Activity Log
The Activity Log page of the SiteGround security plugin contains a log of all activity events on your website for the past 12 days. These include, but are not limited to: human visits, bot crawls, registered users activity, login attempts, and more. Monitoring the Activity Log can help you better understand your site’s audience and recognise suspicious visitors or activities.
The Activity Log consists of 3 tabs, representing one of the 3 main activity categories:
- Unknown – a log of all visits, coming from bots or humans who have not authenticated as registered users of your website at the time of the visit.
- Registered – a log of all activity coming from registered users
- Blocked – a list of all blocked users and IP addresses
Unknown Activity
In the Unknown tab you can find a list of all recent unregistered traffic with timestamp and IP information, along with the response code each traffic request resulted in. Generally, a 200 response code means that the request was successful and the user has reached the page or resource they were looking for. You can find more information about HTTP response codes in this article.
The Unknown Activity Log provides not only useful information about detecting suspicious activity but a way to easily block or unblock such visits. A suspicious activity can be: an unknown user that is repeatedly attempting to access the login or another restricted page; bots that are generating a huge amount of visits in a short period of time; suspicious traffic, different from your usual visitors; and more.
If you notice a suspicious activity, you can easily block the IP the suspicious traffic is coming from in the Actions tab by clicking on “Manage IP Traffic”. Users coming from blocked IPs will now see an “Access denied” page every time they attempt to access your site. You can find all blocked IPs in the Blocked tab where you can unblock it at any point.
Registered Activity
The activity log for registered users provides an opportunity to review your users actions and be aware of where certain changes came from. If you feel that a user is not acting as they’re supposed to or you think that their account may have been hacked, you can block the user in the Actions tab by clicking on “Manage User Traffic”. Blocking a user will change their role to “subscriber” – meaning that they can still browse their website but have no editor/admin rights. You can find all blocked users in the Blocked tab where you can unblock them at any point (this will reverse their role to the one they had before the block).
Blocked IPs and Users
In the Blocked tab, you can find a list of all currently blocked IPs and users. There are 3 types of blocked activity:
- Manually blocked IP addresses – those that you have manually blocked from the Unknown Activity tab. They will remain blocked until you manually unblock them;
- Automatically blocked IP addresses – IP addresses that have attempted to log in with a wrong combination of user and password more than once. These blocks will expire from 1 hour to 7 days from the block time, depending on your “Login Attempt Limit” as set in the Login Security page of the plugin.
- Blocked users – a user that you have manually blocked from the Registered tab. They will remain blocked until you manually unblock them.
