In this article we’ll introduce one of Shield Security’s most important, core features: the Security Audit Log for WordPress.
One of the most critical tools we have in our security toolbelt is being able to view and monitor events on our WordPress sites, as they happen or after the fact.
If we can see all the events around an incident, we can build a clear picture of exactly what has happened and make smarter, more informed decisions.
This is why a full and details log of each and every event that happens on a WordPress site is critical to knowing what threats the website is facing and if, and how, they’re being handled.
Problems With The Original Audit Log
Some time ago we added a powerful “events” system into the Shield plugin which allowed us to revamp the older, legacy audit trail in many ways. But the reality is that this wasn’t enough to get Shield’s logging system to where it needs to be.
We’d also received numerous requests about the ability to send the logs to other places, such as log files or even to 3rd party apps like Slack.
Again, the legacy audit log just wasn’t up to such tasks.
As the Shield platform became increasingly advanced and complex, the audit log became evermore strained and it couldn’t keep up with the demands we, and our customers, required of it.
So we decided to rebuild it entirely from scratch.
Problems Solved With Shield’s New Security Audit Log
There are many advantages to the new security audit log, here are just a few of them:
Security Log Severity Levels
Every single event in the Shield system has a log “level” or “severity”. For the moment, we’ve kept the available levels to the following:
- Alert – a serious event that may require the attention and review of an admin
- Warning – an important event that has been handled, but may require attention
- Notice – an important event that has been handled
- Info – a non-important event
- Debug – informational or debug information
Of course there’s no need to be logging all of these levels all of the time.
By default, Shield will switch on Alert, Warning & Notice events. If you’re seeing any issues and you’d like more information about what’s happening on a site, you can enable extra levels as you require.
Unlimited Security Log Destinations
Shield logs all security events to the database. This has always been the case and is unchanged, (though you have the option to disable this).
With ShieldPRO you can also log events to the file system, and you can select which log levels are sent to that location (separately from the DB log levels).
We’ll add more logging locations with future ShieldPRO development.
Improved Security Log Display
Having high quality security logs for WordPress is only as useful as your ability to view the logs and extract the information you need from them.
We’ve moved log tables display to our preferred table UI system (datatables.js) and provided complete search and filtering options so you can drill down into the events on your sites with ease. You’ll be able to filter by IP addresses, log severity, event names, and more.
Tighter Integration With Traffic Data
The Traffic Log module offers great insights into the realtime equests being sent to our sites in a way that analytics tools and server logs just can’t provide.
Bringing that data into the Audit Trail has been difficult until now, because of the way Shield’s database and data was being stored.
The Traffic Log system has also been completely rewritten, too, so that we can easily integrate this data. You’ll now have the option to view the precise request information and parameters for any log entry directly from within the Security Audit Log table.
Important Changes To The Security Audit Log System And Options
As this is a complete rewrite of the security audit log system for Shield, there have been a number of changes that you may want to be aware of.
More Logs For ShieldFREE
In the older audit trail, ShieldFREE logs were limited to 100 entries. We felt this was a little prohibitive and so we’ve changed how the limits are handled. Instead of limiting the quantity, ShieldFREE will be limited to a maximum of 7 days worth of logs. If you want to store more logs, you’ll need to upgrade.
This means the options for limiting the quantity of DB-stored logs has been completely removed and replaced with a time-based limit option.
You Can Adjust Severity Levels For Each Log Destination
It’s never a good idea to log everything, all of the time. Instead, better to limit your loggging to important events and when more information is needed, increase the logging.
By default, Shield will log only Alerts, Warnings, and Notices to the database. This may not capture all the events you’d like, so you can increase the logging levels as you desire.
You can independently configure the severity levels for each log destination (DB or filesystem).
An example of how you might configure your logging is to set the DB-based logs to capture Alerts and Warnings, and set your file-based logs to capture the remaining (Notice and Info). It’s generally not a good idea to capture Debug logs unless you actually need them.
ShieldFREE has access to only DB-based Logging
If you would like access to filesystem-based logging or any of the future developments in this area, you will need to upgrade to ShieldPRO
What’s Next For Our Security Audit Log?
As we’ve alluded to earlier, we can now “send” WordPress security logs to any desired location – either database or log files. This means with future developments, we can send them almost anywhere, such as Slack, IFTTT, Zapier etc.
This will come in a future release of ShieldPRO so please do comment below or drop us an email if you would like to see your favourite logging location included.
Another area of interest is integration with other platforms such as WooCommerce and building out handling for events specific to those platforms.
We’ll also be adding more events to Shield and also further developer options. If you’d like to know more about this, or you have any custom requests, please do reach out to us and let us know – we’d love to hear what you need and how you’d like to take advantage of the logs.
When Can You Get The New WordPress Security Audit Log?
The new security audit log will be available to all customers, free and premium, of the Shield Security for WordPress plugin v12.0. This is set for release around the middle of September 2021.
Nice plugin, a must have!
Really Excellent !
It offer more than you expect from a security plugin. What other should you want?
WordPress is the best CMS in world . I am very satisfied
What I will say I dont know . I worked on other cms but WordPress is the best in my online career .. I love it very much . I ighly recommended this CMS to all the web site builder and planner of future webmaster .
This is a great plugin. I have up installed on all my sites. It adds many extra protection layers which are essential even if you have Cloudflare enabled.