What Sentinel Does and Why It Matters
Sentinel (Security Logs) is an API-level monitoring module designed for Init Manga. Its goal is to eliminate blind spots. If someone or something attempts restricted actions—fetching another user’s chapter, uploading images without permission, or calling Wasabi / Init Uploader without a valid credential—you will have the evidence to investigate and take action.
Key Capabilities
- Real-time logging of unauthorized REST API actions (403, 4xx, 5xx).
- Forensic-grade data capture: endpoint, action, status code, IP address, user-agent, associated user (if logged in).
- Noise reduction: trusted roles (Editor+) are excluded to avoid unnecessary entries.
- Super lightweight architecture: single DB insert, near-zero performance overhead.
- Automatic cleanup of old logs to keep the table optimized and fast.
Built-in Admin Tools for Monitoring
- Dashboard Widget: a quick snapshot of recent security activity, severity colored, sortable.
- Full Security Logs Page: full-width table, instant search, filtering by user, IP, status code, endpoint, or action.
- Export to CSV for auditing, investigating incidents, or sharing with support.
How Sentinel Works
Whenever an unauthorized request occurs, Sentinel intercepts and logs it at the exact response point. The operation is optimized to be as lightweight as possible: a single database write and done. Trusted user roles can be excluded to reduce noise and focus on real threats.
Tangible Benefits for Site Owners and Teams
- Clear traceability: know who triggered what, when, and from where.
- Operational clarity: identify misconfigured scripts, bots, or brute-force attempts instantly.
- Better technical support: precise diagnostics when working with developers or hosting.
- Audit readiness: export logs periodically for documentation or compliance.
Getting Started
- Update Init Manga to version 1.8.1.
- Check your WP Dashboard widget area to view recent Sentinel activity.
- Open the new Security Logs admin page to search, filter, and export entries.
Full control over Sentinel logging
You can fine-tune Sentinel’s logging with two new filters:
init_manga_sentinel_enabled: fully enable/disable logging (useful for dev/staging environments).init_manga_sentinel_retention_days: set how many days logs are kept (default 30) to manage DB size and security policy.
Add these filters in your theme or a custom plugin—no core changes needed.
// 1) Turn off logging completely (e.g. when dev/staging)
add_filter('init_manga_sentinel_enabled', function($enabled) {
return false; // tắt toàn bộ logging
}, 10);
// 2) Change the number of days to keep logs to 7 days
add_filter('init_manga_sentinel_retention_days', function($days) {
return 7;
}, 10);
FAQ
Does Sentinel slow down my site? No. Logging only triggers on unauthorized requests and performs a single optimized insert.
Can I restrict what gets logged? Yes. Advanced hooks allow custom log filtering for specific endpoints or conditions.
Conclusion
Sentinel transforms API security from reactive to proactive. When something suspicious happens, you will know. And when the Security Logs page stays empty, that means everything is working exactly as it should.
Comments