The latest cybercrime stats were released in May, reporting that while the cost to the global economy in 2022 was about $7 trillion, predictions state that the cost is expected to rise to about $10.5 trillion by 2025.
Another staggering report is that the highest percentage of cyber breaches are against small and medium-sized businesses, not large global corporations. Is your small business at risk?
One effective way of identifying security threats and other risks is through log analysis.
What Is Log Analysis?
If you’re business—and for the sake of this article, you do all or part of your business from a WordPress site—captures and maintains an activity log, log analysis is the process of evaluating that information.
The log itself is a computer-generated snapshot of all activity generated by users on your site—or at least any activity that could potentially threaten your site’s security. An example of that would be unauthorized access attempts or something being added to or edited on your site.
What is an Activity Log?
An activity log is a structured, chronological record of the actions your users perform while on your site. And even though the site administrator sets and defines all user roles and permissions—who can do what while logged in—it’s good to have a record of what they’re doing. Unfortunately, WordPress doesn’t provide this capability out of the box.
Auditing what your users are doing while on your site could include a record of any of the following, if not more.
- Any additions, deletions, or changes made on the site (this would include changes to the core files, themes, plugins, or changes to content)
- User registrations
- Profile or password changes
- WordPress updates
- Taxonomy changes
- Anything comment related
Why You Should Create and Maintain Event Logs
You can’t do a log analysis without an event log—also called an activity log. And given the skyrocketing threat of cyber-attacks, everyone should be upgrading their site security and generating one.
But how does creating a log help with security?
Even if the only user on your site is you, the administrator, you’d still benefit from a log of all your activity. Because mistakes happen and being able to follow an audit trail makes finding them much easier. Or maybe something hasn’t gone wrong yet but you see changes made that could open a security hole, making future hacking attempts successful. In this case, you can step in and make necessary fixes before that happens.
Frankly, it doesn’t matter who or how many have access to your WordPress site—it can still be compromised. Perhaps by stolen passwords, weak passwords, brute force attacks, and more.
With an event log, you can record all user activity on your site, ultimately using it for troubleshooting and workflow management as well. The enhanced security it provides means you can quickly detect any suspicious activity and step in to mitigate it. Tracking their actions also gives you a window into the level of website security knowledge your users have, so in the event of a security breach, you’ll know what kind of education to provide to prevent it from happening again.
Since an activity log will also track all changes to content, it can be a great tool for managing workflow, especially when users are collaborating on a project. This proves that Log Analysis brings several benefits at once when implemented correctly.
How is Log Analysis Possible in WordPress?
Now that you know the what and the why, how can you make this happen on your WordPress site? WordPress doesn’t provide this functionality at the core, but it is possible. You’ll just need to add a plugin that does the job for you.
Having said that, you want to make sure to have an event logger plugin that pays attention to very specific parts of your site.
Here are some basics that need to be covered for Log Analysis.
Your content is typically dynamic and often created, edited, and even deleted by a number of users. So you want to make sure you’re monitoring the following.
- Newly created content, including pages, posts, custom posts, media, and comments
- Any changes made to existing content
- Instances where published content is deleted
- Changes to taxonomy or metadata—one or any of the categories, tags, custom fields, date, and URL
- When the status changes on pages, posts, or comments
Logins and Login Attempts
Obviously, if you have active users, they’re logging into your site. But monitoring logins helps you stay on top of a number of things and, perhaps more importantly, provides advance warning of brute force attacks. Log Analysis comes to the rescue.
- While often legit in moderation—two different IPs—it’s a good idea to be aware of a single user account that tries to log in from several different IP addresses
- Multiple failed login attempts from different usernames and passwords, but all originating from the same IP address
- Repeated failed logins from the same IP over a short period of time—again, a few attempts could be legit
Changes to WordPress Core, Plugins, and Themes
Even though changes at this level are restricted to users with administrator access, they still should be logged. As mentioned above, mistakes can happen, and the ability to track and troubleshoot them could save you hours or days of grief.
- Changes to core files—either done manually or via automatic updates
- Changes to settings and status: commenting, security, and permalinks
- Modifications to themes and plugins—and or their settings
In addition to monitoring the files and settings mentioned above, your plugin will capture and record necessary data relevant to the event. This will include:
- The type of event
- Date and time
- The IP address the action originated from
- The user who made the change
- The content, file, or setting where the action took place
Tighten Your WordPress Security
As mentioned at the outset, it’s more important than over to close security gaps on your website—especially if you’re a small or medium business. You’ve become the target of cybercriminals.
If you haven’t already, it’s time to augment your security with event logging. Check out WP Admin Audit, it will do everything mentioned above, and more.