As those of you who know me, I take website security very seriously so that my clients don’t have to. For those of you who aren’t hosting with me, however, I want to call attention this post by Wordfence (a popular WordPress security plugin) outlining the security concerns every website owner should be asking their hosting company.
For those of you who don’t quite understand the lingo used in the article, however … I’m going to do a 5-part series tackling each of these questions in detail so that you can know enough about these things to make the right decisions for your business. Here’s part 3:
Are my server logs available and how long are they kept?
When I go in to diagnose a site, I do need the server logs — but there is more to it than that. There are many types of logs I look at for a site, including:
- Server Logs to help with problems like redirect issues, 500 errors, unauthorized access breaches.
- PHP Error Logs to figure out why a database, function, theme or plugin isn’t working.
- Mail Logs to make sure no one is trying to use your server to send out spam without you knowing, and to see where legitimate e-mail from your site is getting stuck.
- WordPress Logs to see if a plugin or theme is causing problems, if the site is running out of memory, or if the code itself isn’t running optimally.
I have seen many "crimes" against the average WordPress site owner in regards to these log files. Some hosts don’t give you access to the logs. Some have turned off logging. Some won’t let you enable error logging for WordPress functions. Some delete the logs every day. Some have even turned off WordPress revisions! While some of these things are done in the name of preserving speed or resources, history is important to the health of your site. Consider these situations:
- Without server logs, I can’t properly investigate security breaches or troubleshoot errors.
- Without WordPress revisions, you can’t revert back to a previous version of a page or rollback a sales page to the waiting list version.
- Without WordPress logs, I can’t see memory errors or figure out why a plugin isn’t working.
- If the logs are removed every night, I can’t see problems develop over time or catch rare malfunctions.
All of these situations hurt the health of your site, drive up costs to solve problems, and make using your site more difficult. For these reasons, I highly recommend only using hosts that give you full access to your log files and allow you to enable these features as needed.
Ready for more?
In the next part of this series, I’ll be talking about site backups. If you don’t want to miss it, you should sign up for Super Alerts!