內容簡介
Jeepers Peepers 提供一個可延伸的介面,可將 WordPress 事件(如使用者登入、檔案上傳、文章刪除等)記錄到標準系統日誌。
所產生的稽核軌跡可整合到強大的日誌監控工具(例如 OSSEC)中,為預防性保護提供支援,並在遇到駭客事件時,可作為重要的參考資料進行善後調查。
以下事件會自動進行記錄:
內容:啟動wp_die();
內容:附件刪除;
內容:附件旁路載入;
內容:附件上傳;
內容:文章刪除;
內容:文章發布;
網路:GET、HEAD、POST 等請求;
外掛:啟用;
外掛:停用;
外掛:升級;
使用者:刪除;
使用者:登入被封鎖(透過 Apocalypse Meow);
使用者:登入失敗;
使用者:登入成功;
使用者:新使用者;
使用者:密碼重設;
每個日誌條目都會記錄:
UTC 時間戳記;
嚴重程度;
使用者 IP 位址(如果是自動化情況,則為 127.0.0.1);
已登入的使用者名稱(如果適用);
事件訊息;
外觀大致如下:
WordPressAudit 2017-05-24 16:35:45 [warning] yourdomain.com 68.256.55.123 "tiffany" "Deactivated plugin: look-see-security-scanner"
需求
WordPress 4.7 或更新版本。
PHP 7.3 或更新版本。
Linux 主機。
單一網站實例。
日誌檔案必須可由 WordPress 寫入。
請注意:在運行 WordPress 前,使用已到達其生命週期結束的 PHP 版本是不安全的。未來的插件版本可能會為了必要而不再支援舊的未維護 PHP 版本。為確保您持續收到插件更新、錯誤修正和新功能,請確保 PHP 保持最新狀態。🙂
隱私政策
Jeepers Peepers 將 CMS 事件(例如文章和外掛變更)記錄到標準系統日誌中,以供安全保護和審計目的使用。在可能的情況下,這些條目包含負責人的公共 IP 位址和/或 WordPress 使用者名稱。
此外掛不會向遠程位置或第三方發送這些資訊。
請注意:Jeepers Peepers 不會與 WordPress GDPR「個人資料」功能整合。(選擇性刪除稽核日誌將破壞此外掛的目的!哈哈。)
外掛標籤
開發者團隊
原文外掛簡介
Jeepers Peepers provides an extensible interface for recording WordPress events — user logins, file uploads, post deletions, etc. — to a standard system log.
The resulting audit trail can then be incorporated into powerful log-monitoring tools like OSSEC for pre-emptive protection and, in the unfortunate event of a hack, used as a vital reference in the post-mortem investigation.
The following events are automatically logged:
Content: wp_die() triggered;
Content: attachment deleted;
Content: attachment sideloaded;
Content: attachment uploaded;
Content: post deleted;
Content: post published;
Network: GET, HEAD, POST, etc., requests;
Plugin: activated;
Plugin: deactivated;
Plugin: upgraded;
User: deleted;
User: login banned (via Apocalypse Meow);
User: login failed;
User: login succeeded;
User: new user;
User: password reset;
Each log entry records:
UTC timestamp;
Severity level;
User IP address (or 127.0.0.1 if automated);
Logged in username (if applicable);
Event message;
It will look something like this:
WordPressAudit 2017-05-24 16:35:45 [warning] yourdomain.com 68.256.55.123 "tiffany" "Deactivated plugin: look-see-security-scanner"
Requirements
WordPress 4.7 or later.
PHP 7.3 or later.
Linux host.
Single-site instance.
Log file must be writeable by WordPress.
Please note: it is not safe to run WordPress atop a version of PHP that has reached its End of Life. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂
Privacy Policy
Jeepers Peepers records CMS events such as post and plugin changes to a standard system log for security and audit purposes. Where possible, these entries include the public IP address and/or WordPress username of the individual responsible.
This plugin does not send any of this information to remote locations or third parties.
Please note: Jeepers Peepers DOES NOT integrate with any WordPress GDPR “Personal Data” features. (Selective erasure of audit logs would undermine the very purpose of this plugin! Haha.)
