Track and keep an audit of every change on your WordPress and WordPress multisite installations easily with WP Security Audit Log, the most popular WordPress security monitoring plugin.
WP White Security is happy to announce a new revamped version of WP Security Audit Log; the most popular WordPress security monitoring and auditing plugin is finally out of beta and is available for download from the WordPress repository plugin page. Here is an overview of what is new and improved in Version 1.0 of WP Security Audit Log.
WordPress Security Monitoring Just Got More Robust and Better
We have learnt a lot since we launched the first version of WP Security Audit Log plugin 9 months ago, and we decided to put what we have learnt into practise. Version 1.0 of WP Security Audit Log is a complete rewrite of the plugin. Version 1.0 is much more stable and robust when compared to its predecessors. Version 1.0 also allows us to scale the plugin much better, so expect a number of new and cool features in the near future, such as searching, filtering, alerting and reporting.
Granular WordPress Monitoring and Detailed Security Alerts
With this new version of WP Security Audit Log we take WordPress monitoring to the next level. Unlike other WordPress monitoring plugins, WP Security Audit Log reports extensive details in the WordPress alerts. For example while other plugins will alert you that a page was changed, WP Security Audit Log will alert you about what was changed in the page, such as the author, date, template and much more. Such details are really important especially if you need to trace back suspicious behaviour or a malicious WordPress hack attack.
Monitor Themes and Plugin File Code Changes
Version 1 of WP Security Audit Log keeps a record of who is using the WordPress in-build editor to modify themes and plugins files. The modified filename will also be reported so you can easily track down any website breakdowns, plugin or theme code modifications, or a malicious code injection and other similar WordPress hacks.
Monitor WordPress Settings
WordPress security alerts will be generated when WordPress is updated or when the WordPress permalinks are changed. WP Security Audit Log also monitors several other WordPress settings changes as explained in the section WordPress Settings and System Security Alerts.
Monitor WordPress Themes
In this new version of WP Security Audit Log WordPress administrators can also monitor the WordPress themes; a WordPress security alerts are generated when a new theme is installed or when a theme is activated on WordPress.
Granular Monitoring of WordPress Pages
An alert advising you that a WordPress page was modified is not enough. The new version of WP Security Audit Log alerts WordPress administrators even when a page’s template or parent is changed. For more detailed information about WordPress pages monitoring alerts refer to the WordPress Pages Activity Security Alerts section.
New Audit Log Viewer
The Audit Log Viewer has also been revamped. It will auto refresh upon new activity; hence administrators do not have to click the refresh button to view the latest alerts generated by the latest activity.
New Developer Tools
The new version of the WordPress monitoring plugin is also shipped with a number of new developer tools which allow WordPress developers and administrators to get more information about the alerts, monitor and get alerted of WordPress and PHP errors and much more.
WordPress Security Alert Data Inspector
Once enabled from the settings, the Alert Data Inspector allows developers and administrators to see more detailed information about each alert generated by the plugin, such as the user-agent string, the user ID and more as seen in the below screenshot.
By enabling the developer option PHP errors from the plugin settings, WP Security Audit Log will also generate an alert about all the PHP errors, warnings, notices, exceptions and shutdown. Such features come in handy for anyone developing a theme, plugin or other extension on WordPress. A screenshot of a PHP shutdown alert is shown below.
Enable the Request Log from the plugin settings to log all the HTTP GET and POST responses sent to your WordPress and WordPress multisite websites to a log file. The log file Request.log.php is created in the plugin directory and is using a PHP extension for security reasons; if someone guesses the log file name it cannot be downloaded like a normal log file, thus exposing sensitive details about the WordPress blog or site.
List of New WordPress Security Alerts Introduced in this Version
Below is a list of new WordPress security alerts that are generated by the plugin when such activity is noticed:
- Alert 2046: User modified a file using the editor
- Alert 2047: User changed parent of page
- Alert 2048: User changed template of page
- Alert 2049: User set post as sticky
- Alert 2050: User removed post from Sticky
- Alert 5005: User installed a new theme
- Alert 5006: User activated a theme
- Alert 6004: User upgraded WordPress
- Alert 6005: User changed the WordPress permalinks
As explained in the previous section, the new version of WP Security Audit Log can also monitor PHP activity and errors, thus making it a handy tool for WordPress developers. Below is a list of alerts that monitor PHP errors:
- Alert 0000: Unknown error
- Alert 0001: PHP error
- Alert 0002: PHP warning
- Alert 0003: PHP notice
- Alert 0004: PHP exception
- Alert 0005: PHP shutdown error
For a complete list of WordPress security alerts and WordPress activity that WP Security Audit Log can monitor and keep an audit of refer to the Complete List of WordPress Security Alerts.
Download WP Security Audit Log Plugin
Download the WordPress security monitoring plugin WP Security Audit Log from the official WordPress plugin repository and start monitoring your WordPress and WordPress multisite installations today. For more details about the WordPress activity that WP Security Audit Log plugin can monitor refer to the List of WordPress Security Audit Log Alerts.
Upgrading WP Security Audit Log Plugin
Once you login to your WordPress using an administrator account you will be automatically notified that an upgrade of WP Security Audit Log plugin is available. You can upgrade automatically by clicking the upgrade link.
If you want to manually upgrade the plugin; download WP Security Audit Log from the WordPress repository, deactivate the plugin from the WordPress dashboard, delete all plugin files and replace them with the new files. Once all files are uploaded, enable the plugin from the WordPress dashboard.
Rate WP Security Audit Log Plugin
If you use WP Security Audit Log plugin and it helped you improve the security and monitoring of your WordPress blogs and websites, please rate WP Security Audit Log on the WordPress repository. If you have any questions, feedback or need support please get in touch with us by sending us an email on firstname.lastname@example.org.
You can also subscribe to our WP White Security Plugins newsletter to get notified via emails when new updates, plugins and tips are available.