When it comes to security, “keeping an eye” on what’s happening on your WordPress site is key, as it enables you to uncover and fix security threats before they become a problem.
Hide My WP Ghost makes this task easier by providing always-ON security and monitoring security-related events on your site 24 hours a day / 7 days a week.
Every action* that users take when logged in to your site (for the last 30 days) will be documented in the Events Log Report, so you’ll know who does what on your site.
(*this refers to actions that could potentially have an impact on your site’s security. Hide My WP Ghost will NOT log users’ actions such as: clicking on a Menu or other similar, common actions that a user regularly takes in the frontend of a site)
Hide My WP Ghost will, however, log Dashboard activity – once the option Log Users Events has been activated.
The Events Log Report also includes events that take place on your login page.
Hide My WP Ghost will track user login sessions and report on both successful and failed login attempts. Since the login page is one of the pages that hackers target the most when attempting to hack a WordPress site, it’s important to keep track of these login events.
With the Events Log reports, Hide My WP Ghost enables you to take note of every important action triggered on your WordPress site and make informed decisions related to potential security threats.
Plus, it provides a dedicated, secure place to store that information in case you may need it in the future.
For every recorded user action, Hide My WP Ghost will show you:
- the IP address
- more details (such as: the path where that action was recorded, the name of the user who performed said action and their role, name of the plugin if, for example, the action the user performed was to deactivate a plugin)
By using the Filter button shown in the screenshot below, you can filter log entries based on events and actions that were taken on your website by tracked users (such as: login, update plugin, delete plugin, incorrect password, and more).
Plus, you can Search entries using the quick Search form you’ll see on the right of the screen. For example, if you search for login, Hide My WP Ghost will show you report entries that are related to login sessions that took place on your site.
Note! For optimum results, make sure there’s NO filter applied when using the Search function.
Once you’ve activated the option: Log Users Events, the Events Log Report will be available at: Hide My WP > Log Events > Events Log Report.
Activate Log Users Events
By activating Log User Events, you can find out exactly who does what on your WordPress website:
- Find out if someone is trying to hack your site.
- Know when a post was deleted, and who deleted it.
- Know when a plugin was activated/deactivated, and who did it.
- Track your freelancers’ or hired developer’s activities.
- Track your multiple blog authors’ activities.
- Track who has logged in, when, and with what IP address.
- View successful and failed login attempts.
- Track which IP address is targeting your login page.
- Track which themes, plugins, and core files are updated by which user.
All this data will show in the Events Log Report that can be accessed at Hide My WP > Log Events > Events Log Report.
To enable Hide My WP Ghost to log users events, switch on Hide My WP > Log Events > Events Log Settings > Log Users Events
Log User Roles
With this option, you can tell Hide My WP Ghost which users to track based on User Role.
Once you select the user roles, Hide My WP Ghost will monitor those users’ activity and record what actions they take on your site while they are logged in. The log report will also include login sessions for each user you chose to track.
To select the user roles, simply hold the Control/Command key and choose the roles you want from the drop-down list.
Multiple roles can be selected. So, for example, you can choose to log the activity of Subscribers and Contributors but NOT monitor users who have the Administrator role.
If you want Hide My WP Ghost to monitor and record the activity of ALL user roles, don’t select anything here (the text should read: Nothing Selected).
Accessing the Events Log Report in the Cloud
To access the Events Log Report in the cloud, go to Hide My WP > Log Events > Events Log Report, and click on the button that reads: Go to Events Log Panel
By clicking on this button, you will automatically be redirected to your WPPlugins Account > Events Log Report in the cloud.
Similar to the Events Log Report that can be accessed directly within the plugin, here you can see the following details about each recorded user action:
- IP address
- Details (such as: the path where that action was recorded, the name of the user who performed said action and their role, name of the plugin if for example the action the user performed was to deactivate a plugin)
!! Data will be saved in your Cloud account for 30 Days and you can export it using the Export button you’ll see on the right of the screen.
Inside the Cloud Events Log Report, you also have the option to filter log entries by:
- IP address
- Date range
! Note that if you are using the Export option AFTER applying certain filters, Hide My WP Ghost will generate an export that contains ONLY the filtered entries.
With this option, you can easily create alerts and be notified via email when a specific user action is triggered on your website.
This enables you to respond in minutes to possible security threats such as unauthorized changes, repeated failed login attempts, and other issues that can put your WordPress site at risk.
For now, you can choose from a set of predefined actions and be notified via email when:
- The same user has successfully logged in multiple times from different IP addresses. (select: Alert me when a user has login attempts from different IP addresses)
- An IP address was blocked by Hide My WP Ghost’s Brute Force Protection feature. (select: Alert me when an IP address is blocked by Brute Force Protection). IMPORTANT! Setting up this alert requires activating Bruce Force Protection.
- A user has unsuccessfully tried to login more than 5 times. (select: Alert me when a user has too many failed login attempts). You can set up this alert even if you DON’T have Bruce Force Protection activated.
- A plugin on your site was deleted. (select: Alert me when a plugin is deleted)
- A post on your site was deleted. (select: Alert me when a post is deleted).
You can set different emails alerts for different websites under your account.
💡 Every email alert must be set up individually.
To create an alert, go to WPPlugins Account > Email Alerts > New
- Select the website for which you want to set the alert
- Select the alert you want to receive by email
- Then click on the Save button.
Here is an example of how an email alert will look like:
All alerts that you currently have in place for your site(s) will be visible inside the Email Alerts Panel.
To delete an email alert, simply click on the Delete icon corresponding to the email alert you want to remove. (shown below)
You also have the option to filter alerts based on:
- Website URL
- and Alert Type
Notification Email Address
In your Profile Settings, you have the option to specify the email address where you want to receive all alerts notifications.
To set the email address, go to WPPlugins Account > Profile > Settings
Don’t forget to click on the Submit button to save your settings.