Firstly you need to know that WP Security audit log doesn’t secure your site in any way. What it mainly does is log the activity of all the users of your WordPress installation.
Let’s get down to it:
Install the plugin first. After that head over to Sidebar > WP Security Audit log and you should be able to see an activity log of users.
Note that this plugin won’t show information of user activity before you’ve installed the plugin.
While you’re at it, also disable the upsell.
As you can see, WP Security Audit log(audit log from now on) logs various activities and collects the IP address of the user as well as a small dump of user data and saves it for you. This can be pretty useful if you want to:
- Trace a particular user’s behavior and see if they aren’t up to doing anything fishy.
- Figure out who was the person who just accidentally deleted the homepage(oops)
- Get the activity of a malicious user who has logged in from a hacked account.
By default, Audit log records all kinds of activities ranging from approving a comment to system activity such as WordPress being auto updated.
However, you may want to toggle some kinds of activities from being logged and Audit log gives fine-grained control over that. Head over to Sidebar > Audit log > Enable/Disable Events and edit the events to be logged. From here you have fine-grained control over the activity to be logged.
Other than this, Audit log offers 3rd party integration via add-ons. Say for eg, you want to send your audit data to 3rd party tools such as