Plugin Configuration
All settings are under Settings → Logystera in your WordPress admin.
Connection
Credentials are configured automatically when you use the Connect to Logystera button (see Installation). You can also enter them manually in the Credentials tab.
| Setting |
Description |
| Gateway URL |
Gateway endpoint. Leave as default unless self-hosting. |
| Entity Token |
Your entity's public token. Required. |
| Entity Secret |
Your entity's HMAC signing secret. Required. Never expose publicly. |
To rotate credentials, use Rotate Credentials in the Credentials tab — new credentials are delivered automatically.
Event Capture
Configure in the Settings tab.
| Setting |
Default |
Description |
| Collect |
On |
Enable/disable local event capture. When off, no events are written to the buffer. |
| Ingest |
On |
Enable/disable shipping to the gateway. When off, events stay local. Automatically disabled when Collect is off. |
Delivery
| Setting |
Default |
Description |
| Batch size |
200 |
Max events per HTTP request to the gateway. Max 500. |
| Flush interval |
5 minutes |
How often WP-Cron flushes buffered events to the gateway. |
Batch Size and Flush Interval are disabled when Ingest is off.
Privacy
| Setting |
Default |
Description |
| Anonymize IPs |
Off |
Truncate IPs to /24 (IPv4) or /64 (IPv6) before sending. |
When IP anonymization is enabled:
203.0.113.42 → 203.0.113.02001:db8::1 → 2001:db8::
Usernames are always HMAC-SHA256 hashed before transmission — this is not configurable.
The plugin integrates with the WordPress Privacy Policy guide via wp_add_privacy_policy_content(). When editing your site's Privacy Policy page, a suggested Logystera section is available in the policy guide sidebar.
Local history
The plugin can maintain a local MySQL history of events for review in the admin panel.
| Setting |
Default |
Description |
| Enable Local Event History |
Off |
Store shipped events in MySQL for browsing in the Events tab. |
| Event cap |
10,000 |
Maximum events stored locally. Gateway-managed — not user-editable. |
| Retention (days) |
7 |
How long to keep history. Gateway-managed, read-only. |
Tables created: wp_logystera_events and wp_logystera_gateway_logs (via dbDelta on enable). Tables are kept when the feature is disabled (data preserved for re-enabling). Use Wipe local history to permanently drop tables.
Event hooks
Individual signal groups can be toggled on or off in the Event Hooks tab. Settings are organized into groups:
Identity & Access
| Hook |
Default |
Description |
| Successful logins |
On |
Track successful user authentications. |
| Failed logins |
On |
Track failed authentication attempts. Essential for brute-force detection. |
| Auth attempts |
On |
Log all authentication attempts (before success/failure is known). |
| User registration |
On |
Track new user account creation. |
| Profile updates |
On |
Track user profile modifications. |
| Role changes |
On |
Track when user roles are changed. Critical for privilege escalation detection. |
| Password reset requests |
On |
Track password reset link requests. |
| Password resets |
On |
Track completed password changes. |
| Login anomalies |
On |
Detect IP changes between logins and rapid successive logins. |
| Bulk user creation |
On |
Alert when many users are created in a short window. |
Content Integrity
| Hook |
Default |
Description |
| Post create/update |
On |
Track post and page creation and updates. |
| Post status changes |
On |
Track draft→publish, publish→trash, etc. |
| Post deletions |
On |
Track permanent post deletions. |
| Hook |
Default |
Description |
| Comment creation |
On |
Track new comments. |
| Comment status changes |
On |
Track comment approval, unapproval, spam marking. |
| Spam comments |
On |
Track comments marked as spam. |
File Uploads
| Hook |
Default |
Description |
| File uploads |
On |
Track successful file uploads to media library. |
| Blocked uploads |
On |
Track attempts to upload dangerous file types (.php, .exe, etc.). |
Configuration & Supply Chain
| Hook |
Default |
Description |
| Option changes |
On |
Track WordPress option updates (excludes transients). |
| Option change spikes |
On |
Alert when >20 options change within 60 seconds. |
| Plugin activations |
On |
Track plugin activations. Critical for supply chain monitoring. |
| Plugin deactivations |
On |
Track plugin deactivations. |
| Theme switches |
On |
Track theme changes. |
| Core/plugin/theme updates |
On |
Track WordPress core, plugin, and theme upgrades. |
| Off-hours plugin activation |
On |
Alert when plugins are activated between 23:00–06:00 local time. |
API & Network
| Hook |
Default |
Description |
| XML-RPC calls |
On |
Track XML-RPC method calls. Often targeted by attackers. |
| Outbound HTTP errors |
On |
Track failed outbound HTTP requests from WordPress. |
| AJAX calls |
On |
Track admin AJAX requests. |
System & Integrity
| Hook |
Default |
Description |
| Environment changes |
On |
Detect WordPress upgrades, PHP version changes, plugin installs/removals, theme switches. Emitted per flush cycle. |
| File integrity |
On |
Detect changes to wp-config.php and .htaccess (hourly hash check). |
| User lifecycle |
On |
Track user registration and role changes (privilege escalation detection). |
| Cron health |
On |
Track missed schedule events and overdue WP-Cron jobs. |
Health & Errors
| Hook |
Default |
Description |
| Fatal errors |
On |
Capture PHP fatal errors via shutdown handler. |
| Database errors |
On |
Track $wpdb errors (deadlocks, connection failures, etc.). |
| PHP error summary |
On |
Aggregated PHP error counts by severity and source per request. Recommended for production. |
| Memory warnings |
On |
Alert when PHP memory usage exceeds 90% of limit. |
| 404 errors |
On |
Track page-not-found errors. |
Off by default. Enable with caution on shared hosting.
| Hook |
Default |
Description |
| Slow queries |
Off |
Track database queries exceeding 500ms. Sampled at 10% of requests. Requires SAVEQUERIES or WP 5.7+. |
| Hook timing |
Off |
Track execution time of WordPress hooks. Sampled at 10% of requests. |
| Cache statistics |
Off |
Track WordPress object cache hit/miss ratio and backend type. |
Privacy
| Hook |
Default |
Description |
| Anonymize IPs |
Off |
Mask IPs for GDPR compliance (also available in main Settings). |
wp-config.php constants
A small number of settings can be set via wp-config.php constants. Constants take precedence over database settings.
| Constant |
Description |
LOGYSTERA_DEBUG |
Enable debug logging to wp-content/debug.log. |
LOGYSTERA_GATEWAY_DEFAULT |
Override the default gateway URL (shown as default in the UI). |
LOGYSTERA_FLUSH_BUDGET |
Time limit in seconds for a single cron flush run. Example: define('LOGYSTERA_FLUSH_BUDGET', 30.0); |
WP-Cron dependency
The plugin uses WP-Cron for two scheduled tasks:
| Cron hook |
Interval |
Purpose |
logystera_flush_queue_event |
Every 5 minutes (configurable) |
Flush buffered events to gateway |
logystera_agent_heartbeat_event |
Every 15 minutes |
Heartbeat check — missing heartbeat triggers an alert |
If your server uses DISABLE_WP_CRON = true and runs WordPress cron externally, ensure your cron job runs at least every 5 minutes for timely event delivery.