When most developers talk about logging, they’re usually thinking about console.log() on the client. That’s fine for debugging UI quirks, but let’s be honest—it’s the toddler version of logging. The real magic happens on the server side, where every little move your app makes gets captured, timestamped, and dressed up with enough metadata to make Sherlock Holmes proud.
Server-side logs aren’t just noise. They’re visibility. They’re protection. They’re proof that your site isn’t just running—it’s humming, fighting off bots, delivering emails, syncing with APIs, and catching errors before users even notice.
Here’s a peek at how this site puts server-side logging to work:
reCAPTCHA Protection Logs
Client-Side
Even on the front end, logs matter—things like token generation, timing metrics, and verification statuses. But on the server is where it really shines.
Server-Side
Every reCAPTCHA verification attempt is logged, along with scores and error codes. It doesn’t just say “pass” or “fail”—it categorizes traffic into excellent, good, moderate, or suspicious. Pair that with honeypot checks, and you’ve got a clear trail of when bots tried to slip through.
Example JSON Log:
✅ [reCAPTCHA] Verification SUCCESS: {
"timestamp": "2025-08-17T14:54:30.513Z",
"success": true,
"score": 0.9,
"action": "contact_form_submit",
"hostname": "www.headlesswp.dev",
"challengeTs": "2025-08-17T14:54:05Z",
"verificationTimeMs": 200,
"ip": "123.456.789.0",
"userAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 18_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Ve",
"referrer": "https://www.headlesswp.dev/contact/"
}
🏆 [reCAPTCHA] Excellent score (≥0.9) - Very likely humanContact Form Activity
When a user fills out the contact form, it’s not just “submitted.” Logs capture the full picture:
- Submission IDs
- User agents and referrers
- Email delivery status via SMTP2GO
- Google Sheets sync results
Example JSON Log:
✅ [Contact Form] Form submission: {
"name": "John Doe",
"email": "hiddenforprivacy@gmail.com",
"phone": "8779777700",
"message": "Testing form, iOS, use this log for blog post",
"submission_time": "2025-08-17T14:54:30.513Z",
"form_id": "contact_form",
"referrer": "https://www.headlesswp.dev/contact/",
"userAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 18_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1'
}
2025-08-17T14:54:32.396Z [info] Email sent successfully via SMTP2GO
2025-08-17T14:54:32.396Z [info] Email notification sent successfully: 1unemG-FnQW0hPmxb1-TUBh
2025-08-17T14:54:32.396Z [info] Attempting to send form data to Google Sheets...
2025-08-17T14:54:32.396Z [info] Spreadsheet ID: 1RTtun_u-Orgxn8cDt6Vgb59v2_jAxlByc
2025-08-17T14:54:32.396Z [info] Sheet Name: Sheet1
2025-08-17T14:54:32.396Z [info] Using service account email from env: headlesswpdev@my-react-site-88774.iam.gserviceaccount.com
2025-08-17T14:54:32.396Z [info] Spreadsheet ID at runtime: 1RTtun_u-Orgxn8cDt6Vgb59v2Mx_jAxlByc
2025-08-17T14:54:32.396Z [info] Google Sheets Integration - Using sheet: "Sheet1" in spreadsheet: 1RTtun_u-Orgxn8cDt6Vgb59v2Mx_jAxlByc
2025-08-17T14:54:32.396Z [info] Using Google Sheets service account from environment variables
2025-08-17T14:54:32.396Z [info] Appending data to sheet: "Sheet1" in spreadsheet ID: 1RTtun_u-Orgxn8cDt6Vgb59v2Mx_jAxlByc
2025-08-17T14:54:32.927Z [info] Using service account: headlesswpdev@my-react-site-460718.iam.gserviceaccount.com
2025-08-17T14:54:33.254Z [info] Form data sent to Google Sheets successfully: Sheet1!A33:H33Newsletter Subscription Logs
Newsletters are like a magnet for bots, so logging every step is critical. From subscription attempts to verification emails, each action gets tracked—whether it’s an IP flagged by the honeypot, or a Mailchimp API handshake. This signup workflow is basic yet sophisticated. We store a pending token in a Vercel blob storage, and once the email is verified, we remove it. We also set a pending MailChimp subscription and then change it to active once complete.
