PluginsArmorProCitedProBoostPro
PricingDocsBlogAboutGet Started

Activity Logs

Monitor login attempts, firewall blocks, and security events.

Last updated Feb 3, 2025

Dashboard Overview

The ArmorPro dashboard (ArmorPro → Dashboard) provides a quick overview of your site's security status:

  • 7-day chart: Visual trend of login attempts and blocks
  • Quick stats: Failed logins, blocked IPs, firewall blocks
  • Feature toggles: Quick enable/disable for key features
  • Recent activity: Latest security events at a glance

Login Activity Log

Go to ArmorPro → Logs → Login Activity to view all authentication attempts.

Log Entry Details

Each entry shows:

  • Date/Time: When the attempt occurred
  • Username: The username that was tried
  • IP Address: Source of the attempt
  • Status: Success, Failed, or Blocked
  • Location: Geographic location
  • User Agent: Browser/device information

Filtering

Filter the log by:

  • Status (all, success, failed, blocked)
  • Date range
  • Username
  • IP address

Firewall Log

Go to ArmorPro → Logs → Firewall to view blocked requests.

Log Entry Details

  • Date/Time: When the request was blocked
  • IP Address: Source of the request
  • Rule: Which firewall rule triggered
  • Request URL: The blocked URL and parameters
  • User Agent: Bot or browser identification

Log Retention

  • 90 days of log history
  • 90-day charts on dashboard
  • CSV export for all logs

Exporting Logs

You can export logs to CSV for external analysis or record-keeping.

  1. Go to the log you want to export
  2. Apply any filters you need
  3. Click Export to CSV

Exports include all visible columns and respect your current filters.

What to Look For

Normal Activity

  • Occasional failed logins from your own IP (typos happen)
  • Successful logins at expected times
  • Firewall blocks from random IPs (bots scanning the web)

Concerning Activity

  • Many failed logins from one IP: Possible brute force attack
  • Successful login from unknown IP: Verify it's legitimate
  • Login at unusual hours: Could indicate compromised credentials
  • Repeated firewall blocks from same IP: Persistent attacker

Best Practices

  • Review logs weekly: Spot patterns before they become problems
  • Export monthly: Keep records for compliance or analysis
  • Investigate unknowns: If you see a successful login you don't recognize, change passwords immediately
  • Watch for patterns: Attacks often come in waves from similar IPs or targeting specific usernames
Previous← IP ManagementNextTwo-Factor Authentication →