sHub-Log
sHub-Log
Description
sHub-Log strengthens WordPress site security.
Main features:
- Login attempt logging
- Category-based detection (config scans, backdoors, plugin vulnerability scans, admin hacking, spam, and more)
- Optional detection for malicious queries, high-volume requests, and REST API abuse
- Attack summary and detailed logs for a configurable period
- Attack trend charts with selectable period and aggregation interval
- CSV export and AJAX category filtering
- Configurable attack log retention with WP-Cron cleanup
- Attack spike email alerts with cooldown
- Optional signed remote alert and scoring definitions from syn-c.jp
- IP blocking after repeated failures
- Configurable block duration and redirect URL
- Admin dashboard for logs and IP management
- Customizable rate-limit thresholds and windows
- Optional attack-signal-only rate counting
- Exclusion of logged-in users and verified search/AI bots from rate counting
- Verified bot access logging (14-day retention, disabled by default)
- Suspicious 404 flood detection
- IP whitelist and trusted proxy support
- Per-IP risk scoring (disabled by default)
Installation
- Upload or install the plugin
- Activate the plugin
- Configure settings from the sHub-Log admin menu
Faq
Open sHub-Log Security Trend, scroll to Protected IP, and unblock the address from the list.
When attack spike alerts are enabled, the plugin may fetch alert definitions and email templates from syn-c.jp. When remote scoring is enabled, it may fetch a signed score-config.json from syn-c.jp. When verified bot exclusion is enabled, it may fetch published IP range JSON from bot vendors (cached for 24 hours). No attack logs, IP addresses, user information, or site content are sent to syn-c.jp.
If you saved settings from Basic Settings or Bot Logging Settings before the settings-group fix in 1.2.6, review Advanced Settings or use the Recommended settings button on Basic Settings to restore factory defaults.
Recommended factory defaults:
Setting
Default
Login attempt limit window
5 minutes
Login attempt limit count
3
Block duration
60 minutes
High-volume request threshold
90/minute
404 flood threshold
30/5 minutes
Attack spike email alerts
OFF
Risk scoring
OFF
Bot access logging
OFF (search bot logging ON / AI bot logging OFF when enabled)
Reviews
Changelog
1.2.7
- Admin UI refactor: WordPress submenus replace the single-page view mode bar (AIOSEO-style flyout menu).
- English-only admin strings; text domain retained for future translations.
- Split admin pages: Security Trend, Search Bot Trend, AI Bot Trend, Basic Settings, Advanced Settings, Risk Scoring Settings, Bot Logging Settings.
- Chart legend colors now match summary card border colors via shared palette helpers.
- Charts auto-scroll horizontally to center buckets that contain data.
- Separate settings option groups for advanced and scoring pages to prevent accidental checkbox resets on save.
1.2.6
- Admin notice for 1.2.6 upgrade with settings verification guidance.
- “Recommended settings” button to restore factory defaults from Simple and Advanced views.
- FAQ note about verifying Advanced settings after updating from buggy 1.2.6 builds.
- Added Bot Analytics view with verified bot access logging (14-day retention, disabled by default).
- Search bot logging defaults ON and AI bot logging defaults OFF when bot logging is enabled.
- Bot Analytics shows separate search and AI trend charts and per-bot access summaries.
- Fixed settings corruption when saving from Simple mode or Bot Analytics (split option groups so only visible fields are saved).
- Redesigned admin view switcher: Simple / Advanced tabs on the left, Bot Analytics pill on the right; active view shown in black.
- Renamed admin labels: measurement window terminology updated to measurement interval/frame wording.
1.2.5
- Split bot rate-count exclusion into separate Search bot (default ON) and AI bot (default OFF) admin toggles.
- Expanded verified AI bot list: GPTBot, ChatGPT-User, OAI-SearchBot, ClaudeBot, Claude-Web, PerplexityBot, Perplexity-User, CCBot, Bytespider, Applebot.
1.2.4
- Added verified AI bot support (GPTBot, ChatGPT-User, ClaudeBot, PerplexityBot) to the rate-limit exclusion list. AI bots are verified against each vendor’s published IP range JSON; search crawlers continue to use FCrDNS. User-Agent strings alone are never trusted.
1.2.3
- Security hardening: neutralized CSV formula injection in the attack log CSV export.
- Hardened the blocked-IP redirect by re-applying esc_url_raw() to the admin-configured redirect URL.
- Replaced date() with gmdate() when computing the IP block expiry for timezone-consistent behavior.
1.2.2
- Attack trend chart now supports Analytics-style period selection: 24 hours, 7 days, 14 days, and 21 days (default: 7 days).
- Chart buckets are aligned to on-the-hour boundaries (hourly) or calendar days (daily).
- Aggregation interval options: 1 hour, 3 hours, 6 hours, and 1 day.
1.2.1
- Added Simple mode and Advanced settings views for the admin screen, with per-user view preference persistence.
- Simple mode shows essential settings only.
1.2.0
- Added per-IP risk scoring (disabled by default).
- Signal weights, accumulation window, and record/block thresholds are configurable from the admin screen.
- Added optional retrieval of a signed scoring definition from syn-c.jp.
1.1.9
- URL normalization before pattern matching.
- Suspicious 404 flood detection with configurable threshold and window.
- Configurable high-volume request threshold and time window.
- Option to count only requests with attack signals toward rate limiting.
- Exclusion of logged-in users and verified good bots from rate counting.
- IP whitelist and trusted-proxy support.
- Relaxed default thresholds (90 for high-volume requests, 30 for 404 floods).
1.1.8
- When the previous attack count window is zero, attack spike alert emails now show N/A and an explanatory note instead of a misleading multiplier.
1.1.7
- Refined the attack spike alert email wording for more accurate IP protection messaging.
1.1.6
- Updated the built-in fallback email template for attack spike alerts.
1.1.5
- WordPress 7.0 compatibility display update.
- Admin display order and copy updates.
1.1.4
- Added 24-hour attack trend chart.
- Attack spike email alerts and remote alert definition support.
1.1.2
- Fixed PHP 8 formatting error in admin period labels.
1.1.1
- Renamed plugin to sHub-Log.
- CSV export and AJAX category filtering.
- Attack log table indexes maintained on upgrade.
1.1.0
- Category-based attack log table.
- Suspicious 404, malicious query, rate limit, and REST API abuse detection.
- Attack summary, log retention settings, and auto IP blocking.
1.0.3
- Security hardening: nonces, sanitization, and safer SQL.
1.0.2
- Log deletion improvements and UI updates.
1.0.1
- Initial bug fixes and admin improvements.
1.0.0
- Initial release.