What is the WordPress activity log (audit log)?

You are here:
Back to KB search

A lot happens on your WordPress website – perhaps even more than you think. When it comes to security, troubleshooting, and user management, having a system for keeping track of activity on your website is key.

An activity log plugin enables you to do just that. By maintaining a record of user and site changes you can keep your finger on the pulse of your WordPress site. This article explains what is a WordPress activity log and what information you can find in it. It also explains how to keep an activity log on your WordPress website.

What Is an activity log, and what does it track?

An activity log is a log in which a chronological record of a sequence of changes and activities are recorded. A WordPress activity log is a record of events and user changes that take place on your website:

WordPress activity logs

Also sometimes called an ‘audit log’, ‘audit trail’, or ‘security log’, logs are not part of the core WordPress platform. So you need to install the WP Security Audit Log plugin to keep a log of everything that happens on your WordPress websites and multisite networks.

An activity log plugin has sensors for tracking and recording various events. The more sensors a plugin has, the greater its ‘coverage’ will be. The WP Security Audit Log plugin can keep a log of activities such as:

  • Login attempts. This includes successful user logins, as well as failed attempts, and users with multiple active sessions.
  • Content changes. In the activity logs you will find a record of when users create, publish, update or delete content. You will also find information about other content changes. For example when files are uploaded or deleted, and when categories, tags, status, URL, custom fields etc are changed.
  • Comment moderation. Various comment-related activities, such as users approving, deleting, or marking post comments as spam.
  • Plugin and theme installation. This includes installing, activating, updating, deactivating and uninstalling a plugin or theme.
  • System settings & updates. WordPress core updates, including automated ones are tracked. Also changes to the WordPress settings.
  • Multisite network site, system and user changes. As an activity log plugin for WordPress multisite, the plugin keeps a log of all network settings, sites, users and other changes.
  • WooCommerce store, product & other changes. This encompases changes to products, pricing, shipping, tax, units and other settings. Refer to activity logs for WooCommerce for more details..
  • Yoast SEO plugin settings & SEO metabox changes. In your log you will also find or changes done to the on-page SEO of a page. For example when there are keywords, meta descriptions, and search engine visibility. The plugin also keeps a log of Yoast SEO plugin settings changes.
  • Changes in third party plugins and their data. In the activity logs you will also find a record of changes in other plugins. Refer to the list of plugins WP Security Audit Log integrates with for more details on this.

Coverage varies widely across plugins. Make sure to vet any plugin thoroughly to ensure that it tracks the key activities you want to monitor. We have a complete list of changes WP Security Audit Log can keep a log of that you can refer to.

What details are Included in the activity logs?

Some activity log plugins simply inform you when an event happens. However, that is rarely enough to troubleshoot a technical issue, keep track of user changes, and possibly identify suspicious behaviour.

There are several other details you’ll need to know in order for your logs to be useful. Our plugin always reports the following metadata about the activity it keeps a log of:

  • Event ID. A unique code assigned to the type of event to help identify it.
  • Severity level. A simple indicator of how critical the event is.
  • Date and time. When the event occurred.
  • User and role. Who executed the activity, and what their permissions level is.
  • IP address. The IP address of the user who executed the activity.
  • What element of your site the activity impacts.
  • Event type. A general indication of what activity has taken place.
  • Message. A detailed description of what activity or user change has occurred.

Refer to the WordPress activity log metadata guide for more details on the information you can find in the activity log events.

Example: reading and understanding the logs

Here’s an example to help you better understand how these pieces of information work together:

WordPress activity logs

In the image above, you can see quite a few things. For example:

  1. In the third event you can see that the user Robert Abela with administrator role opened the profile page of wpauthor user (event ID: 4014). Later on he changed the role of the user wpauthor from Editor to Author (event ID: 4002 at the top). This event is considered as a critical severity event because it can have an impact on the website’s security. Though it is nothing to be alarmed about if the change is legit.

Refer to the list of activity log severity levels for more information about the different severity levels in the WordPress activity log.

  1. We can also see that the user Miriam Dalli opened a post in the editor. The post status is pending and it is called File integrity scanning for WordPress websites. You can see this in event ID 2100, the one before the last. Then she published it (event ID: 2001) and later on changed the content (event ID:2065).

You’ll notice that in the Message column, you can see all the relevant information you’ll need. For example the post’s title, ID and content type. The activity log then lists the old status, the new status, and a link to view the post. Having all of this information in one place makes it much easier to monitor your site. It allows you to react quickly to potentially-problematic changes.

Details included in the plugin’s activity log entries

As highlighted above, WP Security Audit Log includes a Message column in its reports. This section provides specific insights into the “event type” and “object” involved in each activity.

