SECURITY MONITORING AND AUDITING
This website uses the WP Security Audit Log plugin as a security monitoring and auditing plugin to log those who access the employee-restricted management tools for this website. This information is collected and retained for security and auditing purposes.
Once activated, the plugin logs a timestamped record of when a logged-in user takes the following actions:
- Logs in and out;
- Creates, deletes or modifies or views a post (be it a page, post or a post with a custom type);
- Creates, deletes or modifies tags;
- Creates, modifies, deletes, or approves comments;
- Creates, modifies or deletes widgets and menus;
- Creates, modifies (this including changing the password), deletes a user or views another users’ profile;
Installs, activates, deactivates, or uninstalls a theme or plugin;- Changes system settings such as reading, general, or permalinks;
A full list of logged actions is available here.
The timestamped record includes the following information:
- The user’s login name
- The user’s actual name as entered when their account was set up
- The user’s WordPress role (Author, editor, etc)
- The IP address from which the user accessed the site
- The time and date of each action detailed above while the user was logged in.
The data captured by the WP Security Audit Log plugin is stored by the web site administrator for a period of 6 months solely for security and auditing purposes.
Information captured by WP Security Audit Log is accessed only by the administrators of the web site and is stored on the web site’s database. These administrators may be located outside the European Union.
Information captured by the WP Security Audit Log is not shared with third parties except in the case of law enforcement requests.
DATA SECURITY
We protect your data through a number of measures, such as restricting access to the API on WordPress and utilizing brute force protection.