Security is a concern for any business – online or offline. As a brick and mortar store owner who’s wants to know what’s happening in your business when you are not looking, the solution can be as simple as installing a security camera. But what are you supposed to do when you’re running a WordPress website that multiple users or complete strangers might have access to?
WP Security Audit Log is just the solution you’re looking for. This free and easy to use activity log plugin for WordPress is capable of keeping an eye on everything that’s going on behind the scenes – it keeps an activity log (also known as audit trail or audit log) of every change that users make on your WordPress sites and multisite networks. Not only can you keep an eye out for potential security breaches, you can also make sure users are doing what they’re supposed to be doing when they’re logged into your website.
WP Security Audit Log is developed by WP White Security, a European company that develops WordPress security plugins and runs by Robert Abela
In this post, we’re going to cover the primary features and functionality of this activity log plugin. If you need to use it on your WordPress site we’ve got a 15% off coupon code that you can use for when you are upgrading to the premium edition.
WordPress Activity Log Plugin Features
As the name of the plugin suggests, its purpose is to maintain a detailed audit log of everything that’s happening on the admin and user side of your website. The plugin works on both WordPress and WordPress Multisite.
While many use a WordPress activity log plugin to keep track of users actions and productivity, there are several other benefits to keeping an activity log, such as:
- Get alerted instantly of important changes that happen on your site
- Ease WordPress site troubleshooting – no more guess work!
- Generate user and site activity reports
- Ensure your business site is compliant to regulatory compliance requirements
- Identify suspicious behavior before it becomes a security issue.
By watching for unusual activity, you are often able to prevent hack attacks either before they happen or very early in the process, thus limiting the damage the malicious hacker can do to your site.
The list of potential activities and changes that WP Security Audit Log is capable of keeping a log of on your WordPress is very extensive. Of course, you don’t necessarily need to keep track of all those items and you can easily disable (and reenable back) any type of event and monitoring. Just a few of the important activities that are logged include:
- New user registrations
- WordPress site file changes (not limited to WordPress core, plugins or themes)
- User profile changes such as a change of role, password, email or other details
- Plugins & themes installs, activations, updates, deactivations or deletion
- WordPress settings changes, such as permalinks and administrator email id
- Failed login attempts and 404 errors
- Tables are created, modified or deleted from the database.
- Various PHP notifications including errors, warnings, notices and shutdown errors.
The plugin is also an activity log for WordPress Multisite, so it has specific events that will help you track activity across your entire network. So on multisite you’ll be able to monitor things such as:
- Network user changes (network user is created, added or removed from a site)
- User role changes, such as when a user is granted Super Admin privileges
- Sites changes (e.g. new site is added, existing one is archived, deleted or changed)
- Themes and plugins are installed and activated or deactivated on the network.
Setting Up The Activity Log Plugin
Installing the WP Security Audit Log plugin is simple – download the plugin from the WordPress repository. Once installed and activated, you will be greeted with a setup wizard which allows you to configure the basics, such as log level detail, retention rules, privileges etc.
Once you configure the plugin basics the plugin starts keeping a lot of changes automatically.
Audit Log Viewer
You can see your WordPress activity log from the Audit Log Viewer entry in the plugin’s menu. For every change in the activity log the plugin reports the event ID, severity, date and time, user and role, the IP address from where the user is logged in, and the actual change. The activity log is very comprehensive so it does not just report a post change, it reports what has changed in the post, if it was content, the URL, author or title.
Changing the Activity Log Detail Level
By default the plugin has two different levels of detail for the activity log – basic and geek. If you are new to activity logs we’d recommend you to start with the basic level, so you are not overwhelmed with the data. If after a few days you see that you need to keep a log of more changes, change the log level detail from the Enable / Disable Events entry in the menu.
In this section you can also disable, and re enable already disabled events. The events are split in different categories so they are very easy to find. You can also refer to and search in the complete list of activity log events for WordPress to see which is the event ID of a particular event.
Support for Popular Third Party Plugins
In the Enable / Disable Events section you will also notice that the plugin has out of the box support for popular WordPress plugins such as WooCommerce, Yoast SEO, and BBPress. These events will be automatically enabled if one of these plugins is activated on your site.
Activity Log Plugin Settings
Being a comprehensive activity log solution for WordPress, the plugin has quite a few settings, which allow you to fine tune the activity log and the plugin as per your requirements. The settings are split into five sections:
- Activity Log
- File Integrity Scan
- Exclude Objects
- Advanced Settings
Below is an overview of what type of settings you can configure in every section.
