Websites are continuously targeted by automated scanners and attack bots that probe for known vulnerabilities, common file paths, and exploitable endpoints.
WP Ghost prevents these attacks proactively by reducing your site’s attack surface and blocking malicious requests before they reach WordPress.
The Security Threats Log gives you full visibility into this hostile traffic, allowing you to understand what is being targeted, from where, and how often.
This log focuses exclusively on external threats, not user activity.
Once enabled, WP Ghost automatically starts recording detected threats. No additional configuration is required.
The Security Threats Log records malicious or suspicious requests detected by WP Ghost protections, including:
Each log entry documents attempted attacks, even when they are fully blocked.
When the Security Threats Log is enabled, all detected threats are stored locally in the WordPress database table hmwp_logs.
Stored data includes:
This data is collected strictly for security monitoring and incident analysis.
You can view detected threats at:
WP Ghost > Logs > Security Threats
From this screen, you can:
This report helps validate that WP Ghost protections are working as intended.
The Threats Report includes built-in tools to help you analyze activity:
These filters allow you to quickly pinpoint relevant security events without scrolling through large datasets.
Each threat entry includes an action menu that lets you respond immediately.
Selecting Threat Details opens a detailed view showing:
This information is essential for understanding why the request was flagged and how WP Ghost handled it.
Use Whitelist Path if a legitimate request is being blocked and you want to allow access to a specific URL or endpoint.
Whitelisted paths are managed in:
WP Ghost > Firewall > Whitelist
Use Whitelist Rule to allow requests that match a specific detection rule or pattern.
This is useful for trusted integrations or custom applications that trigger security rules unintentionally.
Whitelist rules are managed in:
WP Ghost > Firewall > Whitelist
Use Blacklist IP to permanently block a malicious IP address that repeatedly targets your site.
Blacklisted IPs are managed in:
WP Ghost > Firewall > Blacklist
All whitelist and blacklist entries created from the Threats Log are centrally managed in the Firewall section:
This ensures a single, consistent place to manage all firewall exceptions and blocks.
Because hackers often use bots to search for security flaws in your website, it is…
The easiest way to change the default media uploads path is to use the WP…
To hide all CSS and JS you need to follow the steps to Combine the…
https://youtu.be/6ylhojSi-_E In this video, we’ll explore why website security matters and what can happen if…
The security of your WordPress site depends on multiple factors, such as the strength of…
When you enable two-factor authentication (2FA) for your WordPress website, it adds an extra layer…