Documentation

"Knowledge is power."
— Francis Bacon

Installation

Get Sentinel up and running on your WordPress site in minutes with our comprehensive security monitoring solution.

System Requirements

Before installing Sentinel, ensure your WordPress site meets these requirements:

  • WordPress: Version 5.0 or higher
  • PHP: Version 7.4 or higher
  • MySQL: Version 5.6 or higher
  • Memory: Minimum 64MB PHP memory limit
Note: Sentinel is designed to work with all modern WordPress themes and plugins. It uses WordPress best practices and doesn't conflict with other security plugins.

Method 1: WordPress Repository (Coming Soon)

Once approved on WordPress.org, you'll be able to install directly from your admin dashboard.

WordPress Admin 
Navigate to Plugins → Add New → Search for 'Sentinel' → Install & Activate

Method 2: Manual Installation

Download and install the plugin manually for immediate access.

  1. Download the plugin ZIP file from our download page
  2. Go to Plugins → Add New → Upload Plugin
  3. Choose the downloaded file and click Install Now
  4. Activate the plugin after installation
Success: After activation, Sentinel will automatically create its database tables and begin monitoring your site immediately with default settings.

Post-Installation Checklist

After installing Sentinel, complete these essential steps:

1

Verify Installation

Check that "Sentinel" appears in your WordPress admin sidebar

2

Review Default Settings

Visit Sentinel → Settings to review and customize default configurations

3

Test Monitoring

Perform some actions on your site to verify events are being logged

Quick Setup

Configure Sentinel in under 5 minutes with these essential steps to start monitoring your WordPress site immediately.

1. Access the Dashboard

After activation, navigate to Sentinel in your WordPress admin sidebar. You'll see a comprehensive dashboard with real-time activity monitoring.

Tip: Sentinel starts monitoring immediately after activation with sensible defaults. No additional configuration required to begin tracking essential security events.

2. Review Event Settings

Visit Sentinel → Event Registry to customize which events to track. This is where you can enable or disable specific monitoring features based on your security needs.

Default Events Tracked 
• User logins/logouts
• Content creation/editing  
• Plugin/theme changes
• Failed login attempts
• Admin actions
• File modifications
• Database changes
• Security events

3. Configure Alerts

Set up email notifications for critical security events. Go to Sentinel → Settings → Notifications Tab → Compliance & Monitoring to have sentinel send you an email when a critical security event occurs.

Important: Sentinel defaults to your WordPress admin email address. You can change this in the Sentinel → Settings → Notifications Tab → Notifications & Alerts section.

4. Test the System

Perform some test actions on your site to verify that Sentinel is properly logging events:

  • Log out and log back in
  • Create or edit a post
  • Change a setting in your admin panel
  • Check the activity log to see these events recorded

First Steps

Essential actions to take after installing Sentinel to maximize your security monitoring effectiveness.

1

Review Activity Log

Check Sentinel → Activity Log to see real-time monitoring data. This gives you immediate visibility into all user activities on your site.

2

Tailor Your Monitoring

Visit Sentinel → Event Registry to customize which events to track. This is where you can enable or disable specific monitoring features based on your security needs.

3

Optimize Performance

Adjust log retention and cleanup settings in Sentinel → Settings → Log Management. Set appropriate retention periods based on your compliance requirements.

4

Set Up User Permissions

Configure which user roles can access Sentinel features in Sentinel → Settings → Privacy & Security Tab → Access Control & Security. Restrict access to administrators and trusted editors only.

5

Enable Privacy Features

Configure GDPR compliance features in Sentinel → Settings → Privacy & Security Tab. Enable IP anonymization and data export capabilities.

Pro Tips for New Users

Start Small: Begin with default settings and gradually customize based on your specific security needs. This prevents overwhelming yourself with too many alerts initially.
Regular Reviews: Make use of the daily and weekly digests to stay on top of your security and monitoring needs and tailor to your needs.
Backup Strategy: Consider exporting your logs regularly for long-term storage and compliance purposes, especially for sites with high security requirements.

General Settings

Configure Sentinel's core functionality and behavior to match your security monitoring requirements.

Basic Configuration

Access general settings via Sentinel → Settings → Log Management Tab → Log Management & Retention. These settings control the fundamental behavior of the monitoring system.

