WP Security Audit Log Plugin is a free WordPress plugin that helps site administrators and owners monitor all activities on their site. It is a comprehensive monitoring tool that boosts your site’s security by helping you immediately detect anything suspicious before it turns into a serious problem. The plugin tracks activities related to plugins, themes, widgets, user accounts, and core WordPress settings. Every activity is assigned an alert code which makes for easy viewing while going through the logs. The log includes details like user ID, role, and IP address for each activity making it so easy for you to act against unwanted visitors to your site. Unlike regular audit logs that display a long of activities making it hard to sift through, this plugin lets you enable specific alerts that are important to you. That way there is little chance of missing critical alerts when they are logged or worrying about the logs taking up too much space. The plugin supports both single and multisite WordPress installs. This extremely popular monitoring and auditing plugin is developed by the team at WP White Security.
The plugin can be installed from the WordPress plugin repository just like any other. The setup is a fairly straight-forward process that only takes a few minutes. A top-level menu is added on your dashboard to help you navigate through the options.
From the Settings page, you can define users and roles that can view the alerts and modify the plugin settings. You can also enable a dashboard widget that displays the latest 5 security alerts. Additionally, you can configure the maximum alerts that you want to keep at any point.
The plugin supports a bunch of developer-only options which come in handy during testing and staging. It generates an alert when a PHP error, warning, exception, or shutdown is detected. It is also possible to log all HTTP GET and POST requests that are reaching your WordPress installation to a log file. These settings, when enabled, will affect your site’s performance and hence not recommended for live sites.
If you are worried about having to screen hundreds of logs, the plugin takes care of it effectively. It lets you customize the alert settings by providing a way of enabling/ disabling specific alerts. By default, all alerts are turned on. So if there are activities that don’t need tracking, you simply have to disable them here.
Once you have the right set of alerts enabled, you can move on to monitoring the logs. The Audit Log Viewer displays the list of all the logs generated along with the criticality. By going through this list, you can easily detect suspicious activity like repeated failed login attempts. The log viewer gives you the list of all the ongoings on your site such as –
- When WordPress users log in or out
- From where WordPress users are logging in
- Users who created a blog post, page or a custom post
- Users who published a blog post, page or a custom post
- Users who modified published WordPress content such as custom posts, pages or a blog posts
- Users who moves content such as blog posts or WordPress pages to trash or permanently deleted it
- Users who modify WordPress widgets
- Uses who upload or delete any files
The plugin supports 3 premium extensions that bring added functionality such as email notification, search tool, and report generation.
- WordPress Email Notifications Extension
- Security Alerts Search Extension
- Reporting Extension
WordPress Email Notification Extension
Using this extension, you can get instantly notified when important changes are made to your site. You can configure triggers for the activities that are important to you and an email will be sent whenever they occur. This is very useful as you don’t have to wait until you view the log to spring into action in case of suspicious activities.
Security Alert Search Extension
This is another extremely useful tool that provides free text based searches and built-in filters to track down and find specific WordPress changes and user activity. When you have hundreds of logs generated, it is very difficult to go through the entire list when you’re looking for something. For example, if you want to look for recent user registrations. With this extension, all you have to do is add the appropriate code in the filter and hit search. It’s really that simple.
The Reporting Extension allows you to generate reports to keep track of all activities on your site. If you have any legal requirements that you need to comply with, this extension makes it so much easier to monitor it.
The team at WP White Security provides excellent support for the plugin on WordPress forums for free. If you’re looking for personalized premium support, that too is an option via email to those who purchase any of the Premium Extensions that we just talked about.
The plugin is extremely easy to use and helps you track everything that’s happening on your site. Whether it’s a single user site owner or a website designer managing multiple sites, this plugin has something unique to offer for everyone. You can effectively track changes to your site before they turn into serious issues. You can download the plugin from the WordPress Plugin Repository for free, here.