What is a WordPress Audit Trail?

You are here:
Back

An audit trial, also commonly known as audit log, is a security-relevant log in which a chronological record of a sequence of changes and activities are recorded.

Therefore in a WordPress audit trail you would typically find a detailed record of all the changes that happened on a WordPress website. For example you will find information of who logged in and out, who published a post or a page, who installed a plugin, modified a file team and much more. And for every recorded change in the WordPress audit trail the time and date of when such change happened and the IP address from where the user connected will also be recorded. Below is a screenshot of a WordPress audit trail generated with the free WP Security Audit Log plugin.

WordPress Audit Trail

 

Why Do You Need To Keep A WordPress Audit Trail?

Before looking into how you can keep a WordPress audit trail, let’s first take a look at some of the benefits you can take advantage of when keeping a WordPress audit trail:

Keep Track & Monitor WordPress users’ Activity

If you have ever managed a multi-user WordPress website, you are definitely familiar with users’ conflicts. Someone has overwritten someone else’s change, someone changed a setting in a plugin or changed the content of the main page, someone else changed the main menu or its location, yet when you try to find out what exactly happened no one takes responsibility.  Though if you keep a WordPress audit log to record all the changes that logged in WordPress users make you will have a clear record of who did what, when and from where.

Ease WordPress Troubleshooting

In similar scenarios to those described above, sometimes some changes can lead to a problem or an unresponsive WordPress website. Even worse, if it is your customers’ website, most probably the troubleshooting will take forever before according to your customer “no one has done any changes and it broke down on its own”. Troubleshooting an issue without any sort of tips of what might have happened, especially when pressed for time and working on a complex website is very difficult, if not impossible.

On the other hand if you keep a record of all the changes that took place in WordPress audit trail troubleshooting will be very easy. You can use the WordPress audit trail to go back through the changes and identify those that might have led to the existing problem.

Identify Suspicious Behaviour & Thwart Malicious WordPress Hack Attacks

There are several things that if noticed at an early stage, can help you identify a possible malicious attack before it actually happens and before any damage is done to the website. For example numerous failed login attempts and several requests that generate 404 errors are all sings that your WordPress website is being attacked. If such activity is recorded in a WordPress audit trial, and you configure triggers to get alerted via email when such possible malicious activity is noticed on your WordPress you can easily thwart the attack before it happens.

The WordPress audit trail also comes in hand in forensics, if the unfortunate happens and your WordPress website is hacked. For example if you notice an alert that a new WordPress user was created, or users logging in at unusual times and from unusual locations. Forensics are very important because even though your WordPress is hacked, it is very important to find out about the hack attack at the earliest possible, allowing you to mitigate the damage of the attack.

Ensure Your WordPress Meets all Legal & Regulatory Compliance Requirements

pci dss compliantAll WordPress websites that are used for online business have to be compliant to several legal and regulatory compliance requirements, such as PCI DSS (Payment Card Industry Data Security Standard). Apart from the payment standards, there are several other compliance rules and standards for every type of business vertical. One the one thing tat all of these requirements have in common is the requirement to keep an audit trail of everything that is happening on your WordPress website. For security reasons you can also keep the WordPress audit trail in an external database.

How To Create & Keep a WordPress Audit Trail

By default WordPress does not have an audit trail or log. Though you can use the free plugin WP Security Audit Log to keep a comprehensive WordPress audit trail, in which a record of every changes that takes place on your WordPress blogs and websites is kept.

Get More Out of the WordPress Audit Log

You can also use the WP Security Audit Log premium add-ons to extend the functionality of the plugin and benefit more of the WordPress Audit Log. For example you can use the:

  • Email Notifications Add-On to configure triggers to be automatically alerted via email when a specific change takes place on your WordPress,
  • Reports Add-On to generate any type of WordPress report, and to also automatically receive weekly or monthly summary reports via email of the changes that happened on your WordPress,
  • Search Add-On to be able to do free-text based searches in the WordPress audit trail, allowing you to easily track down specific functionality. You can also use filters to fine tune your searches,
  • External DB Add-On to save the WordPress audit log in an external database to boost both the security and performance of your WordPress websites and blogs, and to ensure they meet all legal and regulatory compliance requirements.

Why WP Security Audit Log?

The WP Security Audit Log plugin is used by more than 30,000 WordPress administrators and has the best user rating of all the WordPress audit trail / log plugins. It also has the most comprehensive monitoring and coverage of WordPress.

30,000 WordPress administrators can’t be wrong. Start keeping track of all the changes that take place on your WordPress today. Getting started is really easy!