Example JSON Log:
📧 Newsletter subscription attempt: {
"email": "hiddenforprivacy@gmail.com",
"ip": "123.456.789.00",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36",
"timestamp": "2025-08-20T18:10:07.734Z"
}
✅ Stored pending subscription: {
"token": "98424733...",
"url": "https://9ndgsxplsg.public.blob.vercel-storage.com/newsletter/pending/98424733143c08a4e29308797839ad50ea8a90e3ac5c12e3.json"
}
✅ Newsletter verification email sent via SMTP2GO: {
"email": "hiddenforprivacy@gmail.com",
"messageId": "1uonGF-4o5NDgrlhI0-p2Yy"
}
✅ Verification email sent: {
"email": "hiddenforprivacy@gmail.com",
"token": "98424733..."
}
//And once the verification link is clicked...
🔍 Looking for blob: {
"token": "98424733...",
"path": "newsletter/pending/98424733143c08a4e29308797839ad50ea8a90e3ac5c12e3.json"
}
✅ Found blob: {
"url": "https://k9ndgsxplsg.public.blob.vercel-storage.com/newsletter/pending/98424733143c08a4e29308797839ad50ea8a90e3ac5c12e3.json"
}
📄 Retrieved data: {
"email": "hiddenforprivacy@gmail.com",
"expires": "2025-08-21T18:10:07.736Z",
"currentTime": "2025-08-20T18:12:39.340Z",
"isExpired": "false"
}
📄 Pending subscription data: {
"email": "hiddenforprivacy@gmail.com",
"created": "2025-08-20T18:10:07.736Z",
"expires": "2025-08-21T18:10:07.736Z",
"now": "2025-08-20T18:12:39.340Z"
}
✅ Newsletter subscription confirmed: {
"email": "hiddenforprivacy@gmail.com",
"mailchimp_response": {
"id": "5542794a5bff57f03cc6739d373f653a",
"email_address": "hiddenforprivacy@gmail.com",
"unique_email_id": "e43d6e61d0",
"contact_id": "b1134448bb7caa76d20ed573659515c8",
"full_name": "",
"web_id": "623022591",
"email_type": "html",
"status": "subscribed",
"consents_to_one_to_one_messaging": "true",
"sms_phone_number": "",
"sms_subscription_status": "",
"sms_subscription_last_updated": "",
"merge_fields": {
"FNAME": "",
"LNAME": "",
"ADDRESS": "",
"PHONE": "",
"BIRTHDAY": "",
"COMPANY": ""
},
"stats": { "avg_open_rate": "0", "avg_click_rate": "0" },
"ip_signup": "",
"timestamp_signup": "",
"ip_opt": "123.456.789.00",
"timestamp_opt": "2025-08-20T18:12:40+00:00",
"member_rating": "2",
"last_changed": "2025-08-20T18:12:40+00:00",
"language": "",
"vip": "false",
"email_client": "",
"source": "API - Generic",
"tags_count": "0",
"tags": [],
"list_id": "0fc9bc4409"
}
}
✅ Newsletter welcome email sent via SMTP2GO: {
"email": "hiddenforprivacy@gmail.com",
"messageId": "1uonIf-FnQW0hPssF4-mY1l"
}
✅ Welcome email sent via SMTP2GO
🗑️ Deleted pending subscription: { "token": "98424733..." }Security & Bot Protection
Any time a bot gets caught in the honeypot, the logs record its IP, user agent, and attempt details. That’s instant visibility into how your defenses are working. In this instance the field "Company Name" was a honey pot that was filled out and triggered the entry to be blocked.
Example JSON Log:
🍯 Honeypot triggered - potential bot submission blocked: {
email: 'iamanastybot@gmail.com',
company_name: 'Acme hq',
ip: '123.456.789.00',
userAgent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36'
}Search Activity
When someone searches, the logs don’t just capture the query. They also log how many results were found, what the API returned, and whether a WordPress endpoint flaked out.
System Status & Monitoring
Even the monitoring tools are logged. API health checks, uptime pings, response times—everything gets tracked, so if something slows down or fails, the logs show you when and why.
Infrastructure Logs
From sitemap generation to WordPress content fetches, backend processes leave a trail. If your sitemap fails or a content fetch times out, the log tells you exactly what happened—no guesswork.
The Big Picture
Put all of this together and you’ve got a comprehensive view of your site’s health, performance, and security. Every log entry comes with timestamps, IPs, user agents, and detailed error information. It’s like having a 24/7 surveillance system that doesn’t just watch but remembers everything.
Server-side logs aren’t boring. They’re the coolest storytelling device your app has. They capture every chapter of what’s happening behind the scenes—so when something breaks, or when you need to prove everything’s running smoothly, the receipts are already there.