Pandora FMS WP – Monitoring WordPress from Pandora FMS

Descripción

Pandora FMS WP is a monitoring plugin for WordPress. 100% free and OpenSource. It collect basic information from your WordPress and allow Pandora FMS to retrieve it remotely using a REST API. Some examples are new posts, comments or user logins in last hour. It also monitor if new plugins or themes has been isntalled, if a new user has been created of if a bruteforce login attempt has been made recently. You can expand easily by defining custom SQL queries to monitor other plugins or create your own SQL to collect information and sent it to Pandora FMS.

Este plugin ha sido desarrollado por el equipo de Pandora FMS. El código fuente está disponible en https://github.com/articaST/pandorafms-wp/

Secciones:

  • Dashboard: here, you can view a summary of the items monitored: plugins updated, version of WP and if they need an update, total users, new posts in last 24hr, new replies in 24hr and other checks.

  • Audit records: You can view a table with user access data: users, IP, if the login has been correct or incorrect and how many times, and the date of the last access. Also can see if new plugins or themes have been installed and the date on which these events occurred.

  • General Setup: Set general options:

    • API Settings
      • List of IPs with access to the API.
      • Ajustar el tiempo para mostrar nuevos datos en la API.
    • Borrar registros de tiempo
      • Limpiar campos de la tabla de sistemas de archivo con estado borrado si los datos son mayores a equis cantidad de días
      • Remover el estado de «nuevo» en los campos de la tabla de sistemas de archivos si los datos son mayores a equis cantidad de días.
    • Custom SQL queries

Prerequisitos

  • PandoraFMS-WP necesita (opcionalmente) un plugin para REST API, llamado «JSON REST API». Solamente se necesita si quieres integrar la información del estado y/o el monitoreo de tu sitio WordPress para visualizarla en una consola central de administración con Pandora FMS. Esta es una característica opcional ya que podrás administrar absolutamente toda la información desde el mismo WordPress.

  • Si tu versión de WordPress versión es inferior a 4.7, deberás tener instalado el plugin WP REST API (v2) para usar la API. (Este plugin necesita la versión 4.6 o superior).

Limitaciones

  • Esta versión no apoya a WordPress en modo Multisitio.
  • Para utilizar la API REST de WordPress usted necesitará la versión 4.6 o superior.

Capturas

  • Este es el Tablero, acá usted podrá visualizar un resumen.
  • Audit records: Here you can see a full log of all user interactions with your site and new themes and plugins installed recently.
  • Menú de Configuración General: ajustes API y configuración de tiempo para borrar los registros.
  • Plugins which needs and update (clicking in dashboard / plugin need update dialog button)
  • Example of dashboard reporting bruteforce attacks and other issues
  • Pandora FMS setup of a remote module using Wordpress plugin which connects with this WP plugin.
  • Pandora FMS overview of several wordpress monitors.

Instalación

  1. Suba los archivos del plugin a la carpeta /wp-content/plugins/plugin-name, o instale el plugin directamente a través del apartado para plugins de WordPress.
  2. Active el plugin por medio del apartado ‘Plugins’ de WordPress.
  3. En el menú, bajo ‘Ajustes’, usted verá la frase ‘PandoraFMS WP’: utilice esta opción para configurar el plugin.
  4. If you want a more secure API access to the Pandora FMS WP REST API, set the allowed IPs. Any IP is allowed by default to access Pandora FMS WP Rest API.
  5. In order to get information remotely from your Pandora FMS server, you need to have running the REST API in your wordpress setup, and for that, you need also the permalinks to be running. To check if your API is running, check the API manually, for example: http://mywordpress.com/wp-json/pandorafms_wp/online
    This API request should report 1 if works as intented.
  6. Install the .PSPZ2 package in your Pandora FMS console to load library checks that use this plugin by using the API REST over HTTP(s). You can also create the modules manually, its just a regular HTTP request on a REST API, but it’s easier if you load the PSPZ2 with predefined modules.
  7. Create a new Plugin Server module in your Pandora FMS WP module in Pandora FMS, define the URL to access the api rest of this plugin, like http://mywordpress.com/ and choose the predefined module from library: online, new_account, plugin check, etc).
  8. API Calls available under /wp-json/pandorafms_wp/xxxx :
    /online – Check if WordPress is responding using Pandora FMS WP REST API
    /site_name – Check WordPress sitename
    /version – Return plugin version
    /wp_version – Return WordPress core version
    /admin – Return FALSE if ‘admin’ account exists (a very bad practice)
    /new_account – Return FALSE if new user accounts has been created in last hour
    /theme_registered – Return FALSE if new themes has been installed in last hour
    /plugin_registered – Return FALSE if new plugins has been installed in last hour
    /new_posts – New posts in last hour
    /new_comments – New comments in last hour
    /plugin_update – Return FALSE if a plugin needs update
    /core_update – Return FALSE if wordpress core needs update
    /user_login – Return FALSE if a successful login has been detected in last hour
    /failed_login – Return FALSE if a unsuccessful login has been detected in last hour
    /bruteforce – Return FALSE if a bruteforce attack has been detected in last hour
    /custom_sql_1 – Return result of a custom SQL query.
    /custom_sql_2 – Return result of a custom SQL query.
  9. In the /wp-content/plugins/pandorafms-wp/pspz directory you have the .pspz2 file ready to be uploaded to your Pandora FMS console to use this plugin as remote plugin modules. See more information about the process in the module library at https://pandorafms.com/library/wordpress-monitoring-plugin/

Reseñas

9 de febrero de 2022
Do as expected. Useful for monitoring low level wordpress.
Leer la 1 reseña

Colaboradores y desarrolladores

«Pandora FMS WP – Monitoring WordPress from Pandora FMS» es un software de código abierto. Las siguientes personas han colaborado con este plugin.

Colaboradores

«Pandora FMS WP – Monitoring WordPress from Pandora FMS» ha sido traducido a 1 idioma local. Gracias a los traductores por sus contribuciones.

Traduce «Pandora FMS WP – Monitoring WordPress from Pandora FMS» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

  • 2022-02-06 New version, 2.0 removes some filesystem hardening features. Plugin is now much more fast and lighter. API Rest adds new bruteforce detection and custom SQL queries.