WP Activity Log Plugin Review: User Activity Logging for WordPress

WP Activity Log is a free plugin for WordPress that logs all logged in user activity. The plugin logs changes to content, any user account activity, changes to plugins and themes, and the WordPress core settings, plus much more. The logs are easy to interpret and make sense of and the plugin also includes a dashboard widget for quick access. Find out if this plugin can help tighten up security on your WordPress site in our WP Activity Log review.
Share on facebook
Share on twitter
Share on email
Share on facebook
Share on twitter
Share on email

[coupon id=”292452″]

WP Activity Log is a free plugin for WordPress that aims to allow you to identify security or access issues on your website before they become a problem. The plugin does this by keeping an audit log of all users on your site, and logging many of the activities they undertake through the admin interface of your WordPress site.

The plugin tracks a number of activities, such as changes to content, user accounts, plugins, themes, and the WordPress core settings. Each activity is given an alert level allowing you to easily identify potential security issues when viewing the logs. Although the plugin logs lots of activities by default, the list of actions that are logged can be totally customised to suit your needs.

The plugin has been developed by WP WhiteSecurity, a security services firm with 15 years of IT experience, who specialize in WordPress security.

To find out whether this plugin is a good choice for the security needs of your website, read our WP Activity Log plugin review.

Features and Usage

As mentioned, the WP Activity Log plugin keeps a detailed log of all of the activity that takes place on your site through the admin dashboard. Nothing has been overlooked and the list of security alerts is very extensive, with some highlights including:

  • User published a blog post
  • User modified a published WordPress page
  • User modified a widget
  • User changed a theme file using the theme editor
  • The role of a user was changed by another WordPress user
  • User activated a WordPress plugin
  • PHP Shutdown error
  • New network user created

As you can see the plugin covers the full spectrum of WordPress activity including content, widgets, users, plugins, themes, settings, and system activity. The plugin also has support for Multisite networks and has its own set of Multisite specific alerts.

When installed on a Multisite network, the WP Activity Log plugin allows the super admin user to view the activity across all sites in a single log, or by filtering the log for each individual site.

All of the activities that are logged are given an alert code for easy identification. They are also given an alert level so you can quickly see at a glance how concerned you should be about the alert, with the three levels including: notice, warning, and critical.

Using the WP Activity Log WordPress Plugin

Once the plugin has been installed and activated on your WordPress site, it can then be accessed from its own top level menu item on the admin menu.

WP Security Audit Log UI

As you can see, the plugin uses the native WordPress user interface to ensure that it integrates seamlessly with the rest of the core features of WordPress and is easy to use.

From the settings page you can define which users and roles can view the alerts and which can manage the plugin. This is a useful feature to have as it allows you to lock down the plugin so that others cannot edit the logs or settings to hide any suspicious behaviour.

The plugin also includes a dashboard alerts widget which displays the latest five security alerts from your site’s log, allowing you to get an update as soon as you login into the admin area of your site.

Dashboard Widget

There is also the option to set the period after which alerts will be deleted, and also set the maximum number of security events to keep in the log.

Further configuration options include the ability to enable or disable individual events and exclude them from the log. This can be done on an individual alert level, for example, by deselecting a single alert from a category such as ‘Widgets’, and then disabling the ‘User moved a widget’ event.

Enable or Disable Alerts

This is another useful feature as, although the detailed logging might be suitable for some websites, on sites with multiple authors and users with backend access, the logs would get filled very quickly and could result in you missing some important activities.

When it comes to viewing the log of events on your site, the records can be accessed from the ‘Audit Log Viewer’ page of the plugin.

The number of events in the log will depend on how you have configured the plugin and also how much activity there has been on your site. You also get the option of setting the number of rows to be shown, with the ability to paginate through the log.

The alerts are colour coded to indicate their level of severity, and you get an easy to understand description of the action that took place and by which user.

Pricing

This plugin is available for free making it a great option for anyone who wants to keep track of what activity is taking place on the admin dashboard of their website.

Support and Documentation

As this plugin has been developed by an IT security firm, there is a lot of good advice on the company blog about securing your WordPress site and protecting it from attack.

There isn’t a great deal of documentation to support the use of the plugin on the website but as its straightforward to get started with and use, this isn’t too much of a problem.

The team offer support via email or you can use the sub-forum for the plugin on the WordPress.org Plugin Directory to post a question.

The team also offer a number of WordPress services such as security hardening, malware removal, and website security audits.

Final Conclusion and Recommendations

This plugin should make a great addition to any WordPress site. It’s a good choice for those running a multi-author or multi-user WordPress site as they can easily keep track of who is doing what, and when they last logged into the site, including changes to settings and theme files.

WordPress users with a single user site where they are they only user who can access the site can also make use of this plugin. This is thanks to its ability to inform you if another user has gained access to your site or if any files or content have been changed which you yourself did not perform.

Another type of user who can benefit from installing the WP Activity Log plugin on their WordPress site is those who are creating sites for clients, and are providing on-going support or assistance. With this plugin installed they can easily check to see what the client has been doing, prior to them reporting an issue with their site, making it a good tool for troubleshooting user issues.

As this plugin works with WordPress Multisite networks, it’s also a great choice for those managing a network of websites from one installation.

If the plugin could be improved in any way I would like to see the ability to filter the logs. This would be useful for singling out a specific user and their activity, or perhaps viewing all actions on a certain date, or of a certain alert level.

Also it would be nice if it was possible to export the logs from within the WordPress admin dashboard. This would make it possible to filter the logs or keep archives of historic activity.

However, this is a great plugin that is a lot easier to use and a great deal more informative than many of the other security user activity logging plugins for WordPress. The logs are detailed and give you a clear idea of what has happened, instead of just being a general alert relating to the action that was performed.

If you want to know exactly what is happening on the admin side of your WordPress website, then installing this plugin is a great way to stay in the loop and get a warning of any issues before they become serious problems.

Get the WP Activity Log plugin

Table of Contents
Our Sponsors
Our sponsors

7 Responses

  1. Hi Joe,

    Thank you very much for the review and the recommendations. They are all valid and we are indeed already working on some of them, so stay tuned with us as well!

  2. Thanks.
    I was searching something like this. This looks awesome.
    I’ll try it in one of my WP sites within a few days…
    Thanks Robert for this cool work.

  3. Nice to get something from a log time.
    As a new blogger i am not so serious about security.
    There are not multiple users and also JetPack (got suggested by one of your youtube videos) blocks malicious attempts.
    But now I think I should think of free version of security audit log plugin, may be I will upgrade myself in future, if need arises.
    By the way thanks for this awesome post. I am looking for your post (not talking about other authors on your blog) from long time.
    Thanks
    have a nice day

  4. Thank you very much for the review and the recommendations. They are all valid and we are indeed already working on some of them, so stay tuned with us as well!
    Thanks
    have a nice day

  5. Nice post.one thing that I would like to know .
    Do this plugin inform how many malicious attempt has been executed to hack my website? Can I handle this plugin feature through my wordpress app?

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay up-to-date with the Mayor
Sign up to receive one weekly email about our latest reviews, tutorials, giveaways and more.