Support

 Hi there, despite running Admin Tools Pro, our site was compromised late last year via the weblinks folder. I have been told that the Apache logs show numerous attempts from hackers to access the site etc. I have been running the .htaccess maker but despite all this, the admin tools shows exactly zero security exceptions, for the entire year. How can this be ?

Please make sure the security log is enabled. Go to Admin Tools, Web Application Firewall, Configure WAF, in the Logging And Reporting section, make sure Log security exceptions is set to Yes.

I have another site with absolutely zero exceptions and BOTH instances the Logging in the Config is set to YES.

Actually, that would be correct. The .htaccess Maker would set up security at the Apache level, any exceptions from .htaccess would be in the Apache error log. Security exceptions from the Web Application Firewall would hit the Admin Tools Security Log.

It seems very strange though that your security log is empty. I have a hacker whose goal in life appears to be to log in to my site as administrator. I have the Administrator secret URL parameter set up and get hundreds of exceptions from that defense alone. I would recommend that you take a look at the WAF and see what portions are enabled and what sort of security exceptions you would expect to get from that.