Getting Started with WP Security Audit Log

You are here:
Back

Keeping a record of every change that happens on your WordPress website and multisite network in a WordPress activity log is very easy! Just install WP Security Audit Log, the most comprehensive WordPress activity log plugin.

This getting started guide will help you get started with WP Security Audit Log. It includes all the information you need to configure the plugin to meet your logging and monitoring requirements.

Table of Content

 

Install and activate the plugin

The free edition of the WP Security Audit Log plugin is available on the official WordPress plugins repository. To install the plugin on your WordPress website:

  1. Navigate to the Plugins page in the WordPress dashboard and click the Add New button.
  2. Search for WP Security Audit Log and then click the Install Now button in the plugin dialogue box.

Install the WP Security Audit Log plugin on your WordPress and WordPress multisite

  1. When the plugin installation is complete click Activate Plugin to activate the plugin.
  2. Upon activating the plugin you will be asked if you want to launch a startup wizard to assist you configure the basics of the plugin. The wizard will assist you configure the:
  • level of detail of the activity log,
  • activity log retention policies,
  • activity log privileges,
  • exclusion of objects from the activity log.

WP Security Audit Log plugin startup wizard

Once you are ready with the wizard the plugin will automatically start keeping a record of all the changes that happen on your website in the WordPress activity log, as seen in the below video.

Recommended Reads for WP Security Audit Log Users

If you are new to WordPress activity logs, and would like to learn more about them and the WP Security Audit Log plugin, here are some recommended reads:

Configuring the Basics

Once that the WordPress activity log plugin is installed, there are a few basic configuration settings that you need to review and configure in order to ensure the plugin meets your requirements. Unless you have used the startup wizard to configure your plugin, you should consider configuring the below:

Activity log retention settings: By default the plugin only keeps 5,000 events in the WordPress activity log. You can configure the data retention period of the WordPress activity log based on time or number of alerts.

Activity log access: It is crucial that access to the WordPress activity log is restricted. By default only users with administrator and super administrator role can access the data. Though you can allow users with other roles to access the WordPress activity log or restrict access to a specific user.

WordPress login page compliance notification: Many regulatory compliance requirements, such as GDPR require website owners to advise users that their actions are being logged. If you need to adhere to these requirements, you can enable the WordPress login page notification to alert your users about the activity logs. You can also change the notification text.

Advanced WordPress Activity Log Configuration

By now you have configured the basics of your WordPress activity log solutions. This section covered advanced settings, which you might not necessarily need. Though it is good to know about them in case you might need to use them.

Excluding objects from the activity log

The WP Security Audit Log plugin is known for its comprehensive activity log and coverage, i.e. the plugin can keep a log of almost any change done on a WordPress website or multisite network. Though you might want to exclude an object from the activity log, for example you do not want to keep a log of the changes done by a particular user.

The WP Security Audit Log plugin has a number of exclusion settings which you can use to exclude objects from the WordPress activity log. Below is a list of links which explain how to exclude different objects:

Disabling events from the activity log

The WP Security Audit Log plugin can keep a log of hundreds of events that can happen on your WordPress website. Refer to the complete list of WordPress activity log Alert IDs to get a better idea of what the plugin can keep a log of.

You can disable, or re-enable back any of these events from the Enable / Disable Events node in the plugin menu. Read how to disable the logging of events in the WordPress activity log for more details on how to do this.

Enabling Support for Web Application Firewalls

If your WordPress website is installed behind a web application firewall (WAF) or a reverse proxy, by default the plugin will report the IP address of the firewall or proxy instead of the user. To fix this issue simply enable the setting WordPress running behind firewall or proxy in the plugin’s settings.

Read WP Security Audit Log plugin support for reverse proxies and WAFs for more details on this setting and how it works.

Your WordPress activity log solution is all set now!

The WP Security Audit Log plugin has several other settings though mostly they cater for edge cases. At this stage you should be done with configuring the plugin and your free WordPress activity log solution is all setup and running.

Build the Ultimate WordPress Activity Log Solution

Upgrade to WP Security Audit Log premium to benefit of all these features:

  • See who is logged in to your WordPress website in real time
  • Terminate user sessions with a mouse click
  • Generate CSV and HTML reports
  • Configure email alerts so you instantly alerted of important changes,
  • Search through the audit log using text searchers and filters,
  • Integrate the WordPress audit log solution with your central log management solution,
  • And many more features!

Refer to the premium features page for more detailed information on all the features available in the premium edition of the most comprehensive WordPress activity log plugin solution.