Regarding security, “keeping an eye” on what’s happening on your WordPress site is key, enabling you to uncover and fix security threats before they become a problem.
WP Ghost makes this task easier by providing always-on security and monitoring security-related events on your site 24 hours a day, 7 days a week.
The Events Log Report will document every action users take when trying to log in or are already logged in to your site (for the last 30 days), so you’ll know who does what on your site.
(*this refers to actions that could impact your site’s security. WP Ghost will NOT log users’ actions such as clicking on a Menu or other similar, everyday actions that a user regularly takes in the frontend of a site)
Activate Events Log
- Go to the WP Ghost > Events Log > Events Log Settings section.
- Switch on the Log Users Events option to start the action monitoring.
- Select the user roles you want to monitor from Log User Roles.
- Click the Save button to apply the changes.
Events Log User Roles
With this option, you can tell WP Ghost which users to track based on User Role.
Once you select the user roles, WP Ghost will monitor those users’ activity and record their actions on your site while they are logged in. The log report will also include login sessions for each user you choose to track.
Multiple roles can be selected. So, for example, you can choose to log the activity of Subscribers and Contributors but NOT monitor users who have the Administrator role.
If you want WP Ghost to monitor and record the activity of ALL user roles, don’t select anything here (the text should read: Nothing Selected).
Events Log GDPR
If you activate the Events Log option, certain data will be stored on our WP Ghost Dashboard for 30 days. After this period, the data will be permanently deleted. It is important to note that the information collected is not shared with any third parties and is not used for any marketing purposes.
The primary advantage of storing data on the Cloud is that it provides you with access to the activity log even if your website has been affected. This allows you to identify potential security issues and take appropriate measures. We have outlined these details in our privacy policy page.
According to our privacy policy, if you agree to log your website users’ activity, we collect basic information about each activity on our cloud servers. This information includes the Actions Name, Post ID, Post Type, Username, Posts Name, Plugin Name, and Attachments Name. It is important to note that each piece of information is only saved when a user triggers an action and is saved regardless of whether the plugin is active or has been deactivated/deleted.
We prioritize the security and privacy of our users, ensuring that the collected information is solely utilized to provide you with comprehensive reports on your users’ activities.
Please note that within the WP Ghost plugin, a notification is displayed in the sidebar specifically informing users about the Cloud storage feature related to the Events Log.
This notification draws your attention to the fact that enabling this feature will result in data being stored on our Cloud for 30 days.
After this duration, the data is permanently deleted. This notification ensures transparency and lets you decide whether to activate this feature.
Events Log Report on WordPress Dashboard
The Log Report will be available at the WP Ghost > Log Events > Events Log Report section. Once the option Log Users Events has been activated, WP Ghost will log dashboard activity.
The Events Log Report also includes events on your login page when login attempts occur.
- Find out if someone is trying to hack your site.
- Know when a post was deleted, and who deleted it.
- Know when a plugin was activated/deactivated, and who did it.
- Track your freelancers’ or hired developer’s activities.
- Track who has logged in, when, and with what IP address.
- View successful and failed login attempts.
- Track which IP address is targeting your login page.
- Track which themes, plugins, and core files are updated by which user.
For every recorded user action, WP Ghost will show you:
- Location from where the action has occurred.
- Details (such as the path where that action was recorded, the name of the user who performed said action and their role, and the name of the plugin if, for example, the user’s action was to deactivate a plugin).
- Date the date and time of the action.
By using the Filter button shown in the screenshot below, you can filter log entries based on events and actions taken on your website by tracked users (such as login, update plugin, delete plugin, incorrect password, and more).
You can Search entries using the quick Search form on the right of the screen. For example, if you search for login, WP Ghost will show you report entries related to login sessions that took place on your site.
Note! For optimum results, ensure NO filter is applied when using the Search function.
Events Log Report on WP Ghost Dashboard
Log in to your WP Ghost Dashboard first to access the Events Log Report.
Similar to the WordPress Events Log Report you see the following details about each recorded user action:
- Website URL
- Location from where the action has occurred.
- Details (such as the path where that action was recorded, the name of the user who performed said action and their role, and the name of the plugin if, for example, the user’s action was to deactivate a plugin).
- Date (UTC Time Zone) the date and time of the action.
Note! The log will be deleted after 30 Days. To export it, use the Export button on the right of the screen.
Email Alerts
With this option, you can easily create alerts and receive an email notification when a specific user action is triggered on your website.
This allows you to respond in minutes to possible security threats such as unauthorized changes, repeated failed login attempts, and other issues that can put your WordPress site at risk.
You can choose from a set of predefined actions and be notified via email when:
- The same user has successfully logged in multiple times from different IP addresses.
(select: Alert me when a user has login attempts from different IP addresses)
- WP Ghost’s Brute Force Protection feature blocked an IP address.
(select: Alert me when Brute Force Protection blocks an IP address). - IMPORTANT! Setting up this alert requires activating the WP Ghost > Bruce Force feature.
- A user has unsuccessfully tried to log in more than 5 times.
(select: Alert me when a user has too many failed login attempts).
You can set up this alert even if Bruce Force Protection is not activated.
- A plugin on your site was deleted.
(select: Alert me when a plugin is deleted)
- A post on your site was deleted.
(select: Alert me when a post is deleted).
Create New Email Alert
- Go to your WP Ghost Dashboard account.
- From the Email Alerts section, click on +New button.
- Select the website you want to set the alert for.
- Select the alert you want to receive by email when it’s triggered.
- Click the Submit button to add the alert.
Note! Every email alert must be set up individually.
Notification Email Address
In your Profile Settings, you can specify the email address where you want to receive all alert notifications.
- Go to your Profile > Settings section.
- Specify the Default Notification Email address where you want to receive the report.
- Click on the Submit button to save your settings.
Different Email Alert Address
By default, all the email alerts are sent to the account notification email.
If you have different email addresses where you want to receive the alert, you can set a different email address for each website you connected.
- Go to the Connected Sites section.
- Click on the pencil from the Alert Email column to add an email address.
The settings you make here have priority over those you may have made in Profile > Settings section .
Example Email Alert
Here is an example of how an email alert will look like:
All alerts that you currently have in place for your site(s) will be visible inside the Email Alerts Panel.
To delete an email alert, simply click on the Delete icon corresponding to the email alert you want to remove. (shown below)
