Detect intrusions

Categories
Log All user access (IP,Username,Time ,web request etc..).

If you do this ,then someday when your application /site is down/hacked you can trace the culprit and check what went wrong.

You may ask, if the user uses an proxy , Though it will help. As "what happened" is logged and the exploit can be fixed more easily.