WordPress Security: Logs

We should look through our logs from time to time to look for suspicious activity. Looking for password cracking attempts is easy because it will normally show in your log lots of times in a section of the log. For example, here is a screen shot of what a wordlist attack looks like after being run for just a few seconds.

As you can see, it’s very easy to see when looking through the logs massive attempts to login. A normal login attempt would have multiple lines before the password “POST” to actually load the page and display the theme.

Below we will show you how to download and access the logs for your site so you can check for password attacks.

SiteAdmin

This section assumes that you are already logged into SiteAdmin.

  • 1) Click the Raw Access Logs link from the Stats & Logs section of the left menu.
  • 2) Now click the domain that your WordPress is attached too to start the download.
    • 3) Unzip the file and open the extracted file.

    Please Note: You will need a program that is capable of unzipping .gz files. We recommend 7zip.

    • 4) You can now scroll through the logs as you please.

    cPanel

    This section assumes that you are already logged into cPanel.

    • 1) Click the Raw Access Log button found in the Logs section of cPanel
    • 2) Now click the domain that your WordPress is attached too to start the download.
      • 3) Unzip the file and open the extracted file.

      Please Note: You will need a program that is capable of unzipping .gz files. We recommend 7zip.

      • 4) You can now scroll through the logs as you please.

      If you have any questions, please feel free to comment here or contact our support team. We will be more than happy to help!

Posted in