The Event Monitor is an important feature of the Sucuri WordPress plugin. The Event Monitor is a tool that logs many of the actions triggered by WordPress. Logged events include the following:
- User successfully authenticates
- User fails to authenticate
- File is uploaded
- Post or page is created
- Post or page is published
- Widget is activated
- Plugin is installed
- Theme is changed
- Settings are modified
The Sucuri plugin does not monitor every event triggered by WordPress; only the ones that we consider relevant for security. Additionally, we monitor global setting changes and core WordPress updates.
Disable Email Alerts
You may find that the plugin is too sensitive to some of your site’s regular events like user authentications or post/page publications.
The plugin is a good method to understand background WordPress tasks. If find you are receiving too many alerts, you can modify the settings:
Settings -> Alerts -> Alert Events.
Deselect the alerts you do not want to receive.
Even if you disable the email alerts the plugin will keep monitoring the events triggered by WordPress and the information will be sent to our API service which powers the "Audit Logs" panel located in the plugin’s dashboard page.
Change Email Recipient
When you create the API Key, the admins email address is automatically used for sending out notifications. If you would like to change the recipient:
Go to Sucuri Settings -> Alerts -> Alert Events
Paste the email address in the text box
Click "Add Recipient"
Failed Login Alerts
If you are getting too many emails about "Failed Logins" you are probably under a Password Guessing Attack. You can either disable the alerts for failed logins or install a firewall.
WAF, our web application firewall, can protect you against Brute Force Attacks, DDoS Attacks, and many others. Learn more here.
The plugin considers your website is under a Password Guessing Attack after it detects more than thirty failed login attempts within the same hour.
You can increase this default number by doing the following:
- Go to Sucuri Settings -> Alerts -> Password Guessing Brute Force Attacks
- Click on the drop-down menu next to "Consider Brute-Force Attack After"
Select the number of Failed Login Attempts you would like to be considered as an attack.
It is recommended to disable the email alerts for failed logins and enable the alerts for brute force attacks. This will force the plugin to collect all of the failures per hour and send a single email notification.
You can also install a firewall, which we recommend, to secure your site from malicious attacks!