Suggestion – option to only log miss

  • First off, great plugin – thanks for writing it and for supporting it.

    I seem to receive a lot of random URL attacks, probing for php or png files to determine if I have a certain plugin affected by vulnerability.

    Would it be possible/would it make sense to (optiionally) filter out hits other than to html files?

    E.g. I would like to separate hits like the following:
    /2010/08/formaggio-cheese.html?m=1 (useful to me)

    from hits like the following:
    /wp-login.php
    /wp-comments-post.php
    /wp-content/plugins/social-media-feather/synved-social/image/social/regular/64×64/rss.png

    Additionally, I wonder if you have an explanation for why wp-login.php and wp-comments-post.php are sometimes reported as giving 404 errors, when of course these files do exist on my server.

    Thank you!

Viewing 1 replies (of 1 total)
  • Plugin Author Samir Shah

    (@solarissmoke)

    Hi,

    Would it be possible/would it make sense to (optionally) filter out hits other than to html files?

    To be honest I think you’re probably better off doing this sort of analysis at the web server level if you can. Logging this kind of thing in the database isn’t very good for performance. I know I wrote it, but I don’t recommend using this plugin unless you don’t have access to the web server logs.

    Additionally, I wonder if you have an explanation for why wp-login.php and wp-comments-post.php are sometimes reported as giving 404 errors, when of course these files do exist on my server.

    No idea. The plugin only logs 404s when WordPress reports them…

Viewing 1 replies (of 1 total)
  • The topic ‘Suggestion – option to only log miss’ is closed to new replies.