Security is a concern for any business – online or offline. As a brick and mortar store owner who’s curious about what’s happening in your business when nobody’s looking, the solution can be as simple as installing a security camera. But what are you supposed to do when you’re running a WordPress website that multiple users or complete strangers might have access to?
WP Security Audit Log is just the solution you’re looking for. This free and easy to use plugin is capable of keeping an eye on everything that’s going on behind the scenes, i.e. it keeps an audit trail of every change that users make on your WordPress. Not only can you keep an eye out for potential security breaches, you can also make sure users are doing what they’re supposed to be doing when they’re logged into your website.
WP Security Audit Log was developed by WP White Security, a European company that provides WordPress security consulting and audit services.
In this post, we’re going to cover the primary features and functionality of this audit trail plugin and if you decide it’s something you’d like to try on your site, we’ve got a 15% off coupon code that you can use for any of the optional extensions.
As the name of the plugin suggests, it’s purpose is to maintain a detailed audit log of everything that’s happening on the admin and user side of your website. The plugin works on both WordPress and WordPress Multisite.
While the plugin can be used to track users actions and productivity, it’s primary purpose is to alert you to any unusual or suspicious activity. By watching for unusual activity, you are often able to prevent events either before they happen or very early in the process.
The list of potential activities and changes that WP Security Audit Log is capable of tracking on your WordPress is extensive. Of course, you don’t necessarily need to keep track of all those items. The plugin has various options that will allow you avoid monitoring some of the extraneous information or disabling/enabling individual alerts. Just a few of the important activities that are logged include:
- New user registrations and role changes.
- When a user modifies the role, password or profile settings of another user.
- When a user installs, activates or deactivates a plugin.
- When a plugin or theme file is modified with the editor.
- When the administrator email id changed.
- Failed login attempts.
- A change in the WordPress registration settings.
- Tables are created, modified or deleted from the database.
- Various PHP notifications including errors, warnings, notices and shutdown errors.
For WordPress Multisite users, this plugin has some specific alerts that will help you track activity across your entire network. With 13 MultiSite specific alerts you be able to monitor for things such as:
- When a user is granted Super Admin privileges.
- When a new network is created.
- Anytime a new site is added to the network.
- When a theme is activated or deactivated on the network.
- When a user is added to site on the network
SETUP & USE
Installing WP Security Audit Log is a simple as downloading the plugin from the WordPress repository. Once installed and activated, the plugin adds its own menu called “Audit Log” just below the WP Dashboard.
Audit Log Viewer
The first option in the menu is the Audit Log Viewer. As the name implies, this is from where you can see every enabled and triggered alert. As well, the list can be sorted based upon all of the displayed criteria including code, date, username and source IP.
Every available alert is categorized and listed within this section. You’ll be able to enable or disable each alert depending on your specific needs. Each alert has its own specific error code, type (notice, warning and critical) and description.
The settings tab is divided into two sections – General and Exclude Objects.
Under General, you can automatically clean up your database of previous alerts by setting them to delete after a specified period of time or after a maximum number have been reached.
Next up is an option to add the most recent 5 alerts to your WordPress Dashboard and some Proxy / Firewall options that will adjust how the plugin goes about retrieving a users IP address when running behind a web application firewall.
By default only WordPress administrators can view the alerts or manage the plugin but this can be changed and access can be granted to specific roles and users by simply adding the information in the Can View Alerts and Can Manage Plugin settings.
In the settings tab, you can also control how the Audit Log display is set up including automatic or manual refresh, displaying specific columns and the time format.
If you want to hide the plugin from the plugins page you can do so with a simple check box. In case you not interested in default WordPress background activity, you can also hide that activity from your log.
The exclude tab allows you to be a little more selective in regards to who or what you are monitoring. You can exclude specific users and roles from monitoring as well as any activity from a specific IP address and custom fields changes. If, as the site owner, you are frequently working from the same IP address, you can cut down on database use by excluding your personal activity.
WP Security Audit Logs offers 4 premium add-ons that enable you to extend the functionality of the plugin. Each plugin is priced individually based upon a single, 5 site, or 10 site license. Currently, the add-ons offered include:
By default, WP Security Audit Log stores the audit trail in the WordPress database. There are potentially two issues with this setup. First, if you’re tracking a large number of alerts, you’ll be growing the size of your database fairly quickly. The second issue is that you will probably have some sensitive user information contained within the logs. By using this add-on, your security logs will be maintained within their own separate database thus boosting both performance and security.
WordPress User Activity Reports
This add-on will allow you to create customizable WordPress log reports based upon a variety of criteria including:
- A specific site or all sites in a network
- By user or for all users
- By roles or for all roles
- By specific alerts or by alert codes
Once you select your criteria you can generate your reports in either CSV or HTML format which means they can be imported into Excel or Google Sheets for storage or printing. The development team is planning several updates to this plugin in the near future including the ability to automate reports.
Search Audit Logs
Sometimes you need to keep tabs on a specific activity or user. And if you are logging a high number of alerts, it can become tedious to filter the results. This add-on will allow you to search using text-based queries or by filtering the data by date, alert ID, IP address, or username. This greatly reduces the amount of time it takes to find the critical information you’re looking for.
Having to login to WordPress every time you want to check for a specific series of alerts can be a pain. It also means you might not notice malicious activity until the damage has already been done. The Email notification add-on allows you to setup and trigger an alert when a specific set of criteria is achieved. For example, you might request an email alert anytime files are modified during a specific time frame.
Support & Updates
WP Security Audit Log offers free support for the plugin through the WordPress forums. There is no charge for this support so response times and solutions are not guaranteed. That said, in looking through the support forums, most of the issues (including ones that were only 1 week old) had been resolved.
If you purchase one of the paid add-ons, they include 1 year of premium support and updates. If you need support after that period, you’ll need to renew your license key, and renewals have a 30% discount. Premium support includes telephone and email access, Monday to Friday during business hours. A response is guaranteed within 24 hours. My experience with support was much faster. After requesting new license keys, I had a response and solution in under 30 minutes.
WP Security Audit Log is a great plugin that presents a two potential solutions to a variety of WordPress users.
From a security perspective, it can help to keep you apprised of changes that are happening on your WordPress site in real-time. If someone hacks into your WordPress backend and begins making changes, you’ll be notified immediately (using the email notification). There are many occasions where this can help to prevent a small breach from becoming a big problem.
For someone who is responsible for managing a network of WordPress sites, it can make the oversight task infinitely easier. You can easily decide what qualifies as unusual or suspicious activity and set up the appropriate alerts. It also makes it easier to keep track of who’s doing what on your network.
Keep in mind that although this is a free plugin, some of the add-ons can really be considered mandatory. In particular, using an external database, email alerts, and the search function. We’ve got a 15% off coupon (WPKUBE15) available for any add-ons you might purchase, but either way, it’s definitely worth your while to download and try out the free version.
If you’re currently using WP Security Audit Logs, please share your experiences below in the comments.