Security

WP Security audit log

Support page
Go to WP Security audit log
WP security audit log banner
16th Feb, 2019

WP Security audit log

On a recent project I had to log the changes made by WordPress users who were logged in the system. I manually made a custom post type which recorded user activity and created new posts based on that. However I was wondering if there was any plugin out there who could log user’s behaviour.

After some searching I stumbled on WP Security audit log. Let’s put this plugin to its paces.

Functionality

Firstly you need to know that WP Security audit log doesn’t secure your site in any way. What it mainly does is log the activity of all the users of your WordPress installation.

Let’s get down to it:

Install the plugin first. After that head over to Sidebar > WP Security Audit log and you should be able to see an activity log of users.

Note that this plugin won’t show information of user activity before you’ve installed the plugin.

While you’re at it, also disable the upsell.

Aw hell no!
Aw hell no!

As you can see, WP Security Audit log(audit log from now on) logs various activities and collects the IP address of the user as well as a small dump of user data and saves it for you. This can be pretty useful if you want to:

  • Trace a particular user’s behavior and see if they aren’t up to doing anything fishy.
  • Figure out who was the person who just accidentally deleted the homepage(oops)
  • Get the activity of a malicious user who has logged in from a hacked account.

By default, Audit log records all kinds of activities ranging from approving a comment to system activity such as WordPress being auto updated.

However, you may want to toggle some kinds of activities from being logged and Audit log gives fine-grained control over that. Head over to Sidebar > Audit log > Enable/Disable Events and edit the events to be logged. From here you have fine-grained control over the activity to be logged.


Other than this, Audit log offers 3rd party integration via add-ons. Say for eg, you want to send your audit data to 3rd party tools such as

Documentation

There isn’t much in terms of developer support. Would be good to have a action or something which can be triggered for custom activities.

As for documentation, the plugin is fairly simple and most questions regarding the plugin are answered in the faqs.

Support & Pricing

Support

WP Security Audit log has a extensive faq page where they list out all the gotchas you may possibly encounter. Other than that, they offer premium support if you’ve purchased a license.

Pricing

The core plugin is freely available from the WP plugin repository. You can also get a paid version for extra features such as:

  • Email notifications
  • Audit log search
  • Session management
  • Premium support

And more.

Starter Professional Business
$89 $99 $189

You can only use the paid version for a single site. You can always buy in bulk for more sites for cheaper. The different versions give varying access to premium features.

I reckon you should be fine with the free version for most of the time. However it would be worth investing in a Professional version to get the search and session management features if you’re running a user based WordPress website.

TLDR

A very straightfoward plugin to track WordPress user’s activities. Gives fine grained control over the activities to be logged.

Features

GDPR ready Yes
Email notifications Yes - in the paid version
API No

Verdict

Wp Security Audit log does a great job of tracking admin events and comes with solid documentation. You can also send logged information to 3rd party services for a better..

  • Does exactly what is says on the tin - logs user activity

Helpful disclosure

Our works are supported by earning an affiliate commision
when readers choose to purchase a plugin based our reviews.

Leave a Reply

Your email address will not be published. Required fields are marked *