General Activity Log Plugin Settings
In this section of the plugin settings you can configure options that affect the overall behaviour of the activity log plugin, such as:
- Enable / disable the dashboard widget & live admin bar notifications
- Enable and change the WordPress login page notification
- Configure the plugin & activity log privileges (who can see the activity log)
- Enable support for web application firewalls and reverse proxies
Activity Log Settings
In this section you can configure how the data in the activity log is displayed and handled by the plugin, such as:
- WordPress activity log retention settings
- Timestamp and users display settings
- Activity log column selection
WordPress File Integrity Scan Settings
WP Security Audit Log is the only activity log plugin that keeps a log of any file changes that happen on your WordPress site. In this section you can configure all of the file integrity can settings, such as:
- Enable or disable the file integrity scans
- Specify how often the file integrity scans should run on your WordPress site
- Exclude files, directories, or files with a specific extension from the file integrity scans
- Launch an instant WordPress files integrity scan on your site
Exclude Objects Settings
From this section you can specify any of the below to be excluded from the activity logs of your WordPress sites or multisite networks:
- IP Addresses
- Post Types
- Custom Fields
- Non-existing URLs
Once an object is excluded from the activity log, the plugin will not keep a log of any event related to that excluded object.
Advanced Activity Log Plugin Settings
Most probably you won’t need to use any of these settings, though just in case, from here you can:
- Enable the request log (which should only be used for support and debugging)
- Reset the plugin settings to default
- Purge the WordPress activity log
- Enable the MainWP child site stealth mode (for when the plugin is installed on MainWP child sites)
Premium Activity Log Functionality
The activity logs functionality is available for free. Though you can upgrade to the premium edition of the WP Security Audit Log plugin to benefit of these features:
See Who Is Logged In & Sessions Management
Once you upgrade to the premium edition of the plugin you can see who is logged in to your WordPress site in real time and terminate any of the sessions with just a mouse click. You can also configure rules to block or limit the number of simultaneous sessions a user can have.
Get Notified Instantly of Important Changes via Email or SMS messages
Having to login to WordPress every time you want to check for a specific series of events can be a pain. It also means you might not notice malicious activity until the damage has already been done. With the premium edition of the plugin you can configure triggers so you get notified instantly via email or SMS when a specific change happens on your site.
For example, you might configure the plugin to send you an alert anytime files are modified during a specific time frame, or when there is a login outside office hours, as configured in the above screenshot.
Search In The Activity Logs
Sometimes you need to keep tabs on a specific activity or user. And if you are logging a high number of events, it can become tedious to filter the results. In the premium edition you can search using text-based queries, and use the filter to fine-tune the search results. You can filter by date, event ID, IP address, username and several other filters. This greatly reduces the amount of time it takes to find the critical information you’re looking for.
Generate WordPress Site & User Activity Reports
In the premium edition of the WP Security Audit Log plugin you can also create any type of WordPress log reports. You can use any of the below criteria for reports:
- A specific site or all sites on a network
- By user or for all users
- By roles or for all roles
- By specific alerts or by alert codes
Once you select the criteria you can generate your reports in either CSV or HTML format. This means reports can be easily imported into Excel or Google Sheets for storage, printing or automatic parsing from other software. You can also configure and schedule reports so you get the reports via email on a daily, weekly, monthly or quarterly basis.
Activity Log Database Management
By default, the activity log (audit trail) of your WordPress site is stored in the WordPress database, in its own tables. There are potentially two issues with this setup; the size of your database, and there is no segregation between WordPress data and the logs, so in case of a hack your logs might be tampered with. In the premium edition of the plugin you can save the activity log in a separate database, even on a remote server, thus boosting both performance and security of your Site.
Activity Log Integration and Centralization
Many businesses use solutions such as Splunk and Slack to centralize their logs and other software events. With the premium edition of the WP Security Audit Log plugin you can easily integrate the plugin with solutions such as Papertrail, Splunk, and Syslog so logs are automatically exported to such systems, allowing you to centralize your WordPress activity logs with all the others.
Support & Plugin Updates
WP Security Audit Log offers free plugin support through the WordPress forums. Even though this support is just for the free edition, in looking through the support forums, most of the issues (including ones that are only 1 week old) have been resolved.
Though if you upgrade to premium you also get premium support and updates. Premium support is available via telephone and email, Monday to Friday during normal business hours. A response is guaranteed within 24 hours, though my experience with support was much faster. After requesting new license keys, I had a response and solution in under 30 minutes.
Our Take On WP Security Audit Log
The WP Security Audit Log plugin is a great activity log WordPress solution and the benefits of using this plugin to keep a record of everything that happens on your site are multifold.
From a security perspective, it can help to keep you appraised of changes that are happening on your WordPress site in real-time. So if someone is trying to hack your WordPress sites, or hacks it and begins making changes, you’ll be notified immediately with the email notification. There are many occasions where this can help to prevent a small breach from becoming a big problem.
It also helps you better manage your WordPress site by knowing exactly what is happening and who is doing what. Also ideal for eCommerce store owners, with it’s WooCommerce activity log sensor it can make the oversight task infinitely easier. You can easily decide what qualifies as unusual or suspicious activity and set up the appropriate alerts. It also makes it easier to keep track of who’s doing what on your network.
Keep in mind that although this is a free plugin, the premium edition can almost be considered as mandatory, especially if your WordPress site is a business site.
We’ve got a 15% off coupon (WPKUBE15) available for when you purchase the premium edition, but either way, it’s definitely worth your while to download and try out the free version.