WP Security Audit Log Plugin Datasheet
The role of the WP Security Audit Log plugin on a WordPress website and multisite network is to keep a record of all the system and user changes in a WordPress activity log. In fact the plugin is known for its comprehensive WordPress activity logs. Though WP Security Audit Log is more than that – it is a complete WordPress activity log solution that can:
- Send you email notifications when important changes happen on your website,
- Allows you to see who is logged in in real time,
- Be used to setup a WordPress intrusion detection system (IDS),
- Generate site and user activity reports,
- And much more!
Being such a powerful solution, the WP Security Audit Log has a number of under the hood features and settings that typically go unnoticed unless they are required. This datasheet highlights all the features that make WP Security Audit Log the most popular and comprehensive WordPress activity log plugin.
WordPress activity log features
Configurable comprehensibility of the activity log
The plugin has two different type of log levels. You can choose any of them, with the detailed keeping a log of everything, or opt to manually configure which of the individual changes you want to keep a log of in the WordPress activity log. Every event in the granular list of all the WordPress activity log events can be disabled. It is up to you to specify what to keep a log of or not.
Configurable activity log data retention
The retention period of the WordPress activity log data is configurable. You can configure the plugin to keep all data or delete any data that is older than a specific period of time.
Configurable activity log access privilege
By default only WordPress administrators and super administrators (multisite networks) can view the WordPress activity log data. Though you can assign the privileges to other users with non administrator role to view the activity log or even lock down access to a single user.
Dead accurate activity log timestamps
The timestamps used in the WordPress activity log includes milliseconds, which is a requirement many business has to adhere to because of strict regulatory compliance requirements.
Configurable & personalized timezone
The plugin uses the UTC timezone for the WordPress activity log timestamps. Though you can configure it to use the same timezone you have configured on your WordPress website.
Configurable activity log timestamp timezone & date format
The format of the timestamps and dates used in the WordPress activity log are the same as those configured in your WordPress website, ensuring it maintains all standards set on your website.
Configurable user display information
In the WordPress activity log you can choose to display either the user’s first and last name or the username. Refer to how to configure the user information displayed in the WordPress activity log for more information.
Configurable activity log views
The WordPress activity log viewer has the Event ID, Event Severity, Date & Time, User, Source IP Address and Message columns. You can choose to remove any of these columns from the plugin settings.
Option to exclude objects from the activity log
You can exclude objects from the WordPress activity log. You can exclude individual WordPress users, users by WordPress role, custom fields, IP addresses, post types and more from the plugin settings.
WP Security Audit Log Plugin features
Full WordPress multisite network support
The WP Security audit log is also an activity log for WordPress multisite networks. When installed on one, super administrators can access all activity logs and site administrators have access the activity logs of the website they administer.
File integrity scans (WordPress site file changes notifications)
The WP Security Audit Log plugin runs WordPress file integrity scans to keep a log in the WordPress activity log when a new file is added to your website, or an existing file is modified or deleted. Read the WordPress file integrity scanner and file changes events in the activity log for more information on this feature and how you can fine tune it.
WordPress activity log events dashboard widget
The plugin adds a widget on the WordPress dashboard page from where administrators can get an overview of the last few changes that happened on their WordPress website once they login, without the need to access the activity log viewer.
Live activity log events in WordPress admin bar
Keep an eye on what is happening in real time without the need to stop what you are doing! The plugin always shows the latest event from the activity log in real time in the WordPress admin bar of all site administrators.
Support for web application firewalls (WAF) and reverse proxies
Even when a WordPress website is hosted behind a web application firewall or reverse proxy the plugin can still report the original users’ IP address. Read the WordPress activity log reverse proxy & WAF support document for more information on how to use this feature.
Configurable access to plugin settings
In a default install the plugin settings and activity log can only be managed by WordPress users with the administrator role (and super admin on multisite networks). You can restrict access to the plugin settings to a single user or allow other users which do not have an admin role to manage the plugin. Read managing the WordPress activity log plugin privileges for more information.
WordPress login page notification
To comply with the GDPR and other mandatory compliance requirements, you can add a notification on the WordPress login page to advise logged-in users that all their actions are being logged in a WordPress activity log.
Hide plugin from the WordPress plugins page
You can hide the WP Security Audit Log plugin from the plugins page in the WordPress admin pages. This means users who have access to the list of installed plugins on the website won’t know that the WordPress activity log plugin is installed.
Advanced Settings for Plugin Management
The plugin also has a number of settings and options that allow you to do admin tasks on the plugin, such as reset the plugin settings to default and purge all the events in the WordPress activity log. When these settings are used a record of who used them and when is recorded in the activity log to ensure integrity and security.
MainWP Child Site Stealth Mode
More often than not, agencies who install our WordPress activity log plugin on their clients’ site try not to show the activity log to their clients. Typically they are not technical people so if site owners get access to the activity log they might not understand it and raise a lot of false alarms. To cater for this the plugin has the MainWP Child Site Stealth Mode setting. When enabled the plugin is hidden on MainWP child sites.
