New to the community? Start here

[The Hub] WP Login log in the Hub

1

It would be helpful to have a user login log in the Hub, either with the hosting logs or in the Defender tab somewhere easy to find quickly (I’m referring to logins to the WP admin).

Aside from benefits for security purposes, every now and then I need to un-do something on a site, so I’d like to restore a backup, but I don’t want to do that if my client has edited something after the most recent backup. So it would be helpful if I could quickly see the last time they logged into WordPress to compare against when the last backup was taken, to help decide whether I can safely restore the backup without losing edits they may have made.

This would be helpful for me but obviously should be hide-able in the Hub’s role permissions if it gets added, since I don’t really want my clients watching my login activity.

Fri, 19 Jan 2024 17:35:45
More The Hub discussions
The Hub
  • Patrick Freitas
    • FLS

    Hi Greg

    I hope you are doing well.

    The main reason for not having such data on HUB would be the security, having it there means we would be saving the logs on our databases which contain the username of your websites and the IPs, in some countries it may conflict with the laws.

    But we forwarded it to our developers to re-check the possibility of having this feature on HUB.

    Best Regards
    Patrick Freitas

  • Greg
    • The Crimson Coder

    Thanks for the reply Patrick Freitas – in that case for this particular situation, perhaps it would be helpful to have some kind of ‘backup obsoletion’ feature, where each backup could have some indication about whether any major changes (post save, comment, woocommerce order, media upload, etc.) have happened since it was taken. Better yet if it could say how many and what type, like “3 posts, 5 comments, 1 order updated since this backup” – that’d be very helpful.

    Anyway, just some thoughts. If I really want to specifically know when they logged in I can check elsewhere.

  • Adam
    • Support Gorilla

    Hi Greg

    Thank you for response!

    I see what you mean with those backups but… I’m sorry but I need to add another “but” here ;)

    From our perspective, we can talk about two types of backups:

    1. built-in hosting backups for sites hosted with us
    2. backups (for sites hosted with us and 3rd-party hosted sites connected to the Hub) made with our Snapshot plugin.

    —–

    The first case (point 1) actually already has similar information, sort of. If you look at the list of hosting backups for any of your sites hosted with us, you’ll notice there are columns with numbers, like this (example taken from one of my own sites):

    [attachments are only viewable by logged-in members]

    Those columns there show the number of posts, pages, comments, uploaded files (to media library only), plugins (installed in total), themes (installed in total) and user accounts on the site at the time of taking backup.

    In my example you can see they are different for the previous backup (bottom one) and newest backup (top line) and that’s because I made changes on the site. I’ve actually added one post and one page, removed 6 comments, added one plugin, removed one theme and added one user.

    So by taking a look at those number you can see if the changes were made and also get a rough idea in what “area” of the site.

    —–

    The second case (point 2 – Snapshot backups) is a bit different and there, I’m afraid, we can’t easily have such information for now. That’s because those backups are made on a “raw” file/db level by the script.

    Backup script of the plugin just scans the file/folder list of the site and includes what was added since last backup, then it just makes a database dump. It doesn’t “analyze” database content and doesn’t check those numbers (of posts etc) currently.

    Technically speaking, it would probably be possible to add this kind of information to it and store it with backup (maybe e.g. in a modified “manifest” file or some additional file) but that would require quite a bit of additional new code to be developed and added to the plugin. Note that this kind of backup is already quite a resource-intensive tasks so adding this sort of check could actually make it even more heavy on resources – but maybe it could just be optional.

    —–

    All in all, if it comes to Snapshot backups, I don’t think including any detailed stats (like “user X made a change Y on date/time Z”) in Snapshot backups would be easily possible and it would surely increase resource usage way too much. But adding basic stats like the once that the hosting backups have – that may possibly be doable.

    If you could, please, open a separate feature suggestion about this specifically (you can link to my post in it also, to add context) I think our Snapshot Team could look into it and see if we could add something like this in future.

    —-

    On the other hand, note that you can also enable Audit Logging feature in Defender plugin. You can check at any time what actions were taken on site (well, not “everything” is logged but things like e.g. adding new users or publishing content etc – they are there, including date, time, IP and username of logged-in user). You can filter that list and also check only for defined date range so that would help determine if and what changes were made on site.

    Best regards,
    Adam

  • Greg
    • The Crimson Coder

    Hi Adam Czajczyk – Thanks for the response.

    Yes I’m aware of the info in the backups tab, which does help, but some way to see how many of them have been *updated*, not just the current number of them, and perhaps an option to include other custom post types or WooCommerce orders, would be closer to the level of info I had in mind. I don’t need to know which user changed it, just how much data I’m going to lose if I restore. But if it’s not really possible then I suppose it’ll just be as it’ll be and fortunately I don’t have to restore backups often.

    It would be cool if Snapshot included similar info but I don’t use it at the moment.

    Cheers.

  • Adam
    • Support Gorilla

    Hi Greg

    Thanks for response and additional explanation!

    I see the point but then again – this would add up a lot of code, in fact not really related to backups, to that. There isn’t any ready to fetch log of such things (like post/page updates, updates of user accounts and other similar changes) in WP anywhere.

    Gathering all such information requites:

    – either keeping a script/plugin active that monitors all those changes in real time (similarly to what Defender’s audit log does but with a bit more complex logs for the use that you described)

    – or actually doing something way more resource-hungry: before making new backup – taking last one, extracting it, analyzing data in DB and comparing it against current DB); of course some things, such as e.g. post updates would be easier because for each post there’s a date saved so it’s enough to check if that update data was after last backup or before but that still needs reading post data for all the posts/pages etc which is a lot, especially on a big sites; but that’s only about posts and that kind of content – for comments you don’t have dates where they were deleted or edited, you don’t have internal log of what changes were made in configurations of active plugins or theme and so on…

    My point here is not to “ditch the idea”, not at all, just that it may not be that simple and may require quite a bit of development that needs to be very well thought “functionally”/”feature-wise”.

    ———————-

    That actually gets me back to your initial post and maybe we’ve went a bit “sideways” here.

    In your initial post you suggested checking “when client logged-in last time”. There is a nice plugin for that:

    https://wordpress.org/plugins/wp-last-login/

    It simply adds a column to the user list within the site where it shows when given user logged-in last time.

    A super-simple solution for now could be to just use this on site and you cold then check when given users logged-in and compare that with date of last backup. That’s nearly the same that you suggested initially except it wouldn’t show data in the Hub (which, as my colleague earlier stated, can possibly be a bit of security risk or at least cause some legal complications related to privacy).

    So surely not that convenient as if it would be with the Hub but could work…?

    Best regards,
    Adam