Website activity tracking and security
For the following site currently under construction:
https://dev.iodemosite10.com/elfprosnova.com88/
I run an activity tracker on every site, always, within WordPress so that there is security and tracking of who, what, when, how, etc. a change was made so that if there is a problem, the source is easier to locate and resolve.
When a user uses the "websites" tab and selects "admin login", they are placed into the website's dashboard immediately. Then, any changes that are made, are only tracked as "IO Admin".
Because the IO rental.software domain is not under our direct control with regards to security, access, , etc - this method of security is not to a level that I am comfortable with regarding our proprietary, potential merchant processing guidelines, etc.
Is there a better security option available?
Just go to the worker profile that you don't want logging in that way and set their WordPress access to 'none'. Then the link will only take them to the WP login page and not immediately log them in.
Just go to the worker profile that you don't want logging in that way and set their WordPress access to 'none'. Then the link will only take them to the WP login page and not immediately log them in.
But this doesn't stop the IO system from generating pages and information in the WordPress. It also does not track the individual activity of anyone that does have WordPress access. Is there a way to unlink the WordPress from IO?
But this doesn't stop the IO system from generating pages and information in the WordPress. It also does not track the individual activity of anyone that does have WordPress access. Is there a way to unlink the WordPress from IO?
You edit the WordPress entry and alter the username and possibly you would need to alter the ssh user to disable syncing. However, that would result in a big loss of functionality. There is no way to prevent people with access to WordPress from being able to login via the Admin link.
You edit the WordPress entry and alter the username and possibly you would need to alter the ssh user to disable syncing. However, that would result in a big loss of functionality. There is no way to prevent people with access to WordPress from being able to login via the Admin link.
Replies have been locked on this page!