At any point in time, any website may break down. In many cases, weak security measure and lack of proper site activity monitoring is the reason for that. On top of it, numerous hacked website becomes the target of malicious actions every day. So overcoming this challenge of protecting the site's security is indeed a major concern for most website owners.
This is when you need to have a compact WordPress Security plugin for your website. There are many security & activity tracking plugins available on wordpress.org. But today, we will be talking about WP Security Audit Log in detail.
Whether it is a simple user post or monitoring the file's transaction on the website, all these WordPress Security and activity log plugins keep a track of every detailed record of your WordPress site activity. Not only that, these plugins help you identify security issues to solve it even before it becomes a major security problem for your WordPress website. With their immense activity monitoring ability, these WordPress Security plugins record every post that is being added, deleted, or moved from the backend by the logged-in users of the website. And one such plugin is the WP Security Audit Log that also takes care of all your site's security concerns.
Today we will be discussing the features, benefits, pros/cons of WP Security audit log. So should you consider using this plugin for your WordPress website? let's find here.
Essentiality of Security Activity Logs & Monitoring
Before getting into the details of WP Security Audit Log Plugin, let's find out why monitoring security logs can be useful for your website.
Ease the Troubleshooting of WordPress Technical Issues
Almost all web hosts keep error logs, which contain information about the bugs and issues that occur when running the website. These logs come in handy later on because should there be a problem on the website, the first place web hosts will look into are the error logs. Logs allow you to save a lot of time and easily identify and resolve technical issues of WordPress sites.
Troubleshooting of the website is much easy with the presence of error logs data. The information is already present in the web host server but not many people would easily get it unless they are well trained. So besides the benefits of recording all bugs and errors, the WP Security Audit log plugin ensures the following advantages:
Website User Activities
It is important to know what your users are doing, especially if you have a large team of people collaborating on your website. The plugin keeps a record of what users are doing, including the date & time. It keeps a log of user activity such as when users create and publish posts, upload file, install, activation or update, and more.
WordPress Site Security & Protection
There is no doubt that WordPress sites are constantly targeted by malicious hack attacks. And protecting your website from hacking is challenging. You cannot stop the hackers from attacking your site, but you can always stay a step ahead of them by knowing the methods they are using when trying to exploit issues on your website. By keeping an activity log you will be able to identify all those unusual activities even before it creates a big concern for your website.
More Benefits to Keeping an Activity Log on Your WordPress Site
It's true that most WordPress sites survive even without any security activity log plugin installed on them. Many others survive without the most basic type of security. Though why risk it? It’s only a matter of luck. In the case of security, prevention is better than cure – better to be safe than sorry. Use a compact security log plugin such as WP Security Audit log and it will certainly come in handy.
So we have already established the importance of using a Security log plugin on our WordPress website. But to understand the detail essentiality and usability of WP Security Audit Log plugin we have done some testing ourselves.
So to evaluate this plugin properly, let's begin with the analysis of the menu functionality of WP Security Audit Plugin.
What's on the menu list of WP Security Audit Log plugin?
This is what you look at when you click your installed WP Security Audit Log plugin in your WordPress Dashboard menu. The Menu of Audit log consists of all the attributes that need to manage & control the plugin for all your website audit trails. The menu list has the link to Audit Log Viewer, Enable/Disable Alerts, Logged In Users, Email Notifications, Reports, DB & Integrations, Search, Settings, Help, Contact Us, and finally Upgrade.
Audit Log Viewer
This tab in the Audit log menu shows the log of all the activity that is taking place on your WordPress website in real-time. It very nicely displays the log as a list categorizing them by an Event ID, Severity Type, Date, Username, User, role, user avatar, Source IP address, and the actual change message. Overall the log viewer looks well defined and cutting-edge.
This section allows you to either enable or disable every event individually or to select the activity log detail level. Considering we are dealing with a comprehensive activity log WordPress plugin, there are a lot of events here. To help you better distinguish and segregate events, where necessary you’ll notice subcategories, as shown in the below screenshot.
Being a comprehensive activity log solution for WordPress, there are quite a few settings available. Though since version 2.3 the plugin developers vouched that they will focus on ease of use, user-friendliness and a better user experience. And they did deliver. The settings are well segregated and every setting is well explained.
In this section you will find the generic plugin settings, mainly:
- Enabling and disabling of the dashboard widget and admin bar notification.
- Login page notification which is typically required by law.
- Reverse proxy and web application firewall support, in case your WordPress site is running behind one.
- Plugin settings privileges – by default only administrators are allowed to configure the plugin, but you can allow other users or users with roles.
- Activity log viewing privileges – the same as above.
- Email address and display name configuration – when configured to do so, the plugin can send a series of emails. Here you can specify the email address and display name the plugin should use as an address in these emails.
- Hide plugin in plugin pages – this is particularly useful if you have other administrators on the website and you do not want to show them you’ve installed the activity log plugin.
Activity Log Settings
In this section, you can configure all the settings related to the activity logs and the data. Below is the list of settings available:
- Activity log retention – you can configure the plugin to keep all data or automatically purge activity log data that is older than the configured time.
- Events timestamp – for every event in the activity log, the plugin records the date and time it happened. This option allows you to configure which timezone to use, which could be either UTC of the timezone configured on your site.
- User information display – by default the plugin shows the username of the user doing the change in the activity log, though you can configure it to show the first and last name or the configured display name.
- Activity log column selection – from this setting, you can specify which of the columns should be displayed in the activity log.
- Activity log auto refresh – use this setting to specify if the activity log should auto refresh on updates.
