In this article we’ll introduce one of Shield Security’s most important, core features: the Security Activity Log for WordPress.
One of the most critical tools we have in our security toolbelt is being able to view and monitor events on our WordPress sites, as they happen or after the fact.
If we can see all the events around an incident, we can build a clear picture of exactly what has happened and make smarter, more informed decisions.
This is why a full and details log of each and every event that happens on a WordPress site is critical to knowing what threats the website is facing and if, and how, they’re being handled.
Problems With The Original Activity Log
Some time ago we added a powerful “events” system into the Shield plugin which allowed us to revamp the older, legacy audit trail in many ways. But the reality is that this wasn’t enough to get Shield’s logging system to where it needs to be.
We’d also received numerous requests about the ability to send the logs to other places, such as log files or even to 3rd party apps like Slack.
Again, the legacy activity log just wasn’t up to such tasks.
As the Shield platform became increasingly advanced and complex, the audit log became evermore strained and it couldn’t keep up with the demands we, and our customers, required of it.
So we decided to rebuild it entirely from scratch.
Problems Solved With Shield’s New Security Activity Log
There are many advantages to the new security activity log, here are just a few of them:
Security Log Severity Levels
Every single event in the Shield system has a log “level” or “severity”. For the moment, we’ve kept the available levels to the following:
- Alert – a serious event that may require the attention and review of an admin
- Warning – an important event that has been handled, but may require attention
- Notice – an important event that has been handled
- Info – a non-important event
- Debug – informational or debug information
Of course there’s no need to be logging all of these levels all of the time.
By default, Shield will switch on Alert, Warning & Notice events. If you’re seeing any issues and you’d like more information about what’s happening on a site, you can enable extra levels as you require.
Unlimited Security Log Destinations
Shield logs all security events to the database. This has always been the case and is unchanged, (though you have the option to disable this).
With ShieldPRO you can also log events to the file system, and you can select which log levels are sent to that location (separately from the DB log levels).
We’ll add more logging locations with future ShieldPRO development.
Improved Security Log Display
Having high quality security logs for WordPress is only as useful as your ability to view the logs and extract the information you need from them.
We’ve moved log tables display to our preferred table UI system (datatables.js) and provided complete search and filtering options so you can drill down into the events on your sites with ease. You’ll be able to filter by IP addresses, log severity, event names, and more.
Tighter Integration With Traffic Data
The Traffic Log module offers great insights into the realtime requests being sent to our sites in a way that analytics tools and server logs just can’t provide.
Bringing that data into the Activity Log has been difficult until now, because of the way Shield’s database and data was being stored.
The Traffic Log system has also been completely rewritten, too, so that we can easily integrate this data. You’ll now have the option to view the precise request information and parameters for any log entry directly from within the Security Activity Log table.
Important Changes To The Security Activity Log System And Options
As this is a complete rewrite of the security activity log system for Shield, there have been a number of changes that you may want to be aware of.
More Logs For ShieldFREE
In the older audit trail, ShieldFREE logs were limited to 100 entries. We felt this was a little prohibitive and so we’ve changed how the limits are handled. Instead of limiting the quantity, ShieldFREE will be limited to a maximum of 7 days worth of logs. If you want to store more logs, you’ll need to upgrade.
This means the options for limiting the quantity of DB-stored logs has been completely removed and replaced with a time-based limit option.
You Can Adjust Severity Levels For Each Log Destination
It’s never a good idea to log everything, all of the time. Instead, better to limit your logging to important events and when more information is needed, increase the logging.
By default, Shield will log only Alerts, Warnings, and Notices to the database. This may not capture all the events you’d like, so you can increase the logging levels as you desire.
You can independently configure the severity levels for each log destination (DB or filesystem).
An example of how you might configure your logging is to set the DB-based logs to capture Alerts and Warnings, and set your file-based logs to capture the remaining (Notice and Info). It’s generally not a good idea to capture Debug logs unless you actually need them.
ShieldFREE has access to only DB-based Logging
If you would like access to filesystem-based logging or any of the future developments in this area, you will need to upgrade to ShieldPRO
What’s Next For Our Security Activity Log?
As we’ve alluded to earlier, we can now “send” WordPress security logs to any desired location – either database or log files. This means with future developments, we can send them almost anywhere, such as Slack, IFTTT, Zapier etc.
This will come in a future release of ShieldPRO so please do comment below or drop us an email if you would like to see your favourite logging location included.
Another area of interest is integration with other platforms such as WooCommerce and building out handling for events specific to those platforms.
We’ll also be adding more events to Shield and also further developer options. If you’d like to know more about this, or you have any custom requests, please do reach out to us and let us know – we’d love to hear what you need and how you’d like to take advantage of the logs.
When Can You Get The New WordPress Security Activity Log?
The new security activity log will be available to all customers, free and premium, of the Shield Security for WordPress plugin v12.0. This is set for release around the middle of September 2021.
Great plugin for protecting site and auto-updating with easy settings
Love this free and awesome plugin. Protects not merely brute force attacks but also for comment spam, a firewall, auto updating plugins and themes [ideal on sites i have no time to maintain], great user login management – perfect when you wish to limit simultaneous sessions per single user, 2-factor…
After upgrading to last version of WordPress I think about change my security plugin. I used Wordfence in the past but actually I use WP Simple Firewall and I think it was very good decision. It is strong, but simple for setup and I hope it will save our web…
Супер прога, особенно про IP очень понравилось
Супер, но не хватает полного перевода)