Running a WordPress website is a lot of work.
Yes, you have some amazing plugins today to publish content, ensure website security, take regular backups, and keep the software up to date. But it’s still a lot of work. Also, WordPress and plugins keep releasing updates, it becomes hard to keep track of what’s happening on your website.
You don’t want to wake up one fine day to find your website updated and some plugin caused your website to crash. Or someone hacked your website. Or the login accounts to your membership sites sold on warez sites.
That’s why – whether you’re a one-man juggernaut or have a team managing your WordPress website, you need a way to find out what’s happening and what’s changed.
Generally, an audit log plugin will help you:
- Keep track of user, content, settings, plugins, and theme changes.
- Simplify troubleshooting when things go wrong.
- Identify suspicious behavior and prevent attacks.
- Have a clear post-attack recovery strategy.
- Keep a log of activities to comply with legal and industry regulations.
In this article, we’ll review the WP Security Audit Log, with which you can keep a log of changes that happen on your website, and give you our verdict on if it is the right audit plugin for your WordPress website.
Let’s get started.
What is WP Security Audit Log?
WP Security Audit Log is a WordPress plugin built by the team at WP White Security.
It helps administrators keep track of user activity and changes on WordPress websites.
The WordPress.org version has 1,00,000+ active installations. It supports multisite networks right out of the box and allows you to monitor all user activity on your website.
WP Security Audit Log is also available in a premium version and is used by some big names including Amazon, Disney, Intel, and Yellow Pages.
Installation & Activation
The free edition, available in the official WordPress repository. It can be installed and activated just like any other WordPress plugin.
- From your WordPress Admin Dashboard > Plugins > Add New, search for “WP Security Audit Log”.
- Click on the Install Now button to download the plugin. Once downloaded click on the Activate button to activate the plugin.
To install the premium edition:
- Upload the plugin from your WordPress Admin Dashboard > Plugins > Add New.
- Install and activate the plugin.
- Enter your license key to activate the license.
Once the plugin is activated, you will notice a new menu in the left-hand navigation of your WordPress dashboard.
Let’s take a look at the features offered by WP Security Audit Log.
The Audit Log Viewer
As the name suggests, the audit log viewer is from where you can see a log of all changes happening on your website. To access this log, go to Audit Log > Audit Log Viewer in your WordPress admin dashboard.
The activity log plugin keeps a track of changes such as:
- Login attempts & changes to user profiles
- Changes to content
- Changes to comments
- Changes in plugins & themes
- Changes in WordPress settings
- Changes in multi-site settings, users and content
- Changes to WooCommerce products & store settings
- Changes to settings of popular third-party plugins including Yoast, BBPress, Advanced Custom Fields Pro, and Paid Memberships Pro.
You can also use the free-text search and filters to search for a specific activity in the logs For each event logged in the audit log, the following details are recorded:
- Severity level: indicates the criticality of the event (informational, low, medium, high).
- Date & time: when the event occurred.
- User and role: who caused the event, and what was their permission level.
- IP address: from where the activity, that caused the event, was carried out.
- Object: the object about which the event is about. For example, user, post or product.
- Event type: classifies the event (for ex. Opened, Published, Activated, Deactivated, Uninstalled, etc.)
- Message: A detailed description of the activity that caused the event.
SMS & Email Notifications
While the audit log is an awesome feature, it’s impractical to go over hundreds of log messages every single day.
That’s why WP Security Audit Log also has SMS & Email notifications. You can configure:
- When you want to trigger the alert,
- And whom to send the alert to.
You can also change the templates for both SMS and Email alerts.
WP Security Audit log also sends a daily activity log email. The email contains details such as:
- User logins
- Failed logins
- Password changes
- Content changes
- WordPress settings changes
- Plugin & theme activity
User Sessions Management
WP Security Audit Log keeps a real-time track of who’s logged in to your website, and what they are doing.
It also has a neat little feature to manage user sessions. In case you’re wondering why you need user session management, consider these scenarios:
- Suspect a hacker attack? WP Security Audit log allows you to terminate all user sessions with one click.
- Run a membership site & don’t want users to share accounts? Terminate duplicate sessions or limit the number of duplicate sessions. You can also configure the plugin to block or limit the number of duplicate sessions a user can have.
You can also set up the WP Security Audit Log to terminate idle user sessions. The plugin runs a cron job to check user sessions that are idle for certain hours (customizable from Audit Log > Logged In Users in your WordPress admin dashboard).
Statistics & Reports
With WP Security Audit Log, you can also generate detailed audit log reports for all objects in WordPress including Users, Content, Settings, Themes, and Plugins.
Reports can be generated in both CSV and HTML format and can also be scheduled and pre-configured so they are automatically sent to you over email on a daily, weekly, monthly or quarterly basis.
Database management and integrations with third-party services
By default WP Security Audit log stores the logs in separate tables of your WordPress database.
However, you can choose to store the WordPress activity log in an external database for security or compliance reasons. The activity logs can also be mirrored to third-party services such as Slack, Papertrail and SysLog, for easy real-time monitoring.
You can set up the plugin to an external database from Audit Log > DB & Integrations in your WordPress admin dashboard. To use an external database store:
- Create a connection with the external database.
- Configure the connection to the store, archive and mirror your connection log.
Pricing & Licenses
The free edition of the plugin is available from the official WordPress plugin repository.
The premium edition is available in three different plans; Starter, Professional, and Business plans. Premium plans start from $89 per year. Here’s a quick comparison between the plans.
Check out the pricing page to learn more about premium plans and features.
Is WP Security Audit Log right for you?
Whether you run a single or a multi-user blog, you need to keep track of what’s happening in your WordPress website and multisite network.
A comprehensive audit log will help you troubleshoot problems, find who & what caused the problem, keep track of user activities and identify suspicious behavior on your website. And that’s precisely where WP Security Audit Log can help.
The free edition of the plugin has 237 five-star ratings. Ratings from the last three months are all 5-star.
Here’re the latest three five-star rating reviews:
I’d like to give 5 stars to the plugin and double that for the service. The developers of the plugins are so communicative and professional. Any issue they answer in less than 24 hours. Very rare attention that I wish more developers had.– Fantastic Plugin!
This plugin is excellent – does everything it’s supposed to do. The developer is very responsive to support requests. This is a must-have plugin for anyone who’s remotely concerned about logging & security (which should be everyone!).– Excellent Plugin & Support
WP Security Audit Log scores a solid 4.5 out of 5 ratings from our review experts. Here’re the details:
|Ease of Use||5/5|
|Support||4/5||Priority support is only available in the business plan|
|Documentation||4/5||Comprehensive, but we missed video tutorials|
|Value for Money||5/5|