WP Security Audit Log is a comprehensive activity log plugin that keeps a log of every change that happens on your WordPress sites and multisite networks. It is available as a free plugin with additional premium features.
In this plugin review we are going to highlight the benefits of activity logs on WordPress sites and multisite networks, and also look into the features of this WordPress activity log plugin.
To try the plugin on your website, you can install the free edition from the WordPress repository. If you are interested in the premium features we have teamed up with Robert Abela, the founder of this plugin, to offer you a 15% discount.
The Benefits of Having Activity Logs on WordPress Sites
Every online or network service you use has logs. When you login to your web host’s panel, or to your web server via SSH or FTPS, or even on your ebanking portal, a record of your action is kept in a log. Logs are a fundamental resource for businesses for accountability, reporting, and to better manage and secure all their IT assets.
And WordPress is no different. WordPress started as a simple blogging platform, but nowadays it is a fully blown multi user web application that many businesses depend on. Hence why it is important that you keep an activity log on your WordPress site, so you can:
- Ease troubleshooting – trying to troubleshoot a technical or user issue without logs is like trying to find a needle in a haystack.
- Improve security – logs allow you to identify suspicious behaviour before it becomes a security issue.
- Ensure accountability – if you have a WooCommerce store, or a multi author blog, activity logs are your eyes. They allow you to see what is going on and ensure user accountability.
- Meet regulatory compliance requirements – if you run an eCommerce site, even if you use a third party payment gateway, there are strict compliance requirements your WordPress site needs to adhere to. Keeping a log of changes is one of them.
- Do post-hack forensics – in the unfortunate case of a successful hack attack logs will show you what security weakness the attacker exploited and what they did on the site.
Activity logs have several other benefits too, however, the above should be enough to drive the point home. Let’s now see why you should use this comprehensive activity log plugin for WordPress.
Activity Logs Coverage and Comprehensiveness
Coverage and comprehensiveness are the two most important factors of activity logs. These are the two things that can really distinguish a really good activity log plugin from the rest.
Coverage is important because you want the plugin to keep a log of as many changes as possible. If, for example, the plugin only keeps a log of logins, logouts and content changes, then it is not a good enough solution. What about plugin activity, changes to WordPress settings, or WordPress file site changes?
Comprehensiveness, that is, the level of detail in the logs, is also very important. For example a post has so many things that can be changed – the content, custom fields, the author, status, title, URL, SEO title. It is very important that you review the information on what has changed within a post, and not just that a post has changed.
Coverage and comprehensiveness of activity logs are exactly where WP Security Audit Log excels. It has an ever growing list of WordPress changes it can keep a log of, and also reports changes in great detail, as highlighted in the below screenshot.
It is also worth noting that WP Security Audit Log is also an activity log plugin for WordPress multisite networks.
Fully Configurable Activity Logs
Even though comprehensiveness and coverage are the two most important factors of activity logs, we understand that not everyone is a geek. So you can disable any type of event from the activity logs with WP Security Audit Log, easily tailoring the activity logs to fit your business requirements.
Getting Started with WP Security Audit Log Plugin
Getting started with WP Security Audit Log and keeping a log of all changes that happen on your WordPress sites is really easy. Once you install the plugin you are greeted with a wizard that guides you in configuring the basics for the activity logs, mainly:
- Activity log detail level
- Logs data retention
- Activity log privileges (specify who can see the data)
- Exclusion options (exclude a user, IP address, roles etc from the activity logs)
Once you complete the wizard the plugin automatically starts keeping a log of all the changes that happen on your site. You do not need to do anything else.
Fine Tuning the Activity Log Plugin for Your WordPress Site
The WP Security Audit Log plugin defaults work well in most cases. However, there are always edge cases in which the plugin needs to be tweaked to meet the requirements. From the plugin settings, you can therefore configure:
- Activity log data retention policies
- Restrict activity log and even plugin settings access
- Hide the plugin from the plugins page
- Configure the time stamp of the activity logs
- Configure the WordPress file integrity checks
- Enable a login page notification (needed for GDPR compliance)
- Select what information is shown or not in the activity log viewer
- Disable or enable specific WordPress changes from the activity logs
- Exclude users, IP addresses, roles, custom fields etc from the activity logs
- And much more!
Premium Features & Pricing
The WP Security Audit Log plugin and all the activity logs functionality is available for free. There are no limitations on the coverage and data retention. Over and above that, the plugin has a number of activity log premium tools that you need to get the most out of the activity logs and better manage your site.
Keeping a record of changes on your WordPress site is certainly a good thing to do, but you can’t keep your eye peeled on the logs 24/7 – you need to run your business. Hence, WP Security Audit Log also has the following tools:
- Email Notifications: you can configure the plugin to send you an email whenever something specific happens on your WordPress site. For example, when there is an unusual login out of office hours, or from an unusual location, or when a new plugin is installed.
- Search & Filters: in the free edition you have sorting capabilities so you can find what you are looking for, but it takes quite some time. However, with the search and filters premium features you can do text searches and use the filters to narrow down the results, enabling you to find what you are looking for within just seconds.
- Users sessions management: with this feature you can see who is logged in and their latest change. You can also control how many simultaneous sessions a user can have, etc.
- Reports: geeks are not fans of reports, but they help managers make informed decisions and keep track of what is happening on the site and in their business. So with this feature you can build your own criteria to extract HTML and CSV reports from the activity logs.
- External database support: a must have for those sites with a lot of activity log data and for all eCommerce sites. With this module you can save the activity log in an external database and also archive old activity log data, ensuring data integrity and also reducing the resources footprint on the WordPress site.
- Integration with third party services: WP Security Audit Log can also be configured to mirror the activity logs to a local or remote syslog server, Slack and Papertrail. This feature is useful to those businesses who have a central logging system or would like to keep the NOC team informed about what is happening without giving them access to the WordPress site.
Support and Documentation
The WP Security Audit Log plugin is very well documented. Should you run into any issues or would like to learn more on how to do something specific, refer to the knowledge base where you can find information on how to get started and documentation on its advanced features.
Plugin support is also available via email and the sub-forum for the plugin on the WordPress.org Plugin Directory when you can post any questions.
Who is this plugin for?
This plugin is a great addition to any WordPress site and multisite network. It is a good choice for those running a multi-author or multi-user WordPress site as they can easily keep track of who is doing what and when they last logged into the site, including changes to settings and theme files.
Single user WordPress sites can also benefit from this activity log plugin. Thanks to its ability to inform you if another user has gained access to your site or if any files or content have been changed, you can rest assured that you will stay on top of everything that happens on your site.
WordPress agencies and technical support agencies can certainly benefit from the WP Security Audit log plugin. They can use it to keep a log of what is happening on their clients’ sites. In fact WP Security Audit Log also has an Activity Log extension for MainWP which helps users easily check and see what their clients are doing, prior to them reporting an issue with their site, making it a great tool for troubleshooting user issues.
Do you really need a plugin like this?
Like any other product this plugin also has its weak spots. For example, the plugin can be a bit overwhelming for non-technical WordPress users. Yes, users can disable some events in the activity log, but still, it can be a lot to handle unless you have basic technical understanding.
However, to really know exactly what is happening on the admin side of your WordPress website, or what your WooCommerce shop managers are doing, then installing this plugin is a great way to stay in the loop and get a warning of any issues before they become serious problems.
Check out WP Security Audit Log’s website and copy the coupon code below to get 15% off their premium versions.