[Defender Pro] Aggregate data from other security auditing plugins

Looking at the WP Security Audit Log plugin I’m envious of its audit logging of changes in yet other plugins.

We see requests in these forums from time to time for WPMU DEV plugins to support features which are present in other plugins. I really don’t like that approach. I believe it’s better for Dev to dove-tail with other plugins rather than trying to duplicate functionality.

For this request, rather than asking for a duplication of the same logging found in that other security plugin, or others, I’m asking for an enhancement to Defender which retrieves audit data from other plugins, and integrates that data into the Defender Audit Log. With this approach, Dev doesn’t need to integrate with Yoast SEO, WooCommerce, or other plugins to capture their events, we just need one code module to retrieve data from one plugin. Of course a site that wants that logging data needs to install that separate security plugin. But once this task is complete we will continue to get all of the benefits of enhancements to that plugin and Dev doesn’t need to do anything!

Following on with that concept – I believe such an integration should be implemented as an add-on, like Forminator supports a number of add-ons for other plugins. So we can have the first one for WP Security Audit Log, another for IP Geo Block logs, another for Ban Hammer, etc.

The result is that Defender will provide a single dashboard for a wide variety of audit logging, far beyond anything that Dev has the desire or ability to build-in. This is something that I believe is unique in the industry, and that should draw more people to use this plugin.

Thanks.

    • Tony G
      • Mr. LetsFixTheWorld

      I try really hard to reduce staff workload when I see anything that looks like it will increase the load. This is entirely self-serving. I do this because I want more out of my vendor WPMU DEV, more code, more features, more documentation. I want DEV to process more tickets in the Huge volume of tickets that have already been approved. One way I can get what I want is to make it easier for a lot of other people to get what they want. This request can save processing of a lot of other requests for specific kinds of audit logging in Defender. It may also help to get new users for Defender, new subscribers for WPMU DEV, and thus more revenue to continue paying staff to do what I want. So while this seems like a lot of work, I see it more like a small investment toward reducing other expenses.

      To reduce the load even further, if Defender gets an enhancement with an API to support injection of audit data, then someone can create a plugin that interfaces other plugin audit data. Hey, I have no idea – this might already be in there. Maybe a simple look at the code will reveal a function that can be invoked. This could actually be used by Dev to support its own add-ons, but if the concept of add-ons for Defender isn’t yet “a thing” in the eyes of management or developers, then I’ll be happy with simple hooks, functions, documentation, or sample code published here.

  • Tony G
    • Mr. LetsFixTheWorld

    Over the last few days I was securing one of my sites, and for the first time I implemented Fail2Ban. That software monitors log files, and when defined regex conditions are met it triggers actions, specifically to ban IP addresses through IPTables. …At least that’s how I understand it so far, and it seems to work like that. :slight_smile:

    What I’ve unknowingly described for this ticket is the essence of Fail2Ban, which has filters for a lot of software products. Now I’m thinking that filters can be created for the logs of other WP plugins, and the action taken when a rule is matched would be to update the Defender log, rather than banning an IP.

    I don’t know if anyone is using Fail2Ban like that but I suspect someone is. For all I know that could be a core/advertised feature – to do things other than actual banning via IPTables.

    If nothing else, one thought I had was that it would be helpful to have a Fail2Ban filter for the Defender logs, so that when it detects an intrusion we can then ban the offending IP at the server level. This will help with other WP sites on the same server and other applications. I could even take the IPTable rule and copy it to my other systems : If some bad actor tries to hack one of my systems/sites, I don’t want them to have access to ANY of my systems in my cloud network. I could do this one myself very easily with no changes required in Defender or WP.

    This isn’t a big deal guys. Think big, and sometimes small solutions can help to get you there.

    HTH

    • Nithin
      • Support Wizard

      Hi Tony G ,

      I do understand you and we have already passed your feedback regarding this to our team so that we could look further regarding this, and discuss the possibilities of the aspects of such a feature down the roadmap.

      Have a nice day ahaed. :slight_smile:

      Regards,
      Nithin

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.