OWASP Top 10 & WordPress Activity Logs – Addressing A10: Insufficient logging & monitoring

monitoring_iconLogging and monitoring are so important in web application and WordPress security that lack of logging functionality in web applications has now been added to the OWASP Top 10 list:

Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring.

A10:2017 – Insufficient Logging & Monitoring

What is OWASP?

OWASP Full Logo

OWASP stands for Open Web Application Security Project. It is a worldwide not-for-profit organization focused on improving the security of software, mostly web applications. Similar to the WordPress community, OWASP has hundreds of chapters (meetups) in cities around the world.

What is the OWASP Top 10?

The OWASP Top 10 is a list of the most commonly found and exploited web application vulnerabilities. The list is compiled from feedback from leading vendors and professionals working in the industry. And is released every three years. The scope of the OWASP Top 10 list is to raise awareness amongst developers and managers. The first list of OWASP Top 10 was published in 2004.

Refer to the OWASP Top 10 official page for more information about the project and all the vulnerabilities and security issues listed in it.

Logging, Monitoring & Incident Response Solution for WordPress

As clearly highlighted in A10 of the OWASP Top 10 for 2017, logging on its own is not enough. Only a complete logging, monitoring & incident response solution will keep you abreast of what is happening on your WordPress and WordPress multisite network websites, and allow you to thwart possible malicious attacks before they actually happen.

There are several WordPress audit trail / logging plugins available though most of them are designed for troubleshooting purposes, for agencies and contractors who would like to keep an eye what their customers are doing on their website. These plugins do not have comprehensive logging and features. Only the WP Security Audit Log plugin meets all the requirements of a complete logging, monitoring and Incident response solution for WordPress because it has:

Comprehensive WordPress Audit Logs

The WP Security Audit Log plugin has the most comprehensive WordPress audit trail both in terms of breadth and depth.

WordPress audit trail in the WP Security Audit Log plugin

The plugin keeps a record of WordPress posts, tags, user profiles, themes, plugins, WordPress settings, WordPress multisite networks changes and more. Here is a complete list of WordPress changes that the WP Security Audit Log plugin keeps track of in the WordPress audit trail.

In terms of depth, for example when there is a WordPress user password change, the plugin keeps a record that a password was changed in the audit log, rather than a generic record of a WordPress user profile change. For every change the plugin also keeps a log of who did the change, the IP address from where the user is logged in, the date and time etc.

Search, Reports & Email Notifications for Important WordPress Changes

The WP Security Audit Log plugin has all the right tools to help you ease troubleshooting and monitoring, and also to keep you two steps ahead of your attackers. You can use the:

  • Full-text search feature to find a specific activity for when doing troubleshooting or forensics work. You can also use the built-in filters to fine tune the search results and find what you are looking for much quicker.
  • The Reports to create any type of user productivity, summary and regulatory compliance reports. You can also create statistics reports and configure automated daily, weekly, monthly and quarterly reports.
  • Email Notifications so you are instantly alerted of important changes on your WordPress via email. You can enable any of the built-in email notifications or use the trigger builder to build a trigger that sends an email when a specific change you configured happens.
  • WordPress Users Session Manager to see who is logged in to your WordPress and what they are doing in realtime mode. You can also remotely terminate a session and block multiple sessions for the same user.

See who is logged in to your WordPress and WordPress multisite websites

Other Noteworthy Features of the WP Security Audit Log Logging & Monitoring Plugin

The WP Security Audit Log plugin also has a number of database and integration tools that you can use to guarantee the integrity of the audit logs, and to also ensure your website meets the strict regulatory compliance requirements.

For example by default the WordPress audit trail is stored in the WordPress database. You can use the plugin’s utilities to store the audit log in an external database, improving both the speed and the security of your WordPress website. You can also configure mirroring of the logs to an external database, syslog and third party logging solutions such as Papertrail.

Use a Logging & Monitoring Plugin to Improve the Security of Your WordPress Websites

WordPress security is a process and not a one time solution. It is based on four principles; harden, monitor, test, improve. All principles are important, so it is vital that each of the four principles in the WordPress security wheel is properly taken care of, because the security of your WordPress website can only be as strong as the weakest link in the chain.

The Benefits of Keeping a WordPress Audit Trail are Multifold

In this article we have just seen how important it is for the security posture of your WordPress website to keep an audit trail of everything that is happening on your website. Audit trails can help you:

  • Identify any suspicious behaviour,
  • Get automatically notified of any important issues,
  • Thwart attacks before they actually happens,
  • Do forensic work to easily find out what happened during an attack.

Though there are more benefits to keeping a record of all the changes that happen on your WordPress website in an audit trail. It is not just about security. With an audit trail:

  • you can keep an eye on the productivity of your users,
  • Ease the troubleshooting of WordPress technical issues,
  • meet strict regulatory compliance requirements that your business has to adhere to,
  • Generate reports for your superiors to keep them happy!

Install the WP Security Audit Log Plugin on Your WordPress Websites

Download and install the WP Security Audit Log plugin on your WordPress websites. Getting started is really easy – once the plugin is installed it will automatically start keeping a record of everything that is happening on your WordPress website, as explained in this getting started video.

Take Control of Your WordPress Site

Keep a log of all your WordPress site changes, get instantly notified of important changes and see who is logged in real time.

Leave a Reply

Your email address will not be published. Required fields are marked *