These details can be especially helpful for WordPress users who manage large, multi-author blogs. For example, in the Message column, you’ll find the following specifics that are relevant to content changes:

  • Title of the post, page or custom post type
  • URL of the post
  • Content status (draft, scheduled, published, etc.)
  • Post category
  • Content changes and visibility
  • Parent content
  • Custom field modifications

For example in case of a change in WooCommerce, you can see the specifics of changes to done to your store or individual items. This will  include references to the following elements in the Message column:

  • Name of the product
  • Status of the product (draft, published, etc.)
  • Product category
  • Prices
  • Product stock status (in/out of stock, back-ordered, etc.), quantity and measurements (weight, dimensions, etc.)
  • Downloadable product file name and URL
  • Store location
  • Store currency
  • Order status
  • Upsells

This list just scratches the surface – there are several other specifics related to your store, products, managers etc that may be mentioned in activity logs as needed.

Why do you need an activity log for your WordPress website? (5 key reasons)

Having access to the overwhelming amount of information an activity log provides may seem unnecessary at first. However, there are many critical situations in which being able to quickly reference your records will come in very handy, as explained below.

1. You can keep track of user changes

Being able to track user changes is helpful and improves user accountability. It can be especially useful for multi-author content hubs such as blogs and news sites. Just to give one example, it can help you track down which of your writers or editors may have been involved in mistakes such as the publication of an incomplete post.

An activity log can also be helpful for monitoring contributions, in order to determine whether everyone is pulling their weight. Plus, WP Security Audit Log provides a link to a side-by-side comparison of content changes, for a more detailed examination of any revisions:

The WordPress revision viewer

Even if you’re not running a content-heavy site. An activity log still helps you keep an eye on general website management tasks. This is key to monitoring any WordPress maintenance professionals involved in your site, as well as catching unauthorized behavior.

2. You’ll simplify WordPress troubleshooting

An unfortunate fact of WordPress is that its many plugins and themes don’t always get along. Conflicts between these tools are one of the leading causes of WordPress errors. These can be annoying and time-consuming to fix.

With an activity log, you can easily pinpoint the last installation or update that occurred before the error. That will often be the source of the problem. By helping you find who did what quickly, your logs will enable you to get your website back to normal without all the guesswork that’s typically involved.

The same applies to most other kinds of user errors that may occur on your site. The activity that took place immediately before the problem started will often hold clues about what you need to do to resolve the issue fast.

3. Identifying suspicious behavior to thwart attacks becomes a reality

There are several events that an activity log can report which may indicate that someone is trying to hack into your WordPress website. For instance:

  • a large volume of failed login attempts from the same IP address within a short period of time,
  • simultaneous sessions from a single user,
  • large numbers of requests to non-existent pages,
  • users logins from strange locations at unusual times

All these can be an indication that an attack is underway. By enabling you to spot these activities early, your activity log gives you the chance to thwart any possible malicious attacks.

4. You streamline the forensic & post-attack recovery process

If a hacker hacks your website, an activity log helps you throughout the clean-up process. With a detailed log of everything your attacker did you can easily spot the changes and infections. Once you know about the changes and infections, it is easy to clean things up.

In addition, your activity log will provide clues as to how the hacker gained entry to your website. This information allows you to can harden your preventative security measures to avoid another breach in the future.

6. Your logs will help towards having a website that meets all legal and industry regulatory compliance requirements

Every business must adhere to several legal and compliance requirements. These requirements are typically stipulated by governing bodies.

Most requirements require businesses to maintain an activity log of changes that happen on their website. Those who deal with sensitive information, such as payment details and medical records often have even stricter obligations.

Ecommerce retailers and business sites also have legal regulations to follow, such as the Payment Card Industry Data Security Standard (PCI DSS). If customers can enter cardholder data on your website, you’ll need an activity log in order to protect card holders and comply with the law, as stipulated in :PCI DSS requirement 10: track and monitor all access.

How to keep a comprehensive WordPress activity log

As mentioned earlier, WordPress does not have activity logs out of the box. This means that in order to keep a log and monitor the events taking place on your site, you’ll need an activity log plugin.

Refer to how to evaluate WordPress activity log plugins to inform yourself on the criteria you should consider when choosing a WordPress activity log plugin. In short, it is important to choose a plugin that offers extensive coverage and reports a high level of detail.

As we’ve showcased throughout this post, WP Security Audit Log offers those very qualities and much more. It stands apart from its competitors by giving you a wealth of information with which to manage and maintain your site and users. The free activity logs plugin  includes everything you need to get started with a WordPress activity log.

Build a rock solid activity logs solution that works for you and your WordPress

What’s more, with the premium edition you can build a complete WordPress activity log solutions with:

  • Instant email and SMS notifications for critical site changes
  • Automated user reports sent to your inbox on a daily, weekly, monthly, or quarterly basis
  • Search and filter functionality, to help you quickly find relevant events
  • Manage where the logs are stored, for example in an external database, for increased security and regulation compliance
  • Mirror the logs to third-party platforms, including Slack and Syslog for easy real-time monitoring

These activity log plugin features help you stay up-to-date on all your site’s happenings for improved user management, troubleshooting, and security.

Managing your WordPress website & users, and keeping it secure

An activity log is a key player in a solid WordPress security strategy, along with general site management and maintenance. Understanding the benefits it can bring to your website is key.