Add Another Layer of Protection to your WordPress Site with Slack

Add Another Layer of Protection to your WordPress Site with Slack

Almost all organizations, irrespective of the industry, use Content Management Systems (CMS) to create their websites these days, and one of the most intuitive, advanced and yet user-friendly CMS, both for the website creators and end-users is – WordPress. Which is why WordPress has become ECHO’s CMS of choice.  

After having migrated to WordPress, the next pertinent step for us was to make sure our website was as secure as possible. After all – we are a full-service IT consulting firm that, among many other important things, also specializes in cybersecurity. As we were working on securing our website, I wanted to be notified every time somebody tries to log in as an administrator into our WordPress. Which is when I realized that there is nothing I could use out of the box. There was a way to install a plug-in that would send an email when an administrator logs in, but I did not like that much because we get more than enough emails daily and so it could easily get lost in the clutter and thus be ignored.  

So, I thought of Slack – why not have it send a message to a Slack channel instead. I found a WordPress plug-in called Slack Notifications which lets you configure certain types of events in WordPress to send out a request that can be interpreted by Slack’s API. Installed the plug-in and found that not only did it send notifications when an administrator tried to log in (both successfully and unsuccessfully) but it could also process page published and post published events, which meant the we would get notified in Slack every time new blog posts were published on our website. However, to make it work seamlessly, on the Slack side, I did have to create a new Slack app and configure incoming web hooks to accept the messages from WordPress. That is our ECHO WordPress app – it is the receiver end.

Administrator Login Notifications
Fig. 1 Administrator Login Notifications
Plugin/Theme Update Notifications
Fig. 2 Plugin/Theme Update Notifications
Fig. 3 Post Published Notification

What it does is far better than what I had hoped for: the messages look better than I anticipated, there is no clutter.  

What is not so good: because Slack only allows to authorize one channel at a time; we can only send messages to one channel (not two at the same time). I wish I could tell it to send to two channels, for example: #website and #announcements, but unfortunately it can only do one. 

Time to implement: Implementation is fairly quick and mostly depends on your WordPress setup. I would say that the best-case scenario would take under 2 hours, worst-case being around 4 hours. 

Why are we sharing this? 

This could be useful for all clients that have both WordPress and Slack, especially if they are security-conscious. Besides what I said above, the integration also posts messages when there are new updates for WordPress and WordPress plug-ins (see Fig. 2). That is great info to have for WordPress admins. It is also good for if you want to be able to announce new pages, posts or even updates to existing posts and pages, to your team or your clients that have Slack access. 

ECHO is always there to help, so feel free to get in touch if you have any questions.