Ever wished that you had more information about what’s happening inside your WordPress dashboard?
If you run a site where you allow other contributors to access the dashboard, you might want to know what those people are doing – like whether they edit a post, or upload an image.
Or, even if you’re the only person with access to your dashboard, you might want some type of monitoring to make sure that a malicious user doesn’t get your account credentials somehow and start editing things, or that your plugins aren’t making malicious edits to your site’s database.
In both cases, a WordPress security audit log plugin can help you stay on top of everything that’s happening. It will give you a list of all the actions users, plugins, and themes perform in your WordPress dashboard, which will help you:
In this post, I will show you how to add a security audit log to your WordPress site using a free plugin called WP Security Audit Log. I have been using this plugin for almost a year at ShoutMeLoud, and it has become an integral part of the list of ShoutMeLoud WordPress plugins.
As a blog admin, this plugin is going to be very handy. If you are a freelancer or an agency who manages WordPress for their client or setup WordPress based websites, you should install this plugin and audit the log once in a while to ensure everything is alright.
Using a security audit log plugin, you’ll be able to track when any WordPress user performs any of the following actions:
And for every single change, you’ll be able to see the:
Below, I’ll show you how you can get started with your own security audit log.
To create a WordPress security audit log for free, you can use the WP Security Audit Log plugin. This popular plugin is listed at WordPress.org and is active on over 70,000 sites while maintaining a 4.7-star rating. They also have a premium version that one can consider if they want advanced features. Here at ShoutMeLoud, I’m using the free version.
To get started, install and activate the plugin at your site. Once you’ve done that, here’s how to configure and use it…
Configuring The WP Security Audit Log Setup Wizard
Once you install and activate the WP Security Audit Log, it should automatically launch a setup wizard:
Click Start Configuring the Plugin to begin the process.
Next, you’ll choose the level of logging you want. If you’re just running a regular blog, the Basic level is probably enough:
The main difference is that Geek adds logging for more niche activity like:
Geek is a good option, especially for security-conscious sites, but again, Basic should be fine for most bloggers.
Read this post for a full list of the differences between the two tracking levels.
Once you’ve selected your logging level, you can choose how long you want to keep the data for. I recommend using 6 months or 12 months to avoid using too much database storage space. If you want to keep all of the data, then you need the premium version as it allows you to use a separate external database to store your logging data:
Next, you can choose who has access to view your activity log. By default, only Administrators can view the log. But if desired, you can grant access to specific users or other user roles.
Unless you know someone else needs access to the logs, I recommend leaving this setting at the default (“No”):
Finally, on the Exclude Objects page, you can exclude specific users from being logged. If desired, you can use this to exclude yourself from logging. I recommend not doing this, though, as there’s a benefit to tracking yourself because you can see if anyone has gained unauthorized access to your account:
What you can do, though, is exclude your own IP address. That way, you can still see if someone else uses your account.
Once you click Next, you’ll see a success screen and you’re all finished with the setup process.
Once you finish the setup wizard, your activity log will start monitoring all the activity on your site.
To view a live stream of the activity, go to Audit Log → Audit Log Viewer in your WordPress dashboard:
This view will show you a basic look at all of the activity on your site.
The Severity column will show you how potentially critical a change is. Note that a severe rating isn’t necessarily bad – it just means that you should pay special attention to make sure that the activity was authorized.
And the User and Message columns will tell you who made the change and what the change was in plain English.
If you want to see more information about a specific event, you can click on the ‘…’ icon to open a more detailed view:
The more detailed view is only really helpful for developers – but it does provide all of the relevant information if needed.
That’s pretty much all there is to using the log – it’s quite simple!
Over the time, you should enable/disable the events that matter to you. This will ensure that you see only useful logs.
The free version of WP Security Audit Log makes a great option for most sites, especially blogs. In many scenarios, such as, for agencies, for the WooCommerce WordPress site, a premium version would be more appropriate. I have shared the pricing chart in the later section of this article. For now, this chart shows the difference between the free version and various premium version plans:
Here I’m highlighting three features among many, that offers maximum value:
Notifications And Reports
To make monitoring your activity log easier, the premium version lets you:
Logged In User Control
The premium version lets you see a list of all the users who are currently logged in to your WordPress site. It also lets you see where they’re logging in from. And if needed, you can terminate their current session (log them out) with the click of a button.
If you want to keep a permanent log, it’s better for performance and storage to use an external database, instead of your WordPress site’s database. The premium version lets you do this, and it also lets you mirror your audit logs to other tools like Syslog or Papertrail.
Using a WordPress security audit log helps you keep your site more secure and monitor what actions users take on your site.
With a plugin like WP Security Audit Log, you can get this functionality for free and the setup takes just a few minutes to start logging.
And while some especially security-conscious sites might want the premium version of the plugin, the free version should work fine for most sites, especially blogs.
Do you have any other questions about how to create a security audit log on WordPress? Let us know in the comments!
Here are a few hand-picked WordPress plugins that you should check out next:
The world is going online. With the new infrastructural developments taking place globally, more and more businesses are opting to… Read More
Google Ads is bringing its Merchant Promotions program to Shopping Actions for retailers. This integration allows online retailers to add… Read More
The top AMP plugin for WordPress, AMP for WP, has released a released a patch for a critical security vulnerability.… Read More
A well-orchestrated PPC campaign can benefit a good SEO campaign, as Sergey Grybniak explores in How to Combine SEO &… Read More
Social Media Marketing Industry Report In our 10th annual social media study (44 pages, 70+ charts) of 5700+ marketers, you'll… Read More
Recently, our firm took over the digital marketing efforts for a small company. Their previous digital marketing efforts were led… Read More