Feature Spotlight

Solid Security Pro Feature Spotlight: Your WordPress Security Dashboard

The Solid Security Dashboard is a dynamic dashboard with all your WordPress website's security activity stats in one place.

Dan Knauss

In the Feature Spotlight posts, we highlight a feature in Solid Security Pro and explain why we developed the feature, who the feature is for, and how to use the feature. In this Spotlight, we will cover the WordPress Security Dashboard, a centralized screen to monitor and respond to all security-related activity on your WordPress website.

Why We Developed the Security Dashboard

Any type of website log file is full of event entries that tell the history of your site. A WordPress security log shows you the story of your website’s security. Has your site been attacked, were the attacks stopped, or has your site been infected with malware? The answers to these questions and more can be found in your WordPress security logs.

If you are one of the people who feel a little over your head when trying to parse data stored in security logs, you aren’t alone. We heard from so many of you who thought digging through your security logs was time-consuming, and the information stored in the logs can be challenging to understand.

Your website’s security logs are a vital part of any security strategy. The information in these records can help you detect and lock out bad actors, highlight an unwanted change on the site, and identify signs of intrusion.

With all that in mind, we wanted to create an easy and fast way for Solid Security Pro users to see their WordPress website’s security activity and health without needing to dig through their logs.

What is a WordPress Security Dashboard?

The Solid Security Dashboard is a dynamic dashboard with all your WordPress website’s security activity stats in one place.

Looking through the WordPress security log can be time-consuming and confusing. The new Solid Security Dashboard brings your security logs to life by pulling together related data and displaying them in an intuitive and actionable context.

The new Solid Security Dashboard utilizes new Security Cards to organize all your security activity in a more digestible way. Security Cards break the info from the logs down to easy-to-consume, bite-sized nuggets of data.

Screenshot: Solid Security Pro 8.1.0 Security Dashboard
At a glance, the cards on the security dashboard show no vulnerabilities detected on the site, but some Administrators don’t have 2FA enabled.

Meet the Solid Security Cards Available in Your Security Dashboard

We like to compare the Security Cards to baseball cards. Baseball cards don’t give you information about every player in the major leagues. Each card only focuses on one player and their career history. Likewise, the Security Cards in Solid Security Pro don’t show you every entry in the security log. Instead, they only show you the most important information related to the specific topic the card is focused on.

Security Summary

The security summary card zeros in on whether there are any current high-risk security issues — and how to quickly take corrective action if there are problems. You’ll also see the latest security news, information, and resources — including our weekly vulnerabilities report.

Screenshot of Solid Security Pro 8.1.0 Security Summary Card with one vulnerability showing
Quickly view and act on the most important security events, like an active vulnerability. (Fortunately, a virtual patch has already protected this one.)

User Security Profiles

The User Security Profiles card allows you to search for individual users or list users by role or group. Then, you can quickly assess how secure an individual user’s account is and whether it has been abandoned. Does their role correspond to appropriate password strength and age? Do they have two-factor authentication enabled? When were they logged in last?

Screenshot: Solid Security Pro 8.1.0 User Profile Summary Card
Click on any user to get a complete view of their security details. You can send reminders to enable 2FA from this card or force one or more users to log out or update their passwords.

(Individual) User Profile

Pin a single user’s profile to your dashboard and see their user role, password strength, password age, whether they have two-factor authentication enabled, and when they were last on the site.

Screenshot: Solid Security Pro 8.1.0 User Security Profile Card
Pin a single user’s profile as a separate card to your dashboard to keep an eye on them.

Active Lockouts

The Active Lockouts card lists user accounts currently blocked from the site for reasons described below their names. Lockouts are temporary, but you can revoke them quickly from this card by selecting a locked-out user and clicking on their name. Sometimes, legitimate users are locked out when they repeatedly fail to provide the correct login credentials.

Solid Security Pro 8.1.0 screenshot detail showing the active lockouts security card.
Repeated lockouts eventually lead to bans. The Active Lockout card displays all currently locked-out users and IPs.

Lockouts

The Lockouts card adds up all lockouts as far back in time as Solid Security’s logs go. If you purge the logs every month, you’re looking at a monthly lockout trend. You can learn several things from the breakdown into three categories of lockouts for IP addresses, usernames, and users.

Lockouts against IP addresses or usernames indicate automated attempts to break into the site:

  • IP lockouts are most likely associated with bots that repeatedly try to log in to multiple accounts (that may or may not exist) with different passwords. These kinds of attacks are called brute force login attempts or password stuffing.
  • Username lockouts may also be from scripted attacks where common or default usernames like “admin” are being tested, but they don’t exist as real user accounts on your site. (We recommend not using “admin” as a real username, and Solid Security has a setting to prohibit it under Settings › Features › Firewall › Local Brute Force.)
  • User lockouts are triggered by login failures that use actual usernames or email addresses belonging to a real, registered user account on the site.

Over time, it’s common for about half the lockouts to be for IPs and the rest for usernames. Lockouts against users are different. The lockout percentage for users normally should be 0%. Why? That statistic tracks real user accounts that have recently failed repeatedly at logging in or passing a CAPTCHA challenge. This tells you that a legitimate user is experiencing unique difficulties or an attacker has targeted a real user account on your site by name. You shouldn’t see this happening often if you have hardened your site and provided a good user experience. Pay close attention if user account lockouts start to be logged on the Lockouts card!