- WordPress background activity – WordPress runs a lot of tasks in the background, such as deleting old post revisions etc. Use this setting to specify if the plugin should keep a log of such activity.
File Integrity Scan Settings
The WP Security Audit Log plugin also has a WordPress site files integrity scanner. This means that the plugin keeps a log whenever a new file is added to your WordPress site or multisite network, or when an existing file is modified or deleted.
In this section, you can configure all of the file integrity checker settings such as when the scans should run, which file types to ignore and similar other settings.
In this section, you can exclude objects from the activity log. I personally wouldn’t recommend excluding anything from the logs, otherwise, there is no guarantee that nothing is being tampered. Though in case you need to, you can exclude:
- WordPress users
- IP Addresses
- Post types
- Custom Fields
- Non-existing URLs (if you have a broken URL and you know about it and do not want the plugin to report it, add it here)
In his section, you will find the advanced plugin settings that most users will never use. Basically, from here you can:
- Enable or disable the Request log, which you should only enable for troubleshooting purposes.
- Reset the plugin settings to default.
- Purge the activity logs.
- Enable or disable the MainWP Child Site Stealth Mode.
- Configure the plugin to delete all data upon uninstall.
The following five menu entries, listed below are for the premium edition. They are clearly highlighted with an upgrade arrow. These are:
- Logged In Users – in the premium edition, here you can see who is logged in to your site in real time and their latest event and change
- Email Notifications – here you can configure email notifications so you are instantly alerted when important occur happen on your WordPress site
- Reports – the plugin also allows you to generate a variety of reports from the activity logs. Reports are typically used for management, business and to meet regulatory compliance requirements.
- DB & Integrations – in this section you can configure the plugin to store the activity log in an external database, and can also configure archiving and mirroring of the activity log to systems such as Papertrail, Syslog and Slack.
- Search – Once you upgrade to premium you can also do texts searches in the activity log and use the selection of filters to filter the search results and find what you are looking for as quickly as possible.
Key user benefits of using WP Security Audit log plugin
As we have seen, the WP Security Audit Log is a very comprehensive activity log plugin. As a matter of fact, if set up properly it can be configured as a WordPress Intrusion Detection System (IDS). So should you use this plugin? Certainly so if you want to:
- Track all WordPress user activity: At any moment you may experience fishy activities on your websites. You can track any malicious attack or unusual posts or changes made from the backend without your permission.
- Identify and troubleshoot issues quicker: Sometimes a customer may call or informs about any problem on your website. But not knowing what the issue is and taking too long to respond will lead to a negative impact. Which may leave the customer unsatisfied with your services in the near future. So with this Security Audit Log Plugin, you can identify any such events and take prompt action right away.
- Track login attempt: Any outsiders or fake users may take a shot at unauthorized log into your site. But with WP Security Log Plugin it records and lets you monitor any such failed attempts including their IP addresses. Not only that it keeps a record of the number of times those users attempted to login like that.
- View Plugin and Theme installation record: Any user may install unwanted plugin or theme that might slow down your system. So the WP Security audit log plugin records a complete list of all those installed plugins or themes. Uninstall or remove them after checking the records if you feel those items are slowing down your website capacity.
- Monitor unauthorized change of file & upload: Any unauthorized user may willingly or unwillingly change, delete or upload files that may make your website vulnerable to security threats. With WP Security Audit Log, you can track which user edited, deleted or uploaded any dubious files on the website.
- Track widget changes: It also helps you track any addition or removal of a widget on your website. This is useful when an important widget goes missing or added without your knowledge.
Even though this plugin does what it promises to do. And it already seemed quite user-friendly too. But yet there is one minor thing that we feel if changed it can do much better than it is already doing. This issue might not be a big one for everyone yet it needs proper addressing to improve this plugin.
No free extension: There are like 5 extensions for this plugin and none of which comes for free. So we feel it would be better to include one or two add-ons for free. The email notification and search add-ons should get automatic inclusion in the plugin for free.
Advice for Multi-vendor marketplace owners: The online multi-vendor marketplace is a booming business point in WordPress. So for a multi-vendor marketplace owner, tracking down security and audit logs can be of major concern. But this can be done easily with the WP Security Audit Log plugin. So for all owners of WordPress multi-vendor marketplaces like Dokan, this plugin can be quite a handy one to track down all the activities of vendors/customers and their logging details.
After this post, there is definitely no dispute in mind about the importance of keeping an activity log on your WordPress site, and how it can help you improve the site’s security and also management. We have just seen how activity logs can help you easily better protects your site, track down possible security issues, and more. And even more on multi-user websites, it provides all the necessary tools to monitor users and contrive productivity.
So if you ask us for an activity log plugin for your WordPress site we will honestly recommend using the WP Security Audit Log plugin. Yes, there are other available free solutions, such as WP Stream and Simple History, though if you are serious about activity logs you will notice that even the free edition of the WP Security Audit Log plugin is far more superior to other available solutions.
And of course, there is the option to upgrade to a premium activity log solution, which has all the features businesses and enterprises need to build an activity log solution and integrate it with other systems to better manage their WordPress sites and multisite networks.
Keep an Activity Log on Your WordPress Site
Surely, there are some WordPress security plugins such as Wordfence Security, Sucuri Security – Auditing, Malware Scanner and Security Hardening, Shield Security for WordPress, All In One WP Security & Firewall
And so if you are willing to give a shot at WP Security Audit Log, you can download the plugin from wordpress.org. It will probably take only 5 minutes to install and configure it for your WordPress website.
By the way, have you used any of the above-mentioned WordPress security plugins yet? If you have already used any of these plugins then do share your experience with us in the comments below.