Activity logs (also known as audit logs) are become popular in the WordPress ecosystem and many administrators, consultants and website owners are installing the WP Security Audit Log plugin to keep a log of all the changes that happen on theirs and their customers’ websites and blogs.
Logs are like an insurance; they go unnoticed most of the time, but they are priceless those few times that you need them, when you need to find out who installed a plugin last week that most broke something on the website, or who was the user that deleted the top performing blog post, or changed some content.
If you are using WP Security Audit Log Premium you can use the Search and Filters functionality to easily track down a specific functionality. Though if you are not using the premium edition there is still a way to look for a specific change in the WordPress audit log, though it requires a bit more work, as explained below.
Search by Using the WordPress Audit Log Column Sorting
As can be seen from the above screenshot, the WordPress audit log has six columns:
- Alert ID
- Username & Role
- Source IP
The alerts in the audit log viewer can be sorted in ascending or descending order by Alert ID, Date, User and Source IP address.
Searching for a Specific Change
Therefore if for example you would like to check who installed the FakerPress plugin on your website, you should be looking for Alert ID 5000, which is used to keep a log that a plugin is installed. Refer to the complete list of WordPress audit log alerts for a detailed list of all the alerts and their IDs.
To sort the alerts by alert ID click on the Alert ID column title to sort the alerts in the WordPress audit log by Alert ID. Once the alerts are sorted by Alert ID, a small arrow appears in the Alert ID column title, as can be seen in the below screenshot.
Use the page navigation arrows highlighted below to browse through the WordPress Audit Log until you find all of the Alerts with ID 5000. If you have a lot of alerts, you can manually specify the page number to skip a number of pages instead of n manually browsing through the audit log one page at a time. Once you find the page where all the alerts with ID 5000 are, check which of the alert is about the FakerPress plugin. When a new plugin is installed, the plugin keeps a record of who installed it, when and from where the user was logged in, and the plugin’s name and path, as can be seen from the the below screenshot.
Search by Date & Username
You can use the same concept of sorting if you have a rough idea of when a change happened, or if you would like to find a specific change a user did. Click on the Date or User columns to sort the alerts in the WordPress audit log by date or WordPress username.
Then use the page navigation buttons to browse through the audit log or manually enter the page number to skip to a specific page.
Upgrade to Premium for Free Text Search & Filters
The above might not be the most efficient way of searching for a specific change that happened on a WordPress website, but it still allows you to find what you are looking for. If you are looking for something more efficient, upgrade to WP Security Audit Log Premium which has a free text search functionality, as highlighted in the below screenshot.
The Search functionality in WP Security Audit Log also has filters, which you can use to fine tune your search results and easily find what you are looking for. For example in the below screenshot we used the free-text search to search for FakerPress, and we are also setting up a filter for Fist Name robert, so the results will be all those alerts which have fakerpress mentioned but are generated by the user with Robert as a first name.