Set up logs for your website

Logs record all the actions that people take when they access your website or server. They’re useful for identifying when a particular action was taken and by whom.

Set up logs and email alerts for unusual or unexpected events

Each content management system (CMS) offers different options for logging events. Some important events you should set logs up for include:

  • successful logins to your CMS and any other hosting software you use. For example, you might have access to WordPress to manage the content on your website, and cPanel to manage your web server and database. You can set up a log to record and notify you each time someone accesses them.
  • changes to the files on your CMS and any other hosting software you use. For a lot of businesses, these things don’t change that often. Setting up a log will let you know if there are any changes made without your knowledge. For example, if someone puts malicious files on your system, the log will record the action and alert you to it.
  • changes to your log configurations. These will rarely change. If they do, it could mean that someone has access to your system and was able to disable your logs. If you’re not alerted to something like this, you won’t know what’s going on with your site behind the scenes.
  • unsuccessful logins with two-factor authentication (2FA). You need to know if someone tries to access your account with a valid username and password, but without a second factor to authenticate it. This is a good sign that someone has gained access to your username and password details. It lets you know that you need to change them immediately.

You can set the logs up to notify you about any unusual events by email. Its a quick and easy way to see when something’s up. Consider creating an email account specifically for the notifications. That way you can make sure they don’t end up buried under your other emails.

Check and test your website every now and again

It’s good to check that everything on your site is still configured and set correctly from time to time. When an attacker gets access to a system, often the first thing they’ll do is disable logging. It makes their actions much harder to detect.

Every couple of months, check your log configurations and test them to see if they still work. Check the last modified date of the content and folders in your CMS too. Make sure none of your content has changed since the last time you updated it.

Set up software and plugin patch notifications

It’s a good idea to set software updates to happen automatically as soon as they’re released. But if you don’t do this, you can set up a notification to tell you when new updates are available. They often contain security fixes that you should install as soon as possible.

Have a way for people to contact you when things don’t seem right

Have an easy way people can contact you if they see something unusual on your site. For example, an email address for whoever’s best placed in your business to respond to IT queries.

Your contact details should be both on your website and on the searchable domain details database, WHOIS. Talk to your domain name provider about making sure your details are included. IT professionals often use it to find contact details for businesses. It’s also our first port of call if we ever need to contact you.

Visit CERT NZ for more information. 
Visit ACSC for more information.