LogHQ monitors your nginx access logs for WordPress and WooCommerce attacks — brute-force logins, exploit scans, checkout abuse, and sensitive data leaks. Deploy an agent in 30 seconds. See threats as they happen.
Every request that hits your nginx server is classified in real time. See exactly who is attacking, what they're after, and how your server responded.
Detects wp-login.php, xmlrpc.php, and login endpoint hammering. See which IPs are running credential stuffing attacks.
Detects customer data enumeration, order harvesting, coupon probing, and payment gateway discovery via WC REST API. Flags both blocked probes and successful data exposure (200).
Catches path traversal, SQL injection probes, .bak/.sql file hunting, and plugin/theme vulnerability scanners.
Alerts when attackers probe for .env, .git, phpinfo, or wp-config. A 200 response means your data was exposed.
Every attacking IP is resolved to its country of origin. See which regions are targeting your servers on a live dashboard.
Get notified via Telegram, email, or audible browser alerts when attack velocity spikes or a server goes offline.
Filter threats by HTTP status. A 200 on a leak path is critical. A 403 means nginx blocked it. Focus on what matters.
No complex configuration. No port forwarding. The agent runs as a cron job under www-data and sends threat data to your dashboard over HTTPS.
Register on the dashboard and add a server. You'll get a unique agent key and a one-liner install command.
Run the install command on your server. The agent auto-discovers nginx log files and starts monitoring immediately.
curl -s https://loghq.net/agent/install.sh | bash -s -- YOUR_KEY
Threats appear within 60 seconds. See attacking IPs, categories, geo-location, and attack velocity in real time via WebSocket.
We built LogHQ with a simple principle: the agent should do one thing and nothing else.
The agent only reads nginx access logs. It never writes to your filesystem, modifies configs, opens ports, or accepts inbound connections.
Runs as www-data via cron. No daemon, no background process, no elevated privileges. It wakes up, reads logs, sends data, exits.
Data flows out only — from your server to your dashboard. The API never sends commands back. Your server cannot be instructed remotely through LogHQ.
Agent self-updates are SHA-256 verified before installation. If the hash doesn't match, the update is rejected. The agent source is a single readable Python file.
The agent sends only classified threat entries — attacking IP, category, status code, and request path. It does not send your content, user data, or full access logs.
The entire agent is a single 400-line Python script at /opt/nginxsec/agent.py. Read it, audit it, diff it against updates. No compiled binaries, no obfuscation.
Live threat monitoring with instant reports. Everything you need to know about who's attacking your servers.
| # | IP Address | Hits | Category |
|---|---|---|---|
| 1 | 🇩🇪 185.220.101.xx | 312 | Exploit-Scan |
| 2 | 🇳🇱 45.148.10.xx | 189 | WP-Brute |
| 3 | 🇺🇸 192.241.xx.xx | 87 | System-Leak |
| 4 | 🇷🇴 94.102.xx.xx | 51 | WP-Core |
| # | IP Address | Country | Hits | Categories |
|---|---|---|---|---|
| 1 | 185.220.101.xx | DE | 847 | Exploit-Scan |
| 2 | 45.148.10.xx | NL | 523 | WP-Brute |
| 3 | 192.241.xx.xx | US | 319 | System-Leak |
| 4 | 94.102.xx.xx | RO | 281 | WP-Core |
| 5 | 162.142.xx.xx | US | 194 | Exploit-Scan |
Start free with one server. Upgrade when your fleet grows.
Built for European data protection. Your users' privacy is a toggle away.
Mask the last octet of all IP addresses in dashboards and reports. Threat detection still works — only the display is anonymized.
Download all your data as JSON with one click. Full transparency on what we store — Right of Access, Article 15.
Permanently delete your account and all associated data. Servers, threats, alerts — everything. Right to Erasure, Article 17.
Targeted emails in attack traffic are masked (ab***@domain.com) when GDPR mode is active. Protects personal data in threat logs.