Review your site traffic with the Traffic Log Viewer

Traffic Log Viewer is a great tool you can use to review all logs of HTTP requests made to your WordPress site, including live site traffic logs.

How to review your WordPress site traffic 

To do this, simply enable Traffic Log module first and configure it on the way you want.

Once you've done that, you may use the Site Traffic section to get a more informed view on your site traffic.

Traffic Log Viewer (View Traffic section) provides a summary of each request including:

  • time/date/day
  • IP address (and User Agent)
  • request path (including any query parameters)
  • the HTTP response code for the request e.g. 200 (a successful request)
  • whether the request was offense against the Shield Security plugin

Note: If you click the particular IP address, you can further analyse that IP, for example:

You can also filter display of entries in the log table from inside the Traffic Log Viewer and filter log entries by:

  • Visitor IP address and status (if currently blocked or not)
  • Username
  • Request type
  • Response status code
  • Whether the request was offense or not
  • Request day
  • Use search box to search logs by certain keyword

For example, filtering by offense, page type and day:

You can also use the Ctrl button in the filters to select multiple logs.

Traffic log entries example

Let's have a look at these 2 log entries:

Apart from the visitor's IP address and other data, we can also see that:

  1. Visitor has loaded the login page:

    GET: "/wp-login.php"

  2. And then, the same visitor tried to login to this site:

    POST: "/wp-login.php "

  3. Visitor has failed to login to this site and the request was offense against the Shield.
  4. The response status code for this page is 200 (a successful request).

    Note: The actual response depends on the request method used. In a POST request, the response contains an entity describing or containing the result of the action.

    Status codes are best described in this article here.

These 2 entries seem identical. Why then the Viewer displays them both?

Even if these 2 entries seem identical, they're actually not. The difference is in GET and POST:

  • GET: "/wp-login.php" - means that the visitor has loaded the login page only (not attempted to login).
  • POST: "/wp-login.php" - means that the visitor has attempted to login (entered login details).

GET and POST are best explained in the second part of this article here.

Another example:

These xmlrpc.php entries could be XML-RPC brute force amplification attacks that are successfully blocked by Shield. 

XML-RPC is enabled by default in WordPress because it helps connecting your WordPress site with web and mobile apps. However because of it’s powerful nature, XML-RPC can significantly amplify the brute-force attacks.

To learn how to block XML-RPC brute force amplification attacks, read this article here.

Note: Under the "IP Status", Traffic Log Viewer also shows the number of offenses against plugin. Plus, if a visitor has exceeded the offense limit, their IP is immediate blocked from accessing your site. Traffic Log Viewer will also show IP status "Blocked". For example:

You can also switch to live traffic logs if you want.

There's an option to download your traffic logs if you need to.

For more information about the Traffic Log module, read the release article here.