The WP Security Audit Log plugin is a WordPress plugin that keeps an audit trail of everything that happens on your WordPress and WordPress multisite network. There are several WordPress audit trail / log plugins available, tough we chose to review WP Security Audit Log because it is has the most comprehensive logging and the best coverage of WordPress changes. It is also the most complete and mature WordPress audit trail solution.
Why Do You Need a WordPress Audit Trail?
First things first, why would you need a WordPress audit trail? A WordPress audit trail is a record, or better a log of every change that happened on your WordPress, similar to Syslog on Linux/Unix or the Events Viewer on Microsoft Windows. The WordPress audit trail can be used to:
- Keep track of users’ productivity (ideal for multi-users setups),
- Ease the troubleshooting in case something is wrong with the WordPress website,
- Identify any possible malicious WordPress hack attacks before they actually happen,
- Catch hackers red handed if they manage to hack into your WordPress,
- Do all the forensics to track back which security hole the hackers exploited so you can close it down.
The above are just a few reasons mostly related to WordPress security of why you would need to keep a record of all the changes that happen on your WordPress. There are many other reasons related to business and operations, for example to ensure that your business WordPress website meets today’s stringent regulatory compliance regulations, in case you’re using WordPress for your business website.
Getting Started with the WP Security Audit Log Plugin
Install the WP Security Audit Log plugin from your Plugins page in your WordPress dashboard and activate it. By default the WP Security Audit Log will keep track of all these changes on your WordPress. You can also watch the short video below for a quick introduction.
Comprehensive Tracking of WordPress Changes
The comprehensive WordPress audit trail is what sets this plugin apart from the competition. For example while the other audit log plugins simply record that a post was updated, WP Security Audit Log tells you what exactly changed in the post. For example in the screenshot below we can see that the plugin kept a record when all of the below changes happened:
- User opened the post in the editor,
- Author of the post was changed,
- Title of the post was changed,
- URL of the post was changed
In case the content is changed the alert reporting the change in the plugin will allow you to see the revision of changes, as per the below screenshot.
Fully Configurable WordPress Audit Trail Plugin
WP Security Audit Log is also a fully configurable WordPress plugin, therefore it allows you to customize the plugin’s functionality to suite your own needs. Below is an overview of what you can configure.
Enable / Disable Alerts
The plugin keeps a record of all these WordPress changes. If for example you do not want to keep a record each time a logged in user, or a website visitor requests a non-existing page (HTTP 404 Error) navigate to the Enable/Disable Alerts > System Activity tab and disable Alert 6007 as shown in the below screenshot.
Browse through the different categories to find the change you would like to disable or enable back.
Generic Plugin Settings
You can also configure things such as:
- Support for WAFs and reverse proxy (more information on this option),
- Specify who can access the plugin’s settings and manage it,
- Enable logging, developer options,
- And much more.
Audit Trail Settings
In the Audit Log / Trail settings you can configure settings related to the WordPress audit trail, such as:
- Automatic pruning of alerts from the audit trail,
- Who can view the WordPress audit trial,
- The time zone the plugin uses to timestamp the WordPress changes etc.
Exclude Objects from Monitoring
You can also exclude the below from being recorded in the WordPress audit trial:
- Specific users or roles,
- Custom fields,
- IP addresses.
Beefing Up the WordPress Audit Trail
Keeping an audit trail of all the changes that happen is a WordPress security best practice but who has the time to check the log every few minutes? The good news is that you do not need to. WP Security Audit Log has a number of premium add-ons so you can:
- Configure email notifications so you are alerted instantly via email of important changes on your WordPress,
- Do free text based searches so you can find that specific change when troubleshooting an issue,
- Generate reports for managers, to monitor users’ productivity and for regulatory compliance reasons,
- See who is logged in and block multiple sessions from the same username.
You can add all of the above functionality to get the best out of your WordPress audit trail solution by purchasing the All Add-Ons bundle. Prices start from as low as $89.