Plainview Activity Monitor

Screenshots

Activity Monitor tracks all user activity on your blog or network. The activities can be viewed in global table showing activities on the whole network, or locally for just the blog you are currently viewing. The activites can be filtered so that only specific blogs / hooks / IPs / users are displayed. Monitored actions include (not exhaustive): Comments: approve, held, spam, delete Custom Post Types: draft, publish, update, trash, delete Logins: login, login failed, logout Pageviews: admin, front-end Passwords: reset, retrieve Plugins: activate, deactivate Pages: draft, publish, update, trash, delete Posts: draft, publish, update, trash, delete, password Taxonomies: create, edit, delete Themes: switched Updates: WordPress core, plugins, themes Users: register, delete, profile changes And more…. The logged information consists of: A description of what was logged Blog Timestamp Hook that was triggered User ID Premium pack The Activity Monitor Premium Pack is a collection of plugins that greatly expand the monitoring and notification capabilities of the activity monitor. The pack current includes the following plugins: Detection Bruteforce Detect Detect a bruteforce login attempts. Comment Honeypot Detect and prevents spambots from writing comments. Content Watch Monitor post content for specific words and phrases. HTTP POST Hook into HTTP POST requests. IP Too Often Produce a hook when an IP occurs too often doing something. Login Failed Username Look for specific usernames on login failures. Login Honeypot Detect brute forcing of login form using hidden honeypot inputs. Notifications Hook Groups Easily manage several hooks by grouping them together. PDF Reports Create PDF activity reports and send them regularly via e-mail. Send To Cloudflare Send actions to Cloudflare ban / whitelist / null commands. Send To Email Send chosen hooks to various recipients via e-mail. Send To Exec Send chosen hooks to a shell command. Send To Htaccess Send chosen IPs to an htaccess file. Send To Log Send chosen hooks to a log file. Shortcodes Allow use of shortcodes to display the activity table. Prevention Disable Gravatar Disable Gravatar icons in the backend. Disable Google Fonts Disable Google Font loading in the backend. Force Login Force visitors to login before visiting the whole site or single blog. Ignore IP Ignore IPs after having encountered them in another hook. Protect Passwords Selectively protect passwords from being reset or modified. XMLRPC Disable Disable WordPress’ XML RPC function to mitigate DDOS attacks. Integrations bbPress Adds support for bbPress forum / topic / reply actions. Contact Form 7 Adds support for Contact Form 7. Easy Digital Downloads Adds support for Easy Digital Downloads. Gravity Forms Adds support for Gravity Forms. Ninja Forms Adds support for Ninja Forms. git The Activity Monitor has a git repository. Security tips There are several ways for people to break in to your WordPress installation, or cause trouble by DDOS. Here are some tips on how to use the Activity Monitor and its plugins to help detect problems: Get a DDOS protection service with an API. There is a plugin to ban IPs via CloudFlare (Send To CloudFlare). Other APIs could be supported as the need arises. If you have another DDOS service, write a script that can ban visitors by IP. Use this script with the Send To Exec plugin. If you can’t ban users using a script, at least set up the Send To E-mail plugin to inform you of suspicious activity. Use the Bruteforce Detect plugin to detect when an IP or IPs are trying to guess the admin’s password. Ban the IPs automatically using Send To Exec. Do not use admin as the username for your administrator account. Instead, use some else and add the admin username to the list of banned usernames in the Login Failed Username plugin. Ban the IPs that cause the plugin to react. Custom hooks See the developer documentation for relevant info on how to create custom hooks.