Sucuri for WordPress Hosting: Security Activity Auditing

In this article

• Breaking Down Security
• What is Security Activity Auditing?
• What Do I Do?

This article describes how to leverage the Sucuri plugin for WordPress Hosting to audit security activity. It also describes the benefits of using this plugin to secure your WordPress website.

NOTICE: Sucuri for WordPress is just one way to secure your website’s data. Check out the many features WordPress Hosting by InMotion Hosting includes; supplementing security for your website.

Breaking Down Security

Your website is always online and open to the public. Securing your website around-the-clock is vital to your success. An effective security strategy encompasses much more than a “set it and forget it” ideology. To simplify implementation, you can breakdown security into three categories: prevention, detection, and auditing.

To better understand this breakdown, think about securing a convenience store. Door locks prevent a burglar from entering the store. Surveillance cameras can detect theft. Cash and inventory auditing sheds light on vulnerabilities in the processing and handling of valuable assets.

Now, you’re probably wondering how this breakdown can apply to your WordPress website. To truly see the connection, you need to understand the features that are offered by the Sucuri for WordPress plugin. For instance, Sucuri’s Web Application Firewall (WAF) provides a way to prevent access to your website. It’s just like locking the door to keep burglars out. File integrity checks will detect unauthorized changes made to the core files of WordPress. Lastly, security activity logging helps you audit the activity on your website. Read on to learn more about security activity auditing.

What is Security Activity Auditing

The Sucuri plugin for WordPress is a versatile tool that allows you to oversee the security of your website. One of the most insightful features of this plugin is the security activity logging. Sucuri records events that have the potential to be malicious to the Audit Log. Below is an example:

The following is a list of the information you can obtain from the details contained in the Audit Log.

• Date of activity
• Time of activity
• IP address associated with activity
• Username associated with activity
• A brief description of the activity

Now, you know what this log is and what information it contains. Read on to learn what you can do to resolve discrepancies you identify.

What Do I Do?

First, compare this log with known activity. This is how you can identify the issue(s) that demand your attention immediately. If anything appears suspicious, you should review the activity further to determine how you can mitigate the issue.

User Authentication Failed

Depending on the circumstances, there are various actions you can take to mitigate the issue. For instance, if you identify an IP address that has failed authentication, you have a few options to mitigate this issue. Be sure to consider the circumstances thoroughly. If you are the only one that logs into WordPress, then whitelist your IP address to deny anyone else login abilities. However, if you have visitors that will log into your WordPress website, you can blacklist the IP. Blacklisted IPs will not be able to access the login page.

Unauthorized Changes

The Audit Logs also record details of modifications made to your WordPress website. For instance:

• Plugin Activated/Deactivated
• User Account Created/Deleted
• Theme Activated/Deactivated
• Sucuri Plugin Settings Changed

First, reset the WordPress user’s password identified as the culprit. Then, revert the changes.

Now, you are familiar with the Security Auditing Logs and how to take action in response to the entries present.