Website activity tracking and security

Jim C. shared this question 2 years ago
Answered

For the following site currently under construction:

https://dev.iodemosite10.com/elfprosnova.com88/


I run an activity tracker on every site, always, within WordPress so that there is security and tracking of who, what, when, how, etc. a change was made so that if there is a problem, the source is easier to locate and resolve.

When a user uses the "websites" tab and selects "admin login", they are placed into the website's dashboard immediately. Then, any changes that are made, are only tracked as "IO Admin".

Because the IO rental.software domain is not under our direct control with regards to security, access, , etc - this method of security is not to a level that I am comfortable with regarding our proprietary, potential merchant processing guidelines, etc.

Is there a better security option available?

Comments (3)

photo
1

Just go to the worker profile that you don't want logging in that way and set their WordPress access to 'none'. Then the link will only take them to the WP login page and not immediately log them in.

photo
1

But this doesn't stop the IO system from generating pages and information in the WordPress. It also does not track the individual activity of anyone that does have WordPress access. Is there a way to unlink the WordPress from IO?

IO creates pages and content based on certain things that are done in the IO system. Can we unlink all of these features?

We are still in development on this site for now, but later this week we will be ready to go live. Is there a way to totally unlink the website from IO? We aren't using an online shopping cart that we need attached to IO inventory.

photo
photo
1

But this doesn't stop the IO system from generating pages and information in the WordPress. It also does not track the individual activity of anyone that does have WordPress access. Is there a way to unlink the WordPress from IO?

photo
1

You edit the WordPress entry and alter the username and possibly you would need to alter the ssh user to disable syncing. However, that would result in a big loss of functionality. There is no way to prevent people with access to WordPress from being able to login via the Admin link.

Leave a Comment
 
Attach a file