Setting Description Default Recommended
Auto-Cleanup When enabled, old logs will be automatically moved to archive or deleted based on the settings below. Enabled Enabled
Age Limit Archive logs older than this many days. (Minimum: 1 day, Maximum: 10 years) 90 days 90 days
Entry Limit Archive logs when total entries exceed this number. (Minimum: 100, Maximum: 1,000,000)r 10000 10000
Cleanup Schedule How often to check for logs that need cleanup. Daily Daily
Archive Retention How long to keep archived logs before permanent deletion. 1 year 1 year
Database Optimization Optimize database tables to maintain performance and reduce storage space. Enabled Enabled
Optimization Schedule How often to run database optimization. Weekly Weekly

Advanced Configuration Options

Fine-tune Sentinel's behavior with these advanced settings. These options provide more granular control over the monitoring system's behavior and performance.

Setting Description Default Recommended
Data Anonymization Automatically anonymize IP addresses and user data for privacy compliance. Disabled Based on privacy policy
IP Address Logging Enable to track IP addresses in activity logs for security monitoring. Enabled Based on privacy policy
Role-Based Log Access When enabled, editors will only see user, content, and authentication events. Admins see all events. Disabled Moderation Policy Based
Audit Log Access When enabled, Sentinel will log whenever a user views the logs or dashboard, including who, when, and from where. Disabled Based on privacy policy
Right to be Forgotten Enable GDPR Article 17 compliance - users can request deletion of their personal data from logs. Disabled Based on privacy policy
Data Portability Enable GDPR Article 20 compliance - users can export their personal data in machine-readable format. Disabled Based on privacy policy
Batch Processing Process logs in batches to reduce server load. Larger batches are more efficient but use more memory. 1000 entries 500-2000
Right to be Forgotten Enable shortcode functionality allowing users to request data deletion. Provides GDPR compliance through [sentinel_data_deletion_request] shortcode. Disabled Based on privacy policy

Performance Considerations

Optimize Sentinel's performance based on your site's traffic and requirements:

High-Traffic Sites: Consider reducing log retention to 30 days and enabling automatic cleanup to prevent database bloat.
Low-Traffic Sites: You can safely extend log retention to 180 days or more for comprehensive audit trails.

Event Registry

Configure which events Sentinel should track and monitor to create a comprehensive security audit trail.

Available Event Types

Sentinel tracks and logs a comprehensive range of events that range from PHP errors to WordPress core events. Below is a list of some of what Sentinel tracks. This is not a comprehensive list as most events are self-explanatory.

Authentication Events

Core Security
user_login User logged in successfully
user_logout User logged out
failed_login Failed login attempt
password_reset Password reset requested

User Management

Account Changes
user_registered New user registration
user_deleted User account deleted
role_changed User role modified
profile_updated User profile modified

Content Management

Site Content
post_published Post published
post_updated Post modified
post_deleted Post removed
comment_approved Comment approved
media_uploaded File uploaded

System & Security

Core Changes
plugin_activated Plugin enabled
theme_changed Theme switched
core_updated WordPress updated
php_fatal_error PHP error occurred
Complete Event List: The Event Registry in your WordPress admin (Sentinel → Event Registry) contains the full list of all available events with detailed descriptions, severity levels, and usage statistics. You can enable/disable individual events and customize their monitoring behavior there.

Event Configuration Options

Each event type in the Event Registry includes these configuration options:

Status Toggle

Enable or disable monitoring for each event type individually

Severity Levels

Set priority as Low, Medium, High, or Critical based on security importance

Usage Tracking

Monitor how often each event occurs and when it was last triggered

Detailed Information

View comprehensive details about each event including descriptions and metadata

Performance Options

While Sentinel is designed to be extremely lightweight with minimal impact on your site, proper optimization ensures it stays that way regardless of your site's traffic volume or activity level.

Performance First: Sentinel typically adds less than 50ms to page load times and uses minimal server resources. However, optimizing these settings for your specific environment ensures optimal performance as your site grows.

Batch Logging Configuration

Control how Sentinel processes and stores log entries to balance performance with real-time visibility.

