Josh
c602b8f8f3
Discovery against the demo account on whp01 surfaced several inaccuracies: - Cache is Valkey (Redis wire-compatible), not Redis or Memcached. No Memcached is offered as a separate service. - Site Monitoring is the sidebar label (not 'AI Monitor'). - 'Add a domain' has no Primary/Add-on distinction. - Sites form: 'Container Type' (not 'Site type'), Number of Containers (1-10 for horizontal scaling), CPU per Container (default 0.25), Memory per Container (default 256MB), SSL inline on the same form. - Backups: default retention 5 days / 10 backups; on-demand + scheduled; S3 backup targets are visible and configurable. - Email: per-domain settings live behind 'Setup Instructions' on the Email page; mail server hostname is on the Dashboard (per-server, e.g. mail01.cloud-hosting.io), not per-domain. Also reworked the screenshot pipeline: - New shots.config.ts targets the real index.php?page=... URLs - Added redactSensitive() step that runs before each screenshot to swap server names, IPs, mail hostnames, and demo-user-isms with neutral placeholders. This keeps docs portable across the fleet. - Hides .brand-full and .navbar-text (top-bar server identifier and Welcome greeting). - Captured 9 real WHP screenshots; removed stale placeholders.
54 lines
2.4 KiB
Plaintext
54 lines
2.4 KiB
Plaintext
---
|
|
title: Site Monitoring
|
|
description: Proactive alerts for site errors, brute-force attempts, and exploit signatures.
|
|
sidebar:
|
|
order: 2
|
|
---
|
|
|
|
import PaidAddon from '~/content/partials/paid-addon-callout.mdx';
|
|
import Support from '~/content/partials/support-link.mdx';
|
|
|
|
<PaidAddon />
|
|
|
|
## What it does
|
|
|
|
Site Monitoring watches your site's logs, error rates, and access patterns in the background. If something looks unusual — a sustained spike in 500 errors, a brute-force pattern against a login page, a request matching a known exploit signature — you get an alert.
|
|
|
|
By default, alerts go to the contact email on your account. SMS is available for critical-severity events if you opt in.
|
|
|
|
## What's included
|
|
|
|
- **Real-time log scanning** across PHP, Apache, and access logs.
|
|
- **Brute-force detection** on auth endpoints (WordPress wp-login.php, generic /login, mail auth, SFTP).
|
|
- **Exploit-signature alerts** with severity grading (informational, warning, critical).
|
|
- **Per-rule ignore lists** so you can mute things you've already triaged or know are harmless for your site.
|
|
- **SMS notifications** for critical-severity alerts (configurable; off by default).
|
|
|
|
## How to enable
|
|
|
|
Site Monitoring is enabled per site. From the [client portal](https://secure.anhonesthost.com/clientarea.php), go to your hosting service → **Upgrade/Downgrade** and pick Site Monitoring.
|
|
|
|
## Where it lives in WHP
|
|
|
|
Once enabled, find it in the sidebar: **Site Monitoring**.
|
|
|
|
|
|
|
|
When the add-on isn't enabled, the page reads: *"AI monitoring is not enabled for any of your sites. Contact your hosting provider to enable this feature."*
|
|
|
|
Once enabled, the page shows a feed of events with severity badges and counts. Click an event for the full log context.
|
|
|
|
## Tuning false positives
|
|
|
|
Some signatures are noisier than others — for example, a security scanner you run yourself will trip every exploit-signature rule. Open the rule from the event detail and click **Ignore** to mute it for your account; the rule stays active for everyone else.
|
|
|
|
If you find yourself muting a rule frequently, [open a ticket](https://secure.anhonesthost.com/submitticket.php) — we may be able to tune the underlying rule for everyone instead of you suppressing each instance.
|
|
|
|
## Related
|
|
|
|
- [Add-ons overview](/whp/add-ons/overview/)
|
|
|
|
## Still stuck?
|
|
|
|
<Support />
|