By default the WP Security Audit Log plugin keeps six (6) months of data in the WordPress activity log (audit trial). Therefore when events are older than six months, they will be deleted from the activity log. You can configure the plugin to keep all data or change the retention period of the WordPress activity log events from the plugin’s settings page, as explained in this post.
For how long should you keep the WordPress activity logs?
This really depends on your business and requirements. Refer to managing WordPress activity logs best practices for more detailed information on this subject, so you can make an informed decision.
Configuring the WordPress activity log retention
You can configure the retention period of the events in the WordPress audit trail by specifying how old the data should be before it is deleted. The WordPress activity log data retention settings are highlighted in the below screenshot.
To configure the audit log retention period:
- Navigate to the plugin settings by clicking on the Settings node,
- Click on the Activity Log tab,
- Select any of the following options:
- Keep all data – this means that no retention period will be configured and the activity logs will be kept indefinitely.
- Delete events older than – use this option to delete events that are older than the configured retention period. You can specify a number of months or years.
Retention settings for Archiving of the WordPress activity log
When you configure the archiving of the WordPress activity log the retention settings are moved to Archiving settings. The archiving feature is available in the premium edition of the WP Security Audit Log plugin with which you can also use the Activity Log Database & Integration tools to save the WordPress activity log in an external database rather than on the WordPress database.