The WP Security Audit Log plugin keeps a log of what logged in WordPress users do on the website. To achieve this, the plugin has a number of sensors. These are like listeners; they hook in different places in WordPress so when a user changes something, the plugin keeps a record of it in the activity log.
How many sensors does the plugin has?
The plugin has 19 sensors for WordPress and a few others for third party plugins such as BBPress, Yoast SEO and WooCommerce. You will find the sensors in the /classes/Sensors/ folder in the plugin’s installation folder (/wp-content/plugins/wp-security-audit-log). There are two types of sensors:
- back-end sensors,
- front-end sensors.
Note: For every new third party plugin we support, we create a new sensor so it can be easily enabled or disabled individually.
What is the difference between back-end and front-end sensors?
The plugin keeps a record of changes users do when they are logged in. For this, it uses the back-end sensors. These sensors load with the default WordPress login page and when a user is logged in only.
The front-end sensors load on the front-end of the website. These sensors are optional, and do not load by default, they are disabled. The plugin uses these three front-end sensors to keep a log of:
- Logins from custom WordPress login pages (typically used in membership, eCommerce and similar sites),
- New user registrations (this is only needed if you allow new users to register to your website),
- requests to non-existing pages by website visitors (HTTP 404 errors).
You can enabled (or disabled) the front-end sensors from the plugin’s wizard, which runs during install, or from the Front-End Events tab in the Enable / Disable Events menu entry:
Do you need the front-end sensors?
You can enable or disable front-end sensors individually. To determine if you should have your front-end sensors disabled or enabled, answer the below questions:
- Does your website have any custom login pages? If it is an eCommerce or membership website, most probably it has. If that is the case, and you want to keep a log whenever users login from the custom login page, enable the sensor for front-end users logins.
- Can visitors register a user on your website? Similar to the above, if you sell through your website or it is a membership website, users can register. If that is the case, enable the sensor front-end users registrations.
- Do you want to keep a log of all the requests to non existing URLs your website visitors make? If yes, enable the sensor for website visitors 404 errors.
- For WooCommerce owners only: do you want to keep a log of stock changes that happen when website visitors (non logged in / non registered) buy something? If yes, enable the sensor for front-end WooCommerce activity (read WooCommerce activity logs for more detailed information keeping a log for WooCommerce stores).
Why are there front-end and back-end sensors?
It is important to keep a log of changes that happen on your WordPress website. However, it is also important that the activity log plugin you use does not slow down your WordPress. To make sure WP Security Audit Log plugin has no impact on the front-end of your website, we segregated the front-end sensors from the back-end sensors, so by default it only loads the back-end sensors when users are logged-in, and nothing is loaded when visitors visit your website.
If you want to keep a log of some activities that happen on the front-end of the website, enable the the individual front-end sensor you need. Note that even when you enable a front-end sensor, it will not slow down your website since a sensor’s resources footprint is negligible.