After discussing two of the main realm of WordPress security – Understanding Vulnerabilities and Securing – today we are moving towards the final process of understanding how we can monitor the whole of our set system as sometimes, only taking precautions can’t help us out and in that time, we have to consider the third option, monitoring. This means that sometimes prevention only not worked out here and there are chances that you may still be hacked, at that time intrusion detection/monitoring plays an important role. It lets you allow reacting faster, understanding better that what’s in actual going on behind the scene and how and in what ways you can recover your site.
Note: If you missed out first and second part of this three-part series, then you can read it at – Hardening WordPress Security: Understanding Vulnerabilities and Hardening WordPress Security: Securing.
#1 Monitoring Your FTP Log Files
If you are on shared or reseller hosting, then you probably don’t have access to the FTP logs files for your account and in that case you need to talk with your hosting provider to provide you the one while if you are on VPS and Dedicated Server, then you have higher authorities with you and you can access your FTP log files which are located at the /var/log/messages directory.
#2 Monitoring Your Apache Log Files
If you are on shared or reseller hosting, you can have an access of your apache log files by logging onto your cPanel followed by clicking on the Error Log icon. The file contains the last 300 Apache errors which have been triggered by your website.
If you are on VPS or dedicated server without a cPanel installation, then you can get the log files in the /var/log/ directory while the apache log would then be located in the /var/log/httpd/ directory. If the server you are using comes with cPanel installs, the actual location of the Apache error log is /usr/local/apache/logs/error_log, where “error_log” is simply a plain text file.
#3 Monitoring Your Web Server Externally
If an attacker tries to add malware or deface your site, you can also detect these with the help of web-based integrity monitor solutions. In order to find the one such solution, all you have to Google it by looking onto Web Malware Detection and Remediation and the list will be there in front of you.
Photo Credit: Flickr/Keith Cooper