Setting Description Recommended Values Performance Impact
Enable Batch Logging Queue logs and write them in batches instead of immediately Enabled for high-traffic sites Significantly reduces database writes
Batch Size Number of logs to process in each batch 50-100 for most sites, 200+ for high-traffic Higher = better performance, more memory usage
Batch Frequency How often to process batched logs (in seconds) 60s standard, 30s for real-time needs Lower = more frequent processing
Trade-off: Batch logging improves performance but introduces a slight delay in log visibility. Choose based on whether you need real-time monitoring or can accept 30-60 second delays.

Rate Limiting & Spam Prevention

Protect your site from log spam and potential abuse while maintaining comprehensive monitoring.

Setting Purpose Recommended Values Use Case
Per-Minute Limit Maximum events logged per minute 100-200 for normal sites Prevents log flooding during attacks
Per-Hour Limit Maximum events logged per hour 1000-5000 based on site activity Long-term protection against sustained attacks
Rate Limiting Behavior How to handle events when limits are exceeded Graceful Degradation (recommended) Maintains visibility while reducing load

Rate Limiting Behaviors Explained

Graceful Degradation
Recommended

Samples every 10th event when over limit to maintain visibility while reducing load

Hard Blocking
Aggressive

Completely stops logging until the next time window (most resource-efficient)

Priority Only
Selective

Only logs critical and error events, blocks warning/info events

Smart Memory Monitoring

Prevent memory-related crashes and optimize resource usage with intelligent memory management.

Feature Description Default Setting Recommended For
Memory Monitoring Tracks memory usage patterns and provides optimization recommendations Enabled All sites, especially shared hosting
Memory Threshold Percentage of PHP memory limit before logging is paused 80% Adjust based on site's memory usage patterns
Smart Recommendations Analyzes usage patterns and suggests optimizations Enabled Sites wanting automated optimization guidance

Performance Optimization by Site Type

Recommended configurations for different types of WordPress sites:

1

Small Personal/Blog Sites

Settings: Batch logging disabled, standard rate limits (100/min, 1000/hour), memory threshold 80%

Reasoning: Low traffic allows real-time logging without performance impact

2

Business/Medium Traffic Sites

Settings: Batch logging enabled (50 logs/60s), moderate rate limits (200/min, 3000/hour), memory threshold 75%

Reasoning: Balance between real-time visibility and performance optimization

3

High-Traffic/E-commerce Sites

Settings: Batch logging enabled (100+ logs/30s), high rate limits (500/min, 10000/hour), memory threshold 70%

Reasoning: Maximum performance with comprehensive monitoring for critical business operations

4

Shared Hosting

Settings: Conservative batch logging (25 logs/120s), lower rate limits, memory threshold 85%

Reasoning: Resource constraints require careful optimization to avoid hosting limits

Monitoring Performance Impact

Use Sentinel's built-in performance monitoring to ensure optimal operation:

Usage Statistics

Monitor per-minute and per-hour event rates to optimize rate limiting settings

Memory Analysis

Track memory usage patterns and receive automated optimization recommendations

Smart Recommendations

Receive personalized suggestions based on your site's actual usage patterns

Pro Tip: Start with conservative settings and gradually optimize based on your site's actual performance metrics. The Settings page shows real-time usage statistics to help you make informed adjustments.

Privacy Settings

Sentinel provides comprehensive privacy and data protection features to help you comply with GDPR, CCPA, and other data protection regulations while maintaining effective security monitoring.

Legal Disclaimer: These tools help facilitate compliance with data protection regulations, but you are responsible for ensuring your implementation meets all applicable legal requirements in your jurisdiction. Consider consulting with legal professionals for compliance verification.

IP Anonymization

Sentinel's intelligent anonymization system masks personally identifiable data in security logs while preserving analytical value for security monitoring and traffic analysis.

How IP Anonymization Works

When triggered (either automatically through deletion requests or manually via admin tools), Sentinel processes IP addresses using a sophisticated masking system:

Address Type Original Format Anonymized Format Preserved Information
IPv4 192.168.55.200 192.168.xxx.xxx Network/subnet identification
IPv6 2001:db8::1234:5678 2001:db8::xxxx:xxxx Network prefix for geolocation
Already Masked 10.0.xxx.xxx 10.0.xxx.xxx No changes (prevents double-masking)
Smart Processing: Sentinel automatically detects already-anonymized IP addresses to prevent double-processing and maintain data integrity.