Premium Edition Features
Users Sessions Management
See who is logged in
The plugin allows you to see who is logged on your WordPress website and reports their latest change in real time.
Manage multiple same user sessions
You can use the plugin to manage how people use the same username to login to your website at the same time. Read managing multiple same WordPress user sessions for more information.
Reports for WordPress
Generate any type of site and user activity report
The reports module has all the tools you need to generate any type of site, user, user role, content and several other types of WordPress report. Setting up a report criteria is very easy and it only requires a few mouse clicks!
Schedule reports to be sent to you automatically by email
Configure any report criteria and schedule it to be sent automatically to you via email. Scheduled reports can be configured to be sent daily, weekly, monthly and even at quarterly intervals.
Generate statistics reports
You can also use the Reports for WordPress module to create statistics reports such as number of logins per user, number of logins of all users with a particular role, number of page views, number of published content per user, different IP addresses used per username and much more.
WordPress Report in different formats
All the WordPress reports can be generated in both HTML and CSV formats. The latter format is ideal if you want to import or parse the report data automatically with other tools.
Search & filters for the WordPress activity log
Free text search in the activity log
You can use the free text search functionality to easily search for events in the WordPress activity log that include metadata that matches your search term.
Filters for fine tuning search results
Sometimes the results of free text search results can contain a lot of events, making it difficult to find what you are looking for. For such scenario the plugin has search filters which you can use to fine tune the WordPress activity log search results and easily find what you are looking for. The WordPress activity log and search results can be filtered by quite a few criteria, such as the date, IP address, Alert ID, Users and user roles.
Save searches & filters combination for later use
All searches and filters combinations can be saved for future use. This feature is certainly useful if you frequently run the same searches. You can save several search and filters combinations for later use.
Email Notifications for WordPress
Get Started easily with a Wizard and pre-configured email notifications
Configuring your first email notifications is very easy. The WP Security Audit Log has a number of pre configured email notifications which you can just enable with a mouse click. You can also use the wizard to create your email notifications triggers.
Unique security email notifications
The plugin can be configured to send you an email when a user logs in for the first time on your WordPress website. This notification is a unique and must have in case a user is created directly in the WordPress database through a malicious hack.
Daily Activity Log direct email notification
The activity log of a busy WordPress site or multisite network can have thousands of events per day. So you can use the daily WordPress activity log digest email, which is sent automatically to you on a daily basis, highlighting the most important changes that happened that day.
Email notification trigger builder
The plugin has a trigger builder that can be used to build any type of email notification trigger. It supports the AND and OR operands and also grouping of conditions, thus allowing you to easily create advanced logic for the email notifications trigger. Refer to creating WordPress email notifications trigger with the builder for more information.
Editable email templates
All the email templates the WordPress activity log plugin uses to send email notifications are editable. A number of variables are also available and can be used in the email templates. Refer to editing the WordPress email notifications templates for more information.
Configurable from email address
You can configure the from email address and display name of the email notifications the WP Security Audit Log plugin sends. This is ideal if you do not want to use the default administrator account email address configured on your WordPress.
External databases & Integrations Tools
External database support for the WordPress activity log
You can store the WordPress activity log in an external database rather than the WordPress one, for increased security, authenticity and performance. The activity logs can also be hosted on a different server.
WordPress activity log archiving
The WP Security Audit Log plugin allows you to configure archiving of the WordPress activity log data to an external database. You can archive alerts based on date. When you archive events from the main database it is easier to search and the main database runs much faster.
Search & reports for archiving database
The WP Security Audit Log search and filters can be used to search for data in the archiving database. The same with reports, you can generate reports from data stored in the archived WordPress activity log. All premium features support the WordPress activity log archive database.
WordPress activity log mirroring
The WP Security Audit Log plugin has a mirroring feature with which you can mirror the WordPress audit log to your server’s Syslog, Papertrail or another MySQL database to ensure you always have a backup copy of your website’s WordPress activity log.
Support for corporate central log repositories
Since the plugin has the ability to mirror the WordPress activity logs to solutions such as Syslog and Papertrail, it is possible to export the WordPress activity logs to your corporate central log repository, where the logs from all devices and software running in the enterprise is centrally stored.
MySQL SSL connection support
The WP Security Audit Log plugin supports SSL MySQL connections so the connection between your website and the WordPress activity log database is encrypted.
Client certificate support
The WordPress activity log plugin also supports client certificates, so you can use them when connecting to the external WordPress activity log database should they be required in your environment.
External database connection buffer
The integrity of your WordPress activity log should not depend on the quality of the connection between your website and the external database where the WordPress activity log is stored. To cater for this the WP security Audit Log plugin has a buffer so when the connection is offline or slow, it temporarily stores the events in the WordPress database until the external database is available again.
Support for third party solutions
The WP Security Audit Log plugin goes beyond keeping a log of what users are doing on your WordPress website and multisite. It an also keep a log and the details of all changes done on:
- WooCommerce store and products
- Yoast SEO plugin
- bbPress forum plugin
- Advanced Custom Fields
- Paid Membership Pro
- Restrict Content Pro
- Gutenberg editor