Menu
iThemes
WordPress Security, Backups & Maintenance
  • Products
    • iThemes Security Pro
    • BackupBuddy
    • iThemes Sync
    • Why buy from iThemes?
  • Bundles
    • Essentials Bundle
    • Plugin Suite
    • WordPress Web Designer’s Toolkit
    • Customer Spotlights
  • Resources
    • Blog
    • WordPress 101 Tutorials
    • WordPress Ebooks
    • Weekly WordPress Vulnerability Report
    • The Ultimate Guide to Starting a Web Design Business
  • Training
    • Upcoming Webinars
    • Free Webinar Library
    • Premium Courses
    • Become a Member
    • Member Login
  • Support
    • Documentation
    • Get Help
    • Product Updates
    • Upgrade Policy
    • Contact
    • Our Mission: Make People’s Lives Awesome
  • Log In
WordPress News and Updates from iThemes
Categories
  • Product Updates
  • WordPress Backup
  • WordPress Block Editor
  • WordPress Ecommerce
  • WordPress for Freelancers
  • WordPress Security
  • WordPress Tutorials
  • WPprosper

iThemes Security Pro Feature Spotlight – User Logging

Written by Michael Moore on September 21, 2020

Last Updated on November 2, 2021

In the Feature Spotlight posts, we will highlight a feature in the iThemes Security Pro plugin and share a bit about why we developed the feature, who the feature is for, and how to use the feature.

Today we cover the User Logging feature in iThemes Security Pro.

In This Article
  • Why You Need User Logging for Your WordPress Website
  • What is User Logging?
    • 5 User Actions Recorded by iThemes Security Pro
  • How to Use User Logging in iThemes Security Pro
  • Wrapping Up

Why You Need User Logging for Your WordPress Website

The iThemes Security Pro plugin can prevent most attacks on your WordPress website from being successful, but it can’t guarantee that it will stop 100% of attacks. You won’t find a security tool or method that is 100% effective against all attacks. Unfortunately, even if you follow all of the WordPress security best practices, your website could get hacked. Because a full-proof security method doesn’t exist, we need to monitor and record security events on our website.

Logging is an essential part of your WordPress security strategy. Insufficient logging and monitoring can lead to a delay in the detection of a security breach. Most breach studies show that the time to detect a breach is over 200 days! That amount of time allows an attacker to breach other systems, modify, steal, or destroy more data. It is for those reasons that Insufficient Logging landed on the OWASP top 10 of web application security risks.

Most breach studies show that the time to detect a breach is over 200 days! That amount of time allows an attacker to breach other systems, modify, steal, or destroy more data.

There are several different types of security events that you should monitoring and recording in your WordPress security logs, including brute force attacks, file changes, malware scans, and user activity. However, in this post, we are going to focus on recording user activity.

Keeping a record of user activity in your WordPress security logs can be your saving grace after a successful attack.

What is User Logging?

The User Logging feature automatically monitors and records specific user actions in the iThemes Security Pro security logs.

5 User Actions Recorded by iThemes Security Pro

1. Log In / Log Out

The first type of user activity logged is when users log in and log out of your website and from where. Monitoring time and location of the user’s logins can help you spot a user that is compromised. Did that user login at an unusual time or from a new place? If so, you may want to start your investigation with them.

2. User Creation / Registration

The next activity you should keep a record of is user creation, especially the creation of Administrator users. If a hacker can compromise a legitimate user, they may create there own admin user in an attempt to be covert. It is easy for you to notice something strange with your account, but it is much more difficult to identify malicious activity on another user.

Monitoring user registration is also essential. Some vulnerabilities allow hackers to change the default new user role from a Subscriber to an Administrator.

If you have User Logging set only to monitor the activity of Administrator users, only new Admin user registration will be recorded in the security logs. So, if you ever see a newly registered user in your security logs, something has gone wrong.

3. Adding and Removing Plugins

It is vital to make a record of who adds and removes plugins. Once your site has been hacked, it will easy for the attacker to add their custom plugin to inject malicious code into the website.

Even if a hacker doesn’t have access to your server or database, they may still be able to make changes to them from your WordPress dashboard. Using a plugin, they can add redirects to your site to use in their next spamvertizement campaign, or inject malware into your database. After their malicious code is executed, they can then delete the plugin to remove evidence of their crime. Lucky for us, we won’t miss any of it because it was all documented in our WordPress security logs.

4. Switching Themes

Another user activity monitored by iThemes Security Pro User Logging is when someone switches the website’s theme. If you ever find that your theme has unexpectedly changed, you can look in your WordPress security logs to find out who made the change.

5. Changes to Posts & Pages

Finally, you want to monitor any changes to your post and pages. Have any links been added to send your traffic to other sites? Monitoring posts and pages can help you find any embarrassing pages or malicious links added to your website after a breach.

To find out which post was modified, click the View Details links to find the post ID.

How to Use User Logging in iThemes Security Pro

To start logging user actions in iThemes Security Pro, navigate to the security settings’ Features menu and enable User Logging.

After enabling User Logging, click the User Groups link to decide whose activity you want to monitor.

Tip: When adding user logging, keep in mind you may only want to monitor users that can make changes to your site. Monitoring customer or subscriber activity could result in bloated logs, making the information more difficult to parse.

To view the recorded user activity, navigate to the security logs, and click the All Events link. Next, select User Logging from the dropdown menu and then click the Filter button.

Hover over the IP address or Username and click the Filter icon to only view activity from that IP or username.

Wrapping Up

Unfortunately, even if you follow 100% of the WordPress security best practices, there is still a chance that your website will get hacked. Keeping a record of user activity in your WordPress security logs can be your saving grace after a successful attack.

Monitoring the correct user activity can guide you through the timeline of a hack and show everything the hacker changed, from adding new users to adding unwanted pharma ads on your site.

Having a timeline of a compromise will drastically reduce the downtime experienced after a hack.

Share via:

  • Facebook
  • Twitter
  • LinkedIn
  • More
Other related posts
A security-riddled computer monitor. There is a large, orange shield with a slash in the middle of the screen. Surrounding it are a red target, a green skull and crossbones, an orange “bug”, a triangle with an explanation point in the middle and a gray gear.
WordPress Vulnerability Report – January 25, 2023
Turnstile and hCaptcha
New Turnstile and hCaptcha Support in Security Pro 7.3
WordPress vulnerability report
WordPress Vulnerability Report – January 18, 2023
clickjacking
What is Clickjacking and How to Prevent it

Respond

Click here to cancel reply.

Get updates on new themes & plugins plus special discounts

About iThemes

  • The Team
  • Contact Us
  • Website Accessibility Statement
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • iThemes Security Pro
  • iThemes Sync
  • Restrict Content Pro
  • WPComplete
  • WordPress Plugins
  • Content Upgrades
  • WordPress Landing Page Plugin
  • BackupBuddy Stash

iThemes Media LLC Copyright © 2023 All rights reserved | Privacy Policy

© 2022 All Rights Reserved.

Visit StellarWP Visit Nexcess
Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap