Keeping a record of every change that happens on your WordPress website and multisite network in a WordPress activity log is very easy! Just install WP Security Audit Log, the most comprehensive WordPress activity log plugin.
This getting started guide will help you get started with WP Security Audit Log and gives you all the information you need to configure the plugin to meet your logging and monitoring requirements.
Table of Content
- Install and activate the plugin
- Configuring the basics
- Advanced WordPress Activity Log Configuration
- Your WordPress activity log solution is all set now!
- Build the Ultimate WordPress Activity Log Solution
Install and activate the plugin
The free edition of the WP Security Audit Log plugin is available on the official WordPress plugins repository. So to install the plugin on your WordPress website:
- Navigate to the Plugins page on WordPress and click the Add New button.
- Search for WP Security Audit Log and then click Install Now.
- Once the installation is complete click Activate to activate the plugin.
That’s you done. The plugin will automatically start keeping a record of all the changes that happen on your website in the WordPress activity log, as seen in the below video.
Recommended Reads for WP Security Audit Log Users
If you are new to WordPress activity logs, and would like to learn more about them and the WP Security Audit Log plugin, here are some recommended reads:
- What is a WordPress Activity Log?
- What are the benefits of keeping a WordPress activity log?
- What are Events and Event IDs in the WordPress activity log?
- Why should you use the WP Security Audit Log plugin?
- How WP Security Audit Log can be part of your GDPR toolkit.
Configuring the Basics
Once that the WordPress activity log plugin is installed, there are a few basic configuration settings that you need to review and configure in order to ensure the plugin meets your requirements. These settings are listed below.
Activity log retention settings: By default the plugin only keeps 5,000 events in the WordPress activity log. You can configure the data retention period of the WordPress activity log based on time or number of alerts.
Activity log access: It is crucial that access to the WordPress activity log is restricted. By default only users with administrator and super administrator role can access the data. Though you can allow users with other roles to access the WordPress activity log or restrict access to a specific user.
WordPress login page compliance notification: Many regulatory compliance requirements, such as GDPR require website owners to advise users that their actions are being logged. If you need to adhere to these requirements, you can enable the WordPress login page notification to alert your users about the activity logs. You can also change the notification text.
Advanced WordPress Activity Log Configuration
By now you have configured the basics of your WordPress activity log solutions. This section covered advanced settings, which you might not necessarily need. Though it is good to know about them in case you might need to use them.
Excluding objects from the activity log
The WP Security Audit Log plugin is known for its comprehensive activity log and coverage, i.e. the plugin can keep a log of almost any change done on a WordPress website or multisite network. Though you might want to exclude an object from the activity log, for example you do not want to keep a log of the changes done by a particular user.
The WP Security Audit Log plugin has a number of exclusion settings which you can use to exclude objects from the WordPress activity log. Below is a list of links which explain how to exclude different objects:
- Excluding WordPress users or users with a specific role,
- Excluding post types (post, page, custom post types),
- Excluding IP Addresses,
- Excluding custom fields,
- Excluding non-existing URLs (404s)
- Excluding files and file types from the WordPress files integrity monitor.
Disabling events from the activity log
The WP Security Audit Log plugin can keep a log of hundreds of events that can happen on your WordPress website. Refer to the complete list of WordPress activity log Alert IDs to get a better idea of what the plugin can keep a log of.
You can disable, or re-enable back any of these events from the Enable / Disable Events node in the plugin menu. Read how to disable the logging of events in the WordPress activity log for more details on how to do this.
Enabling Support for Web Application Firewalls
If your WordPress website is installed behind a web application firewall (WAF) or a reverse proxy, by default the plugin will report the IP address of the firewall or proxy instead of the user. To fix this issue simply enable the setting WordPress running behind firewall or proxy in the plugin’s settings.
Read WP Security Audit Log plugin support for reverse proxies and WAFs for more details on this setting and how it works.
Your WordPress activity log solution is all set now!
The WP Security Audit Log plugin has several other settings though mostly they cater for edge cases. At this stage you should be done with configuring the plugin and your free WordPress activity log solution is all setup and running.
Build the Ultimate WordPress Activity Log Solution
Upgrade to WP Security Audit Log premium to benefit of all these features:
- See who is logged in to your WordPress website in real time
- Terminate user sessions with a mouse click
- Generate CSV and HTML reports
- Configure email alerts so you instantly alerted of important changes,
- Search through the audit log using text searchers and filters,
- Integrate the WordPress audit log solution with your central log management solution,
- And many more features!
Refer to the premium features page for more detailed information on all the features available in the premium edition of the most comprehensive WordPress activity log plugin solution.