OWASP Top 10 & WordPress Activity Logs – Addressing A10: Insufficient logging & monitoring

monitoring_iconLogging and monitoring are so important in web application and WordPress security that lack of logging functionality in web applications has now been added to the OWASP Top 10 list:

Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring.

A10:2017 – Insufficient Logging & Monitoring

What is OWASP?

OWASP Full Logo

OWASP stands for Open Web Application Security Project. It is a worldwide not-for-profit organization focused on improving the security of software, mostly web applications. Similar to the WordPress community, OWASP has hundreds of chapters (meetups) in cities around the world.

What is the OWASP Top 10?

The OWASP Top 10 is a list of the most commonly found and exploited web application vulnerabilities. The list is compiled from feedback from leading vendors and professionals working in the industry. And is released every three years. The scope of the OWASP Top 10 list is to raise awareness amongst developers and managers. The first list of OWASP Top 10 was published in 2004.

Refer to the OWASP Top 10 official page for more information about the project and all the vulnerabilities and security issues listed in it.

Logging, monitoring & incident response solution for WordPress

As clearly highlighted in A10 of the OWASP Top 10 for 2017, logging on its own is not enough. Only a complete logging, monitoring & incident response solution will keep you abreast of what is happening on your WordPress and WordPress multisite network websites, and allow you to thwart possible malicious attacks before they actually happen.

There are several WordPress activity log / logging plugins available though most of them are designed for troubleshooting purposes, for agencies and contractors who would like to keep an eye what their customers are doing on their website. These plugins do not have comprehensive logging and features. Only the WP Activity Log plugin meets all the requirements of a complete logging, monitoring and Incident response solution for WordPress because it has:

Comprehensive WordPress activity log

The WP Activity Log plugin has the most comprehensive WordPress activity log both in terms of breadth and depth.

Audit log viewer within the WP Activity Log which list different events and changes on site by different users

The plugin keeps a record of WordPress posts, tags, user profiles, themes, plugins, WordPress settings, WordPress multisite networks changes and more. Here is a complete list of WordPress changes that the WP Activity Log plugin keeps track of in the WordPress activity log.

In terms of depth, for example when there is a WordPress user password change, the plugin keeps a record that a password was changed in the activity log, rather than a generic record of a WordPress user profile change. For every change the plugin also keeps a log of who did the change, the IP address from where the user is logged in, the date and time etc.

Search, reports & notifications for important WordPress website changes

The WP Activity Log plugin has all the right tools to help you ease troubleshooting and monitoring, and also to keep you two steps ahead of your attackers. You can use the:

  • Full-text search feature to find a specific activity for when doing troubleshooting or forensics work. You can also use the built-in filters to fine tune the search results and find what you are looking for much quicker.
  • The Reports to create any type of user productivity, summary and regulatory compliance reports. You can also create statistics reports and configure automated daily, weekly, monthly and quarterly reports.
  • Email and instant SMS notifications so you are instantly alerted of important changes on your WordPress via email. You can enable any of the built-in email notifications or use the trigger builder to build a trigger that sends an email when a specific change you configured happens.
  • WordPress Users Session Manager to see who is logged in to your WordPress and what they are doing in realtime mode. You can also remotely terminate a session and block multiple sessions for the same user.

Multiple logged-in users in activity log

Other noteworthy features of the WP Activity Log logging & monitoring plugin

The WP Activity Log plugin also has a number of database and integration tools that you can use to guarantee the integrity of the activity logs, and to also ensure your website meets the strict regulatory compliance requirements.

For example by default the WordPress activity log is stored in the WordPress database. You can use the plugin’s utilities to store the activity log in an external database, improving both the speed and the security of your WordPress website. You can also mirror the websites’ activity log to logs management systems such as AWS CloudWatch and Loggly, or to a syslog server and a log file.

Use a logging & monitoring plugin to improve the security of your WordPress websites

WordPress security is a process and not a one time solution. It is based on four principles; harden, monitor, test, improve. All principles are important, so it is vital that each of the four principles in the WordPress security wheel is properly taken care of, because the security of your WordPress website can only be as strong as the weakest link in the chain.

The benefits of keeping a WordPress activity log are multifold

In this article we have just seen how important it is for the security posture of your WordPress website to keep an activity log of everything that is happening on your website. Audit trails can help you:

  • Identify any suspicious behaviour,
  • Get automatically notified of any important issues,
  • Thwart attacks before they actually happens,
  • Do forensic work to easily find out what happened during an attack.

Though there are more benefits to keeping a record of all the changes that happen on your WordPress website in an activity log. It is not just about security. With an activity log:

  • you can keep an eye on the productivity of your users,
  • Ease the troubleshooting of WordPress technical issues,
  • meet strict regulatory compliance requirements that your business has to adhere to,
  • mirror the logs to your logs management system,
  • Generate reports for your superiors to keep them happy!

Install the WP Activity Log Plugin on Your WordPress Websites

Download and install the WP Activity Log plugin on your WordPress websites. Getting started is really easy – once the plugin is installed it will automatically start keeping a record of everything that is happening on your WordPress website, as explained in this getting started video.

Keep tabs of users & other activity on your WordPress site

Ensure user accountability, ease troubleshooting, get instantly notified of critical changes, generate user activity reports, & improve the security posture of your WordPress website.

Leave a Reply

Your email address will not be published.