Anonymization Benefits

Privacy Protection

Removes personally identifiable information while maintaining security monitoring capabilities

Analytics Preservation

Keeps network-level data intact for traffic analysis and security pattern detection

Compliance Ready

Meets GDPR Article 4 requirements for data anonymization and pseudonymization

Data Deletion Request

Implement GDPR "Right to be Forgotten" functionality using the [sentinel_data_deletion_request] shortcode.

Overview

The data deletion request feature allows users to request the removal of their personal data from Sentinel's logs and databases, helping you comply with GDPR Article 17 (Right to Erasure).

GDPR Compliance: This feature helps satisfy the "Right to be Forgotten" requirement under GDPR, allowing users to request deletion of their personal data.

Implementation

Add the shortcode to any page where users can request data deletion:

Basic Implementation 
// Add to your privacy policy page or dedicated deletion request page
[sentinel_data_deletion_request]
Coming Soon - Feature in Development
Advanced Configuration 
// Customize the deletion request form
add_filter('sentinel_data_deletion_form', function($form_html, $user_id) {
    // Customize form appearance or add additional fields
    return $form_html;
}, 10, 2);

// Handle pre-deletion actions
add_action('sentinel_before_data_deletion', function($user_id) {
    // Perform any necessary actions before data deletion
    // e.g., notify administrators, log the request
});

// Handle post-deletion actions
add_action('sentinel_after_data_deletion', function($user_id) {
    // Perform any necessary actions after data deletion
    // e.g., send confirmation email, update external systems
});

What Gets Deleted

When a user requests data deletion, Sentinel will remove the following data:

User Activity Logs

Account Events
user_login Login/logout attempts
profile_updated Profile changes
post_created Content creation and edits
comment_posted Comment activities

Personal Information

PII Data
ip_address IP addresses (if not anonymized)
user_agent User agent strings
session_data Session data
custom_metadata Custom user metadata

Administrative Data

System Records
deletion_request Deletion request records
audit_trail Audit trail entries
notification_prefs Notification preferences
user_settings User-specific settings
Important: Data deletion is permanent and cannot be undone. Consider implementing a confirmation step and backup procedures.

Best Practices

Follow these guidelines when implementing data deletion requests:

1

Clear Communication

Explain what data will be deleted and the implications of the deletion request

2

Verification Process

Implement proper user verification to prevent unauthorized deletion requests

3

Confirmation Step

Require explicit confirmation before proceeding with data deletion

4

Audit Trail

Maintain records of deletion requests for compliance and security purposes

Legal Compliance: Ensure your implementation meets all applicable data protection regulations in your jurisdiction. Consider consulting with legal professionals for compliance verification.

Alerts & Notifications

Configure email alerts and notifications to stay informed about critical security events on your WordPress site.

Notification Types

Sentinel offers three types of notifications:

  • Real-time Alerts: Instant email notifications for critical security events
  • Daily Digests: Comprehensive daily summaries of site activity and errors
  • Weekly Reports: Detailed analytics including health reports and security trends

Setting Up Real-time Alerts

Configure instant notifications for critical events. Navigate to Sentinel → Settings → Notifications to access these settings.

Required: You must first enable "Email Notifications" to activate any alert functionality.

Alert Types & Triggers

Choose which events trigger immediate notifications:

Alert Type Trigger Condition Examples Recommended
Critical Events Fires when priority = critical Failed admin logins, plugin vulnerabilities, file modifications ✓ Essential
Security Events Fires when category = security Brute force attempts, suspicious IP activity, permission changes ✓ Essential
High-priority Events Fires when priority = high User role changes, plugin installations, theme modifications ⚠ Use carefully

Fine-tuning Options

Additional filters to control when alerts are sent:

  • Category Filters: Select specific event categories (Authentication, Content, System, Error, Security)
  • Priority Filters: Choose priority levels (High, Medium, Low)
  • Per-event Control: Disable individual events in Sentinel → Event Registry (affects both logging and alerts)
Evaluation Order: Sentinel checks real-time toggles first, then category toggles, then priority toggles. If any condition matches, an email is sent immediately.

Email Recipients

Configure who receives alert notifications in Sentinel → Settings → Notifications.

Notification Email
Single Address

Set a specific email address for notifications. Uses sanitize_email() validation and wp_mail() for delivery.

