Can WP Ghost send email alerts for hacking attempts?

Yes. Alerts for login from different IPs, brute force IP blocks, too many failed logins, plugin deletions, and post deletions. Configured in the WP Ghost Cloud Dashboard. Requires Premium with cloud storage enabled.

What's the difference between Events Log and Security Threats Log?

Events Log tracks internal user actions. Security Threats Log tracks external blocked attacks. Together they provide full visibility into both sides.

How Extensive Is WP Ghost’s Monitoring of Hacking Attempts?

Q: What does WP Ghost monitor for external threats?

The Security Threats Log records every blocked attack: SQL injection, script injection, directory traversal, brute force attempts, and hidden path probes. Each entry shows IP address, country, attack type, and the exact blocked request.

Q: What does WP Ghost monitor for internal user activity?

The User Events Log tracks logins, failed login attempts, plugin activations/deletions, post deletions, settings changes, and other dashboard actions by logged-in users. Filterable by event type, username, IP, and user role.

Q: What monitoring is available in the free version?

Security Score gauge, GEO Threats Map, 7-day threats chart, lifetime attacks counter, last 20 Security Threats Log entries, and weekly security monitoring emails. Full logs and email alerts are Premium.

Q: Is the monitoring GDPR compliant?

The log records usernames, IPs, and actions. Cloud data auto-deletes after 30 days. Local retention is configurable. Data not shared with third parties. Inform users if GDPR compliance is needed.

Q: Does WP Ghost modify WordPress core files?

No. Monitoring uses WordPress hooks. Local logs use a dedicated database table. Cloud logs sent via API. No files modified.

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

WP Ghost provides three layers of monitoring: the Security Threats Log tracks blocked external attacks, the User Events Log tracks internal user activity, and email alerts notify you in real time when critical events happen. Together, they give you full visibility into both who’s attacking your site and what your users are doing inside it.

What Does WP Ghost Monitor for External Threats?

The Security Threats Log records every malicious request that WP Ghost’s firewall and brute force protection block. This includes SQL injection attempts, script injection attempts, directory traversal probes, brute force login attacks, and requests to hidden paths. Each entry shows the attacker’s IP address, country of origin, the type of attack, and the exact request that was blocked.

The free version shows the last 20 blocked threats. Premium users get the full log with advanced filtering, sorting, and cloud storage. For the complete guide, see the Security Threats Log tutorial.

What Does WP Ghost Monitor for Internal User Activity?

The User Events Log tracks every security-relevant action performed by logged-in users on your site. This covers successful and failed login attempts (with IP addresses), plugin activations, deactivations, and deletions, post and page deletions, theme and plugin updates, settings changes, and other dashboard activity that could affect security. It does not log everyday frontend actions like clicking menus or browsing pages.

You can filter events by type (login, incorrect password, update plugin, delete post, etc.), search by username, IP, or keyword, and select which user roles to monitor. Logs can be stored locally in your WordPress database or synced to the WP Ghost Cloud Dashboard where they’re retained for 30 days and survive even if someone deletes the plugin from your site.

For the full guide, see the Events Log tutorial.

Can WP Ghost Send Me Email Alerts for Hacking Attempts?

Yes. WP Ghost sends email alerts for critical security events so you can respond within minutes. Available alert types include login from a different IP (possible account compromise), an IP blocked by brute force protection, too many failed login attempts from a user, a plugin deleted from the site, and a post deleted from the site.

Email alerts are configured in the WP Ghost Cloud Dashboard and require cloud storage to be enabled. Each alert can be set up for individual websites on your account, and you can use a different notification email per site.

What Monitoring Is Available in the Free Version?

WP Ghost Free includes the Security Optimization Score (0-100 gauge on the Overview dashboard), the GEO Threats Map showing where blocked threats originate, a threats-prevented chart (7-day view), a lifetime attacks blocked counter, the last 20 entries in the Security Threats Log, and weekly domain security monitoring emails.

The full User Events Log, full Security Threats Log, cloud storage, and email alerts are Premium features. For the complete free vs premium breakdown, see the Free vs Premium comparison.

Frequently Asked Questions

What’s the difference between the Events Log and the Security Threats Log?

The Events Log tracks actions by logged-in users (edits, logins, settings changes). The Security Threats Log tracks malicious requests from external visitors (blocked attacks, firewall hits, brute force attempts). Together they give you full visibility into both internal activity and external threats.

Where is the log data stored?

Locally in a dedicated WordPress database table, with configurable retention. If you enable cloud storage, a copy is synced to the WP Ghost Dashboard and retained for 30 days. Cloud logs survive plugin deletion and are required for email alerts. You can export cloud logs before they expire.

Is the monitoring GDPR compliant?

The Events Log records usernames, IP addresses, and user actions. If you need to comply with GDPR, inform your users that dashboard activity is logged. Cloud data is kept for 30 days and automatically deleted. Local retention is configurable. Data is not shared with third parties or used for marketing.

Does WP Ghost modify WordPress core files?

No. All monitoring operates through WordPress hooks that listen for actions. Local logs use a dedicated database table. Cloud logs are sent via API. No core files, theme files, or plugin files are modified. Deactivating WP Ghost removes local log data and stops all monitoring instantly.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.