Solid Security’s user lockouts may be catching a user account created by an attacker, or the attacker may be targeting a legitimate user on your site. Either way, your user accounts need your attention to determine what is happening and what you should do about it. If you see user lockouts happening, your response should be to reach out and help any legitimate users with login challenges or delete users created by bad actors and ban their IPs. (Bot-generated user accounts are usually very obvious when you look at them. The names, usernames, and emails do not match, or they are random or improbable names.)

If you detect bot-generated, spam user accounts on your site, consider hardening the user account creation process. For example, add a CAPTCHA to user registration if you need to allow public account creation. Solid Security can apply reCAPTCHA, hCaptcha, and Turnstile CAPTCHAs to WordPress login, registration, password reset, and comment forms.

Screenshot of Solid Security Pro 8.1.0 Lockouts Card
If you see Users getting locked out, something is wrong.

Bans Overview

Bans are more serious than lockouts. Security administrators can ban specific IPs for any reason. But most of the time, bans are automatically created when an IP has been locked out many times for suspicious behavior. Failed login attempts — and especially trying to login with a username of “admin” — will eventually result in a ban based on the thresholds you specify in Solid Security Pro’s global settings.

Screenshot of Solid Security Pro 8.1.0 Security Dashboard Cards for Banned IPs, Bans Overview, and Lockouts
Repeated lockouts lead to permanent bans. Keep an eye on the IPs that have been banned — and why and when they were banned.

Banned IPs

You can select individual IPs in the ban list for detailed information about them. You’ll see when they were banned and why, plus any notes a security administrator has added. (Or add your notes.) You can also remove the ban with a click or view the full activity log for the banned IP.

Screenshot: Solid Security Pro 8.1.0 IP Ban Card Details Overlay
Use the Banned IPs card to see the whole record of activity: why that IP address was banned, when it happened, and any notes Administrators have left about it.

Threats Blocked

The Threats Blocked card shows a day-by-day chart of security events when firewall rules have been triggered and successfully blocked attacks. Typically, the attacks are brute-force login attempts or attempts to exploit vulnerable plugins. Vulnerable plugins are protected by a type of firewall rule called a “virtual patch.” You can also set up your own custom firewall block and allow rules.

Screenshot: Solid Security Pro 8.1.0 Threats Blocked Card
The Threats Blocked card charts daily attacks blocked by Solid Security Pro’s firewall.

Trusted Devices

The Trusted Devices card tracks successful logins from trusted devices. WordPress users can allow Solid Security Pro to “remember” their “trusted devices” when they log in. Solid Security Pro can also require high-privilege users to log in with a trusted device. Once a device is trusted and associated with a user account, Solid Security Pro will force a logout if the user’s device changes while interacting with the site — a scenario likely caused by malicious “session hijacking.”

Screenshot: Solid Security Pro 8.1.0 Trusted Devices Card
The Trusted Devices card charts daily logins by users with a trusted device.

Update Summary

This card tallies the number of updates applied to WordPress core, plugins, and themes within a customizable time period.

Screenshot: Solid Security Pro 8.1.0 Updates Summary Card
The Updates Summary card displays the number of WordPress, plugin, and theme updates made on the site within a specific period.

How to Create and Share Security Dashboards in Solid Security Pro

To get started, click the Security Admin Menu’s Security Dashboard link.

Screenshot: Solid Security Pro 8.1.0 Security Dashboard
At a glance, we can see there are no vulnerabilities detected on the site, but some Administrators don’t have 2FA enabled.

Next, click Security Dashboard in the top left corner, and then click the Create New Dashboard link.

Solid Security 8.1.0 screenshot: Create a new security dashboard.
Create a new security dashboard.

Next, create a new dashboard using the Solid Security default dashboard layout — or create a new one from scratch. Give your board a name, and then click the Create Board button.

Screenshot: Solid Security Pro 8.1.0 Create-a New Security Dashboard
Create a new dashboard using the Solid Security default dashboard or create one from scratch.

The goal of the Security Dashboard is to give you the information you want in a way that makes sense to you. You can start with a blank canvas and add only the cards that are important to you.

Screenshot: Solid Security Pro 8.1.0 Create New Security Dashboard Cards
Pick a card — any card. Add as many cards as you want and build a layout on the dashboard.

The dynamic security dashboard is entirely customizable. You pick the cards you want to see, the order they appear on your screen, and how big or small you want each card to be. This is your dashboard created by you for you.

Solid Security Pro 8.1.0 Custom Dashboard
Build and share any number of custom dashboards.

After creating the perfect security dashboard, why not share it with someone? 

To share a security dashboard, click the Share icon in the upper left corner of the dashboard. Then, select the users or user roles that you want to share it with.

Screenshot: Solid Security Pro 8.1.0 Share Custom Dashboard
Share your custom dashboard with individual users and user role groups.

Wrapping Up

The Solid Security Dashboard uses Security Cards to break down information stored in your WordPress security logs in an easy-to-digest format. Keep your eye out for new Security Cards coming later this year!

Let us know if there is anything that you would like to see added to the Security Dashboard. After all, we make our products for you and aim to make our customers’ lives awesome!

Solid Security is part of Solid Suite — the best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Did you like this article? Spread the word: