What is the WordPress Activity Log (Audit Log)?

You are here:
Back

An audit trial, also commonly known as activity log or audit log, is a security-relevant log in which a chronological record of a sequence of changes and activities are recorded.

Therefore in a WordPress activity log you would typically find a detailed record of all the changes that happened on a WordPress website. For example you will find information of who logged in and out, who published a post or a page, who installed a plugin, modified a file team and much more. And for every recorded change in the WordPress audit trail the time and date of when such change happened and the IP address from where the user connected will also be recorded. Below is a screenshot of a WordPress audit trail generated with the free WP Security Audit Log plugin.

WordPress Audit Trail

 

Why do you need a WordPress activity log on your website?

Before explaining how you can keep a WordPress activity log, let’s first take a look at some of the benefits you can take advantage of when keeping a WordPress audit trail:

Keep Track & Monitor WordPress users’ Activity

If you have ever managed a multi-user WordPress website, you are definitely familiar with users’ conflicts. Someone has overwritten someone else’s change, someone changed a setting in a plugin or changed the content of the main page, someone else changed the main menu or its location, yet when you try to find out what exactly happened no one takes responsibility.  Though if you keep a WordPress audit log to record all the changes that logged in WordPress users make you will have a clear record of who did what, when and from where.

Ease WordPress Troubleshooting

In similar scenarios to those described above, sometimes some changes can lead to a problem or an unresponsive WordPress website. Even worse, if it is your customers’ website, most probably the troubleshooting will take forever before according to your customer “no one has done any changes and it broke down on its own”. Troubleshooting an issue without any sort of tips of what might have happened, especially when pressed for time and working on a complex website is very difficult, if not impossible.

On the other hand if you keep a record of all the changes that took place in WordPress audit trail troubleshooting will be very easy. You can use the WordPress audit trail to go back through the changes and identify those that might have led to the existing problem.

Identify Suspicious Behaviour & Thwart Malicious WordPress Hack Attacks

There are several things that if noticed at an early stage, can help you identify a possible malicious attack before it actually happens and before any damage is done to the website. For example numerous failed login attempts and several requests that generate 404 errors are all sings that your WordPress website is being attacked. If such activity is recorded in a WordPress audit trial, and you configure triggers to get alerted via email when such possible malicious activity is noticed on your WordPress you can easily thwart the attack before it happens.

The WordPress audit trail also comes in hand in forensics, if the unfortunate happens and your WordPress website is hacked. For example if you notice an alert that a new WordPress user was created, or users logging in at unusual times and from unusual locations. Forensics are very important because even though your WordPress is hacked, it is very important to find out about the hack attack at the earliest possible, allowing you to mitigate the damage of the attack.

Ensure Your WordPress Meets all Legal & Regulatory Compliance Requirements

pci dss compliantAll WordPress websites that are used for online business have to be compliant to several legal and regulatory compliance requirements, such as PCI DSS (Payment Card Industry Data Security Standard). Apart from the payment standards, there are several other compliance rules and standards for every type of business vertical. One the one thing tat all of these requirements have in common is the requirement to keep an audit trail of everything that is happening on your WordPress website. For security reasons you can also keep the WordPress audit trail in an external database.

How To Keep an Activity Log of  WordPress Changes

By default WordPress does not have an audit trail or log. Though you can use the free plugin WP Security Audit Log to keep a comprehensive WordPress audit trail, in which a record of every changes that takes place on your WordPress blogs and websites is kept. Refer to the list of WordPress activity log events for more details on what changes the plugin can keep a log of.

Get More Out of your WordPress Audit Log

You can also use the premium edition of the WP Security Audit Log plugin to built a complete and robust WordPress logging and monitoring solution. For example you can:

  • Configure email alerts so you are instantly alerted via email when important changes happen on your WordPress,
  • Generate any type of WordPress user activity report and configure daily, weekly, monthly and quarterly summary reports which are sent to you via email,
  • Do text based searchers in the WordPress audit trail, allowing you to easily track down specific functionality. You can also use filters to fine tune your searches,
  • Save the WordPress security audit log in an external database to boost both the security and performance of your WordPress websites and blogs, and to ensure they meet all legal and regulatory compliance requirements.
  • Integrate the WordPress audit log in your central log management systems and much more!

Why WP Security Audit Log?

The WP Security Audit Log plugin is used by more than 70,000 WordPress administrators and has the best user rating of all the WordPress audit trail / log plugins. It also has the most comprehensive monitoring and coverage of WordPress.

70,000 WordPress administrators can’t be wrong. Start keeping track of all the changes that take place on your WordPress today. Getting started is really easy!