monitor wordpress site through bash script

Have created a small bash script to monitor wordpress site status and report to the web admin in near real time. I really enjoyed the benefit of outcome of this script. What it does?

Script will monitor the apache access log constantly. Identifies the suspicious activity or error scenario and email to web admin. At the same time identified suspicious log entries are collected in different log file for easier analysis.

The logs been read and processed immediately once they arrived. Since we benefit receiving alert mail in near real time. This make us to take action immediately.


Do login as root or user who has access to read apache logs.

#mkdir $HOME/web_status && cd $HOME/web_status


###<<copy below content to file>>###

wc -l $HOME/web_status/errors_detected |awk '{print $1}' > $HOME/web_status/PLC.tmp
tail -Fn0 $LOGFILE |
while read line
echo $line |awk '($9>=300 && $9!=304 || $7 ~ /xmlrpc.php/ ){print}' >> $HOME/web_status/errors_detected

Note: Replace your apache access log file path at LOGFILE variable definition.

Step 2


###<< copy the below content to file. Replace and with your appropriate mail id’s >>###

LC=`wc -l $HOME/web_status/errors_detected |awk '{print $1}'`
PLC=`cat $HOME/web_status/PLC.tmp`
ERR=`expr $PLC + 5`

if [ "$LC" -gt "$ERR" ]; then
DT=`date +%d%b%y-%H:%m`
tail -n5 $HOME/web_status/errors_detected| mailx –r -s "Errors identified - $DT"
wc -l $HOME/web_status/errors_detected |awk '{print $1}' > $HOME/web_status/PLC.tmp

if [ "`ps -ef |grep|grep -v grep |wc -l`" -lt "1" ]; then
sh $HOME/web_status/ &
echo "started by `date`"


Place the below entry in user cron tab.

#crontab –e
* * * * * /bin/sh $HOME/web_status/ >> $HOME/web_status/log

The filter pattern used to to short error/suspicious can be changed as per your requirement. In above script below conditions are checked,

  1. Is the request is  to access xmlrpc.php?
  2. Any failure HTTP request but ignore cache request (status code 304)

Was the information useful? Any modification required? Leave your comments below.