How You Can Enhance DreamShield With a Security Audit Log

How You Can Enhance DreamShield With a Security Audit Log thumbnail

While it can be tempting to install a WordPress security plugin and sign off, the best website security strategies combine various tools to protect both users and content. However, knowing which tools are worth your time can be challenging.

It’s vital to take a close look at the features your security tools provide and pair them up so that all your bases are covered. For example, you might start with a malware scanning and removal tool such as DreamShield and then enhance it with a security audit log plugin.

In this post, we’ll explore this exact combination. We’ll start by introducing you to both DreamShield and WordPress security logs. Then we’ll cover three ways this duo can help protect your site. Let’s get started!

Do More with DreamPress

DreamPress' automatic updates and strong security defenses take server management off your hands so you can focus on creating great content.

An Introduction to DreamShield

A few years ago, we released DreamShield, a security scanning and malware removal tool for DreamHost users. It not only alerts you to vulnerabilities on your WordPress site but also helps you recover after an attack by automatically removing malware and fixing permissions issues.

The DreamShield information page.

By using DreamShield, you can keep your site more secure without lifting a finger. Once enabled, DreamShield performs daily scans for malware and other potential security risks.

You’ll also receive update notifications to remind you when your WordPress installation, plugins, and themes need to be upgraded to the latest version. These notifications can help you take advantage of security patches for known problems.

DreamShield is an add-on for DreamHost plans. You can incorporate it into your hosting account for just $3 per month. Considering the price tags on some other big-name WordPress security tools that offer DreamShield’s features, this is a steal (in our humble opinion)!

The Benefits of Tracking User Actions Within WordPress

However, no security tool can do it all. For this reason, you should consider enhancing DreamShield with a security audit log, which sometimes is also called an activity log.  A security audit log is a record of every action taken on your site so you can spot and quickly resolve problems.

WordPress doesn’t include a security log out of the box. However, you can keep a security log by installing a plugin. WP Activity Log is one of the most popular and highly rated.

The WP Security Audit Log plugin.

You’ll be able to easily keep track of all the changes made to your WordPress site, including theme and plugin installations and updates, as well as which user made each change. Additionally, you can see each login attempt, including when and where it took place.

If you spot any activity that seems suspicious, you can log users out remotely with a single click. While all of this may seem overwhelming and hard to track, email notifications can alert you to the most significant changes, and comprehensive monthly reports can provide a detailed overview.

WP Activity Log is available in both free and premium editions. You can download the free version to keep the audit logs or go with WP Activity Log Premium to add SMS and email notifications, reports, user sessions management, and much more. Licenses start at $89 per year.

How You Can Enhance DreamShield With a Security Log (3 Tips)

While DreamShield and a security log are individually useful for maintaining your WordPress site’s security, they work really well together. Here are three ways a security log can improve DreamShield’s effectiveness.

1. Monitor Your Logged In Users

By using a security log, you can easily keep track of who’s logged in to your site, when, and from where.

Monitoring user login activity with WP Security Audit Log.

You’ll also be able to see when a non-existent username tries to log in, when a series of unsuccessful logins has taken place, and when there has been a number of failed login attempts. All of these indicate a possible brute force attack.

Tracking suspicious and failed login attempts with WP Security Audit Log.

This feature is beneficial for a few reasons. In addition to monitoring for brute force attacks, you can note suspicious behavior — users who are logging in from an unusual IP address or at strange times of the day.

A security log complements DreamShield’s scanning and malware removing features. You can keep an eye out for suspicious behavior and prevent attacks by logging out and blocking suspicious users.

While the free version of WP Activity Log will allow you to monitor login attempts, you’ll need the premium plugin to log out WordPress users remotely and block them from your site. It also enables you to prevent simultaneous sessions so two people can’t log in to the same account at the same time.

Get Content Delivered Straight to Your Inbox

Subscribe to our blog and receive great content just like this delivered straight to your inbox.

2. Boost Your Prevention of Malicious Activity

In addition to monitoring when users log in and out, you can also see when they make changes to your site, such as updating posts and pages or uploading files to your Media Library.

A file upload event in WP Security Audit Log.

If users are making unauthorized changes to your site, it could indicate malicious behavior. A user with bad intentions could add spam links to your posts, upload malicious files, or even delete content from your site altogether — stealing hours of hard work.

While DreamShield’s automated malware removal feature is an excellent way to recover after an attack, it’s always best to avoid a security breach in the first place. By noting unusual changes made to your site, you can stop an attack as or before it’s happening.

Plus, you’ll know exactly what’s been done to your site and can work to reverse changes not covered by DreamShield such as spam links or deleted content. Our DreamPress plans come with automated backups and one-click restore functionality to help you recover what you’ve lost as well.

3. Troubleshoot More Efficiently

Sometimes the trouble with your WordPress site isn’t directly security-related. Compatibility errors following WordPress core, plugin, or theme updates can spell disaster for both you and your users if your site becomes inaccessible.

Fortunately, since WP Activity Log keeps track of each and every update on your site, you can quickly find offending plugins or themes.

A plugin update in WP Security Audit Log.

After restoring a backup of your site to undo the changes made by the update, you can get to work on making sure each part of your website plays nicely with the others. This takes all the guesswork out of traditional WordPress troubleshooting.

Paired with DreamShield’s update notices, a security log can help ensure your website is up-to-date without causing errors. You’ll be able to better protect your site, users, and revenue by keeping vulnerabilities patched up.

Secure Your Site

Securing your WordPress site isn’t something you want to take lightly. Building an effective security strategy should include combining multiple tools to make sure all your bases are covered, and your users and content are protected.

When it comes to protecting your WordPress site, DreamHost has your back. Add DreamShield to your hosting plan today!

Photo of Jason Cosper
About the Author:

Jason is DreamHost’s WordPress Product Advocate, based out of Bakersfield, CA. He is currently working on making our DreamPress product even better. In his free time, he likes to curl up on the couch and watch scary movies with his wife Sarah and three very small dogs. Follow him on Twitter.