to database location. This means with future developments, we can send them almost anywhere, such as Slack, IFTTT, Zapier etc.
Another area of interest is integration with other platforms such as WooCommerce and building out handling for events specific to those platforms.
We’ll also be adding more events to Shield and also further developer options. If you’d like to know more about this, or you have any custom requests, please do reach out to us and let us know – we’d love to hear what you need and how you’d like to take advantage of the logs.
When Can You Get The New WordPress Security Activity Log?
The new security activity log will be available to all customers, free and premium, of the Shield Security for WordPress plugin v12.0. This is set for release around the middle of September 2021.