Fallback: If left empty, notifications fall back to the site's Admin Email address.

Daily Digest Reports

Aggregated reports sent daily at ~9:00 AM site time via WP-Cron:

Event Summary

daily_summary
totals Event totals and active users
breakdown Category/priority breakdown

Error Report

daily_error
error_count Total error count
recent_errors Recent error details

User Activity

daily_user
active_users Top active users
recent_events Most recent user events

Weekly Digest Reports

Comprehensive weekly reports sent on Mondays at ~9:00 AM site time:

Health Report

weekly_health
uptime Uptime estimate
event_counts Critical/high/medium counts

Performance Metrics

weekly_performance
response_time Average response time
memory_peak Peak memory usage

Security Summary

weekly_security
security_totals Security event totals
failed_logins Failed login attempts
WP-Cron Dependency: Both daily and weekly digests rely on WP-Cron. Ensure your host supports WP-Cron or implement alternative cron solutions for reliable delivery.

Recommended Starter Configuration

Production-ready configuration for development and production environments:

Category Recommended Settings Reasoning
Real-time Enable Critical and Security Catches the most important events without noise
Daily Digest Enable Error Report and User Activity Daily overview of problems and user behavior
Weekly Digest Enable Health and Security Weekly health check and security trends
Optional Add Performance if needed Only if you care about timing/memory metrics
Production Tip: This configuration balances security monitoring with operational efficiency. Adjust based on your site's traffic patterns, security requirements, and team size.

Export & Import

Transfer your logs and move your chosen configuration between Sentinel installations with ease.

Data Export

Pull activity records into different formats for review, reporting or regulatory compliance. Whether you're analysing patterns or preparing audits, there's a format to suit your needs.

Supported Formats

  • CSV: Great for spreadsheet programs such as Excel or Google Sheets
  • JSON: Ideal when connecting to external systems or APIs
  • XML: Provides compatibility with older or legacy applications

User Management

Sentinel lets you decide who can see the logs, download data or change settings. Assign abilities based on the role each user plays:

Role-Based Permissions

Control access to Sentinel features based on user roles:

Role View Logs Export Data Modify Settings
Administrator
Editor
Author
Access Control: This keeps sensitive log data and configuration changes under the control of those who need it, while still allowing other users access to view-only functions.
Coming Soon

API Documentation in Development

Hooks & Filters

Extend Sentinel's functionality with WordPress hooks and filters.

Available Hooks

Use these hooks to customize Sentinel's behavior.

Action Hooks 
// Log a custom event
do_action('sentinel_log_event', $event_data);

// Before event is logged
do_action('sentinel_before_log_event', $event_data);

// After event is logged
do_action('sentinel_after_log_event', $event_id, $event_data);
Filter Hooks 
// Modify event data before logging
$event_data = apply_filters('sentinel_event_data', $event_data);

// Filter which events to log
$should_log = apply_filters('sentinel_should_log_event', true, $event_data);
Coming Soon

API Documentation in Development

Functions

Useful functions for working with Sentinel programmatically.

Core Functions

Essential functions for integrating with Sentinel.

Logging Functions 
// Log an event
sentinel_log_event($event_type, $message, $user_id = null, $metadata = []);

// Get recent events
$events = sentinel_get_recent_events($limit = 10);

// Check if event type is enabled
$enabled = sentinel_is_event_enabled($event_type);
Coming Soon

API Documentation in Development

Classes

Object-oriented approach to working with Sentinel.

Main Classes

Core classes for advanced integration.

Sentinel_Logger Class 
// Initialize logger
$logger = new Sentinel_Logger();

// Log an event
$logger->log($event_type, $message, $user_id, $metadata);

// Get events with filters
$events = $logger->get_events([
    'user_id' => 1,
    'event_type' => 'login',
    'date_from' => '2024-01-01'
]);
Coming Soon

API Documentation in Development

REST API

Access Sentinel data via WordPress REST API.

API Endpoints

Available REST API endpoints for Sentinel data.

API Endpoints 
GET /wp-json/sentinel/v1/events
GET /wp-json/sentinel/v1/events/{id}
POST /wp-json/sentinel/v1/events
GET /wp-json/sentinel/v1/stats
GET /wp-json/sentinel/v1/settings

Common Issues

Solutions to frequently encountered problems.

