Plainview Activity Monitor

0

Activity Monitor tracks all user activity on your blog or network. The activities can be viewed in global table showing activities on the whole network, or locally for just the blog you

Version
Last updated
Active installations
WordPress Version
Tested up to
Rating
Total ratings
Tag
This plugin is outdated and might not be supported anymore.

Description

Activity Monitor tracks all user activity on your blog or network. The activities can be viewed in global table showing activities on the whole network, or locally for just the blog you are currently viewing. The activites can be filtered so that only specific blogs / hooks / IPs / users are displayed.

Monitored actions include (not exhaustive):

  • Comments: approve, held, spam, delete
  • Custom Post Types: draft, publish, update, trash, delete
  • Logins: login, login failed, logout
  • Pageviews: admin, front-end
  • Passwords: reset, retrieve
  • Plugins: activate, deactivate
  • Pages: draft, publish, update, trash, delete
  • Posts: draft, publish, update, trash, delete, password
  • Taxonomies: create, edit, delete
  • Themes: switched
  • Updates: WordPress core, plugins, themes
  • Users: register, delete, profile changes
  • And more….

The logged information consists of:

  • A description of what was logged
  • Blog
  • Timestamp
  • Hook that was triggered
  • User ID

git

The Activity Monitor has a git repository.

Security tips

There are several ways for people to break in to your WordPress installation, or cause trouble by DDOS. Here are some tips on how to use the Activity Monitor and its plugins to help detect problems:

  • Get a DDOS protection service with an API. There is a plugin to ban IPs via CloudFlare (Send To CloudFlare). Other APIs could be supported as the need arises.
  • If you have another DDOS service, write a script that can ban visitors by IP. Use this script with the Send To Exec plugin.
  • If you can’t ban users using a script, at least set up the Send To E-mail plugin to inform you of suspicious activity.
  • Use the Bruteforce Detect plugin to detect when an IP or IPs are trying to guess the admin’s password. Ban the IPs automatically using Send To Exec.
  • Do not use admin as the username for your administrator account. Instead, use some else and add the admin username to the list of banned usernames in the Login Failed Username plugin. Ban the IPs that cause the plugin to react.

Custom hooks

See the developer documentation for relevant info on how to create custom hooks.