Skip to content

WordPress Plugin Features

A complete list of what the Logystera WordPress plugin captures and does.

Event collection

The plugin observes WordPress at the hook level and emits structured signals to the Logystera gateway. No intelligence lives in the plugin — aggregation, alerting, and pattern detection all happen server-side.

Identity & Access

  • Successful and failed login attempts (username hashed, never raw)
  • All authentication attempts (pre-outcome)
  • User registration
  • Profile updates
  • Role changes (privilege escalation detection)
  • Password reset requests and completions
  • Login anomalies — IP changes between logins, rapid successive logins
  • Bulk user creation spikes

Content Integrity

  • Post and page creation and updates
  • Post status transitions (draft → publish, publish → trash, etc.)
  • Permanent post deletions

Comments

  • New comment creation
  • Comment status changes (approved, unapproved, spam)
  • Spam comment marking

File Uploads

  • Successful file uploads to the media library
  • Blocked upload attempts (PHP, .exe, and other dangerous extensions)

Configuration & Supply Chain

  • WordPress option changes (excludes transients)
  • Option change velocity spikes (>20 changes in 60 seconds)
  • Plugin activations and deactivations
  • Theme switches
  • Core, plugin, and theme updates
  • Off-hours plugin activation (23:00–06:00 local time)

API & Network

  • XML-RPC method calls
  • Failed outbound HTTP requests from WordPress
  • Admin AJAX calls

System & Integrity

  • Environment change detection — WordPress upgrades, PHP version changes, plugin installs/removals, theme switches (emitted per flush cycle)
  • File integrity monitoring — wp-config.php and .htaccess hash changes (hourly check)
  • User lifecycle — registration, role changes (privilege escalation detection)
  • Cron health — missed schedules, overdue jobs, overdue ratio

Health & Errors

  • PHP fatal errors (captured at shutdown)
  • PHP error summary per request — counts by severity, plugin/theme attribution, samples
  • Database errors — deadlocks, connection failures, table crashes, disk full, access denied, lock timeouts
  • Memory warnings (>90% of PHP memory limit)
  • WP-Cron backlog (>5 jobs overdue by more than 1 hour)
  • 404 errors

Performance (Advanced, off by default)

  • Slow database queries (>500ms, 10% sampling)
  • WordPress hook execution timing (>50ms hooks, 10% sampling)
  • Object cache hit/miss ratio and backend detection

Transport & delivery

  • Events buffered locally as JSONL to wp-content/uploads/logystera/
  • Flushed to gateway via WP-Cron (default: every 5 minutes)
  • HMAC-SHA256 signed per-batch — canonical string: METHOD|PATH|TIMESTAMP|NONCE|SHA256(body)
  • Configurable batch size (default: 200 events per HTTP call, max 500)
  • Automatic retry with exponential backoff on gateway failure
  • Buffer disk cap — events dropped when full (configurable)
  • Agent heartbeat every 15 minutes — missing heartbeat triggers a platform alert
  • Minimum version enforcement — gateway returns HTTP 426 if plugin is below required version; ingestion paused with admin notice until updated
  • Entity stats from gateway — total events processed, last batch size, last seen time displayed in the admin Status tab

Data privacy

Data Treatment
Usernames HMAC-SHA256 hashed. Raw value never transmitted.
SQL queries Never emitted. SHA-1 hash only (query_hash).
URL query strings Preserved, but sensitive params redacted (token, secret, password, nonce, key, jwt, etc.).
IP addresses Optionally anonymized to /24 (IPv4) or /64 (IPv6).
PHP backtraces Function arguments stripped. File, line, function name only.
HTTP headers Authorization, Cookie, Set-Cookie never captured.

Local history (optional)

When enabled, the plugin stores a local copy of shipped events in MySQL (via $wpdb). Accessible from the Events tab in the admin panel. Off by default. Event cap and retention days are managed by the gateway.

Admin panel

Full settings interface at Settings → Logystera:

  • Status — connection health, buffer stats, last flush time
  • Credentials — entity token, entity secret, gateway URL
  • Settings — batch size, buffer limits, flush interval
  • Event Hooks — per-signal-group toggles organized into 9 categories
  • Events — local event viewer (requires local history enabled)
  • Ingest Logs — gateway delivery log
  • Debug — raw diagnostics, connection test, manual flush
  • Support — version info, environment snapshot

Security

  • Event buffer directory protected with .htaccess (Apache) — direct HTTP access blocked
  • API secret encrypted at rest with AES-256-GCM, key derived from WordPress AUTH_KEY
  • No WordPress database writes during normal request lifecycle — buffer is append-only file I/O

Multisite

Full WordPress Multisite support. Install network-wide from Network Admin → Plugins. Each subsite's events include labels.site.blog (blog ID) for per-subsite filtering. Subsites can alternatively use separate entity credentials for full isolation.

Requirements

Requirement Minimum
PHP 7.4
WordPress 5.2
SSL Required (HTTPS site)
Outbound HTTPS Required (to gateway)
WP-Cron Required (or external cron at ≥5 min interval)