In this article we’ll introduce one of Shield Security’s most important, core features: the Security Audit Log for WordPress.
One of the most critical tools we have in our security toolbelt is being able to view and monitor events on our WordPress sites, as they happen or after the fact.
If we can see all the events around an incident, we can build a clear picture of exactly what has happened and make smarter, more informed decisions.
This is why a full and details log of each and every event that happens on a WordPress site is critical to knowing what threats the website is facing and if, and how, they’re being handled.
Problems With The Original Audit Log
Some time ago we added a powerful “events” system into the Shield plugin which allowed us to revamp the older, legacy audit trail in many ways. But the reality is that this wasn’t enough to get Shield’s logging system to where it needs to be.
We’d also received numerous requests about the ability to send the logs to other places, such as log files or even to 3rd party apps like Slack.
Again, the legacy audit log just wasn’t up to such tasks.
As the Shield platform became increasingly advanced and complex, the audit log became evermore strained and it couldn’t keep up with the demands we, and our customers, required of it.
So we decided to rebuild it entirely from scratch.
Problems Solved With Shield’s New Security Audit Log
There are many advantages to the new security audit log, here are just a few of them:
Security Log Severity Levels
Every single event in the Shield system has a log “level” or “severity”. For the moment, we’ve kept the available levels to the following:
- Alert – a serious event that may require the attention and review of an admin
- Warning – an important event that has been handled, but may require attention
- Notice – an important event that has been handled
- Info – a non-important event
- Debug – informational or debug information
Of course there’s no need to be logging all of these levels all of the time.
By default, Shield will switch on Alert, Warning & Notice events. If you’re seeing any issues and you’d like more information about what’s happening on a site, you can enable extra levels as you require.
Unlimited Security Log Destinations
Shield logs all security events to the database. This has always been the case and is unchanged, (though you have the option to disable this).
With ShieldPRO you can also log events to the file system, and you can select which log levels are sent to that location (separately from the DB log levels).
We’ll add more logging locations with future ShieldPRO development.
Improved Security Log Display
Having high quality security logs for WordPress is only as useful as your ability to view the logs and extract the information you need from them.
We’ve moved log tables display to our preferred table UI system (datatables.js) and provided complete search and filtering options so you can drill down into the events on your sites with ease. You’ll be able to filter by IP addresses, log severity, event names, and more.
Tighter Integration With Traffic Data
The Traffic Log module offers great insights into the realtime equests being sent to our sites in a way that analytics tools and server logs just can’t provide.
Bringing that data into the Audit Trail has been difficult until now, because of the way Shield’s database and data was being stored.
The Traffic Log system has also been completely rewritten, too, so that we can easily integrate this data. You’ll now have the option to view the precise request information and parameters for any log entry directly from within the Security Audit Log table.
Important Changes To The Security Audit Log System And Options
As this is a complete rewrite of the security audit log system for Shield, there have been a number of changes that you may want to be aware of.
More Logs For ShieldFREE
In the older audit trail, ShieldFREE logs were limited to 100 entries. We felt this was a little prohibitive and so we’ve changed how the limits are handled. Instead of limiting the quantity, ShieldFREE will be limited to a maximum of 7 days worth of logs. If you want to store more logs, you’ll need to upgrade.
This means the options for limiting the quantity of DB-stored logs has been completely removed and replaced with a time-based limit option.
You Can Adjust Severity Levels For Each Log Destination
It’s never a good idea to log everything, all of the time. Instead, better to limit your loggging to important events and when more information is needed, increase the logging.
By default, Shield will log only Alerts, Warnings, and Notices to the database. This may not capture all the events you’d like, so you can increase the logging levels as you desire.
You can independently configure the severity levels for each log destination (DB or filesystem).
An example of how you might configure your logging is to set the DB-based logs to capture Alerts and Warnings, and set your file-based logs to capture the remaining (Notice and Info). It’s generally not a good idea to capture Debug logs unless you actually need them.
ShieldFREE has access to only DB-based Logging
If you would like access to filesystem-based logging or any of the future developments in this area, you will need to upgrade to ShieldPRO
What’s Next For Our Security Audit Log?
As we’ve alluded to earlier, we can now “send” WordPress security logs to any desired location – either database or log files. This means with future developments, we can send them almost anywhere, such as Slack, IFTTT, Zapier etc.
This will come in a future release of ShieldPRO so please do comment below or drop us an email if you would like to see your favourite logging location included.
Another area of interest is integration with other platforms such as WooCommerce and building out handling for events specific to those platforms.
We’ll also be adding more events to Shield and also further developer options. If you’d like to know more about this, or you have any custom requests, please do reach out to us and let us know – we’d love to hear what you need and how you’d like to take advantage of the logs.
When Can You Get The New WordPress Security Audit Log?
The new security audit log will be available to all customers, free and premium, of the Shield Security for WordPress plugin v12.0. This is set for release around the middle of September 2021.
WP Simple Firewall is essential for WP Security
I have been using this plugin for over a year now and it has performed flawlessly. It certainly makes my life easier with applying WordPess security. I really like the Audit Trail Viewer and how it allows you to view login attempts and more! As a freelance developer on a…
Great plugin. Very useful!
Excellent security free plugin . Highly recommend it
i am very much happy with the whole functionality of the Shield. First of all it is very well documented and for newbies like me this is a plus! it guides you step by step to configure it and even if you are not sure about turning on an option…
Follow Up on Previous Review
Great Job! I was very critical about the lack of clear notes in the change log in my first review. I’m happy to say that crystal clear, point by point updates have been logged fully for more than a month now. Could not be happier with a security plugin! Definitely…