In the Feature Spotlight posts, we will highlight a feature in the iThemes Security Pro plugin and share a bit about why we developed the feature, who the feature is for, and how to use the feature.
Why We Developed the WordPress Security Logs
Logging is an essential part of your WordPress security strategy. Insufficient logging and monitoring can lead to a delay in the detection of a security breach. Most breach studies show that the time to detect a breach is over 200 days! That amount of time allows an attacker to breach other systems, modify, steal, or destroy more data. It is for those reasons that Insufficient Logging landed on the OWASP top 10 of web application security risks.
WordPress security logs have several benefits in your overall security strategy.
- Identity and stop malicious behavior.
- Spot activity that can alert you of a breach.
- Assess how much damage was done.
- Aide in the repair of a hacked site.
If your site does get hacked, you will want to have the best information to aide in a quick investigation and recovery.
What are WordPress Security Logs?
WordPress Security Logs in iThemes Security Pro keeps track of important security events that occur on your website. These events are important to monitor to indicate if or when a security breach occurs.
Your website’s security logs are a vital part of any security strategy. The information found in these records can be used to lockout bad actors, highlight an unwanted change on the site, and help to identify and patch the point of entry of a successful attack.
Security Events Tracked & Logged by iThemes Security
Here’s a look at the security events tracked by the iThemes Security Pro plugin.
1. WordPress Brute Force Attacks
Brute force attacks refer to the trial and error method used to discover usernames and passwords to hack into a website. WordPress doesn’t track any user login activity, so there isn’t anything built into WordPress to protect you from a brute force attack. It is up to you to monitor your login security to protect your WordPress site.
Luckily, a brute force attack isn’t very sophisticated, and it is pretty easy to identify in your logs. You will need to record the username and IP that is attempting to login and whether the login was successful. If you see that a single username or IP has consecutive failed login attempts, the chances are you are under a brute force attack.
The iThemes Security Pro Local Brute Force Protection feature keeps tracks of invalid login attempts made by a host/IP address or a username. Once an IP or username has made too many consecutive failed login attempts, they will get locked out and will be prevented
This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.