Business basics
Tautuhia ngā takiuru ki tō paetukutuku

Set up logs and monitoring for your website

Logs can help you detect when an online security incident happens and establish the full scope of the incident.

4 min read

What it is

Logs record all the actions that people take when they access your website or server. 

Why it matters

Logs can alert you to an incident early, so you can stop it before it goes too far. They are also a key part of understanding how an incident occurred and when it started. Knowing when an action happened and who took it means you can resolve incidents quicker and get back to business as usual. 

Without logs enabled it can be harder to detect when an incident happens, or establish the full scope of the incident.

Below are steps to help you protect your business. If you're not sure how to implement these steps, ask an IT provider for help.

How to protect your business

  • Set up logs and email alerts for unusual or unexpected events

    Each (CMS) offers different options for logging events. You can set the logs up to notify you about any unusual events by email. It's a quick and easy way to see when something's up. Consider creating an email account specifically for the notifications – that way you can make sure they don't end up buried under your other emails.

    Some important events you should set logs up for include:

    Successful logins to your CMS and any other hosting software you use

    For example, you might have access to WordPress to manage the content on your website, and cPanel to manage your web server and . You can set up a log to record and notify you each time someone accesses them.

    Changes to the files on your CMS and any other hosting software you use

    For a lot of businesses, these things don't change that often. Setting up a log will let you know if there are any changes made without your knowledge. For example, if someone puts files on your system, the log will record the action and alert you to it.

    Changes to your log configurations

    These will rarely change. If they do, it could mean that someone has access to your system and was able to disable your logs. If you're not alerted to something like this, you won't know what's going on with your site behind the scenes.

    Unsuccessful logins

    You need to know if someone tries to access your account with an invalid username and password – but also if someone has a valid username and password without a second factor to authenticate it. Failing is a good sign that someone has gained access to your username and password details and you need to change them immediately.

    Protect your business with two-factor authentication (2FA)

  • Check and test your website every now and again

    When an attacker gets access to a system, the first thing they'll often do is to disable logging. This makes their actions much harder to detect.

    Every couple of months, check your log configurations and test them to see if they still work. Check the last modified date of the content and folders in your CMS too, and make sure none of your content has changed since the last time you updated it.

  • Set up notifications for software and patch updates

    It's a good idea to set updates to happen automatically as soon as they're released. If you don't, set up a notification to tell you when new updates are available. They often contain security fixes that you should install as soon as possible.

    Patching information for IT staff – CERT NZ(external link)

  • Have a way for people to contact you when things don't seem right

    Have an easy way people can contact you if they see something unusual on your site – for example, an email address for whoever's best placed to respond to IT queries.

    Your contact details should be both on your website and on the searchable domain name details database, WHOIS. This database is often used by IT to find contact details for businesses – and it's also our first port of call if we ever need to contact you.

    Talk to your name provider about making sure your details are included. 

    Search WHOIS for .nz details – Domain Name Commission NZ(external link)

Get help

There's more detailed information about logs on the CERT NZ website.

Centralised logging – CERT NZ(external link)

Configuring centralised logging – CERT NZ(external link)

You can also report an online issue or security incident to us at CERT NZ.

Get help now