How to set up Sqreen on a PHP Plesk webserver for monitoring a WordPress Blog

# List all your PHP versions in Plesk
ls -l /opt/plesk/php/
total 0
drwxr-xr-x 8 root root 71 Feb 21 2018 5.6
drwxr-xr-x 8 root root 71 Dec 7 2018 7.0
drwxr-xr-x 3 root root 16 Sep 25 2019 7.1
drwxr-xr-x 9 root root 85 Aug 28 17:02 7.3
# Select your specific PHP instance
/opt/plesk/php/7.3/bin/php -i | grep 'PHP Version'
/opt/plesk/php/7.3/bin/php -m

# From now run the steps as described in:
/opt/plesk/php/7.3/bin/php -i | grep extension_dir
ls /opt/plesk/php/7.3/etc/php.d

/opt/plesk/php/7.3/bin/php -i| grep 'additional .ini files'

curl -o sqreen-php-extension.tar.gz
tar xf sqreen-php-extension.tar.gz
cp /usr/lib/sqreen/extensions/7.3/ /opt/plesk/php/7.3/lib64/php/modules
cp /usr/lib/sqreen/conf/sqreen.ini /opt/plesk/php/7.3/etc/php.d
ls /opt/plesk/php/7.3/etc/php.d

# Enter your token (as described in the mentioned Sqreen instruction)
sudo nano /opt/plesk/php/7.3/etc/php.d/sqreen.ini

# Now restart your php service from Plesk UI
# Check your logs if Sqreen is running
ps aux | grep sqreen
cat /var/log/sqreen/sqreen.log
Sqreen detected a massive security scan which was triggered by nikto — a vulnerability scanner.
A screenshot of the user monitoring after the first successful login failure.
// On every request to map the authenticated user to the request
$user = get_user_from_cookie($_COOKIE['session_id']);
sqreen\identify(['email' => $user->email])


Finally I am done. Looking forward to receive the swag :-)



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store