Troubleshooting FAQs

Common issues and their solutions.

Why are some events not being logged?

Check SentinelEvent Registry to ensure the event type isn’t disabled. Also make sure your role isn’t excluded in SettingsPrivacy & Security. If batch logging is on, a stuck queue (sentinel_log_queue) can delay logging until processed.

I enabled “Error events” alerts but I never get them. Why?

In v1.0.0, the “Error events” real-time toggle checks for priority = error, but no events have this priority. Use the Error category toggle instead until fixed in the next release.

Can I send email alerts to multiple addresses?

Not in v1.0.0. Only the first valid email entered in SettingsNotifications is used. To send to more people, use a group/distribution Notifications is used. To send to more people, use a group/distribution email address.

Frequently Asked Questions

Common questions and answers about Sentinel to help you get the most out of your security monitoring.

Does Sentinel slow down my website?

No! Sentinel is designed for minimal performance impact. It uses efficient batch logging, asynchronous processing, and includes performance optimization settings to ensure your site runs smoothly. The plugin typically adds less than 50ms to page load times.

Can I export my activity logs?

Yes! Sentinel includes CSV export functionality for compliance reporting and data analysis. You can export logs by date range, event type, or user. Perfect for security audits, compliance requirements, and long-term record keeping.

Is Sentinel GDPR compliant?

Sentinel provides tools (IP anonymization, data export/deletion, role-based access, audit logs) to help you comply with GDPR, but compliance depends on how you configure and use it. We recommend consulting with legal professionals for full compliance.

How much storage space do the logs use?

Log storage depends on your site's activity level. A typical site with moderate traffic uses approximately 1-5MB per month. Sentinel includes automatic cleanup features to manage storage efficiently, and you can adjust retention periods based on your needs.

Does Sentinel slow down my website?

Sentinel is designed to be lightweight. Most logging happens in the background, and batch logging can reduce database writes during page loads. Performance monitors can help you identify if Sentinel itself is adding overhead.

Can I export my activity logs?

Yes. Go to Settings → Export & Integration to export logs in CSV, JSON, or XML format. You can filter by date range and log source (active, archive, or both).

Is Sentinel GDPR compliant?

Sentinel includes tools for GDPR compliance, such as IP anonymization, user data export, and deletion requests. You are responsible for configuring these features and ensuring overall compliance for your site.

How much storage space do the logs use?

Log size depends on site activity and retention settings. Use Settings → Log Management to set retention periods or archive older entries to manage database size.

Can I monitor multiple WordPress sites?

Sentinel is installed per site. To monitor multiple sites, install it on each one. Centralized dashboards could be built using exports or third-party integrations.

What happens if I uninstall Sentinel?

By default, logs and settings remain in your database after uninstalling. You can choose to delete them completely in Settings → Privacy before uninstalling.

Does Sentinel work with other security plugins?

Yes. Sentinel focuses on monitoring and logging, making it compatible with active security plugins like Wordfence, Sucuri, or iThemes Security.

Can Sentinel send me email alerts?

Yes. You can configure real-time alerts and daily/weekly digests in Settings → Notifications. In v1.0.0, only one recipient email is supported.

How do I stop logging for certain users or roles?

Use Settings → Privacy & Security to exclude specific user roles from logging. This is useful for developers or staging site admins.

What happens if I uninstall Sentinel?

When you uninstall Sentinel, you can choose to either delete all log data or keep it for future reference. The plugin will remove its database tables and clean up any files it created. Your WordPress site will continue to function normally.

Does Sentinel work with other security plugins?

Sentinel is designed to work alongside other security plugins without conflicts. It focuses on activity monitoring and logging rather than active security measures, making it complementary to plugins like Wordfence, Sucuri, or iThemes Security.

Support

Get help when you need it most.

Direct Support

Priority

Get personalized help from our team. Include your WordPress version, Sentinel version, and specific error messages.

Contact Support →

Latest Updates

v1.0.0

Download the newest version with bug fixes and feature improvements. Always backup before updating.

Download Latest →

Quick Diagnostics

Self-Help

Check your site's status: Go to Sentinel → Dashboard to see recent events, system health, and configuration warnings.

Emergency Issues

If Sentinel is causing site problems, deactivate the plugin immediately via Plugins → Installed Plugins and then contact support with details.