Written by Paul Cassarly (not AI)
So I was checking on some things for a client’s site, and I decided to look at the logs generated by WP Activity Log one day (see screenshot). Turns out, there were about 1,600 entries and nobody had logged into the site since we installed it a few months prior.
I checked another website, same thing. Then another, then another…all the same bursts of activity across a week or more.
These websites had been targeted via our server IP at DreamHost and apparently at some point we experienced a minor DDoS bot attack. We never enable commenting as none of our clients have blogs, and most of them don’t have Anyone Can Register enabled so there were no security breaches.
I’m not the world’s most technical person, but I understand enough to be dangerous when it comes to WP and its functionality. In this case, I realized that these WordPress sites were being targeted (albeit protected) on a regular basis.
How To Interpret Security Logs
These bots are consistently looking for vulnerabilities in our login form, guessing at common and uncommon usernames. Luckily, our SOP involves immediately creating a custom administrator account and deleting the default one generated by DreamHost, backed up with a unique password.
This particular plugin mentioned above is one of many, but it’s by far my personal favorite.
In fact, it’s standard installation on all of our client websites, and we keep all logs forever because you never know if you need to refer back to a change that was made a year or two prior to answer a customer’s question (it happens more often than you think). The great thing is that it’s completely FREE, and should be something that all website developers include in your build.
The logs themselves should be viewed from the perspective of a detective. You can search for any activity, no matter how much there is. They even have some nifty new search function that they added:
So that’s pretty cool.
Keep Track of Your Website Activity
All of this to say, you really should be monitoring what’s going on with your website from time to time. Make sure to keep backups once in a while, especially if you’re a website designer/developer!
