How To Create A Security Audit Log On WordPress For Free

Keeping a record of every change that happens on your WordPress website and multisite network in a WordPress activity log is very easy. Just install WP Security Audit Log, the most comprehensive WordPress activity log plugin.

This getting started guide will help you get started with WP Security Audit Log. It includes all the information you need to configure the plugin to meet your logging and monitoring requirements.

What Can You Track With A Security Audit Log Plugin?

Using a security audit log plugin, you’ll be able to track when any WordPress user performs any of the following actions:

Post, page, or custom post type changes
Tag or category changes
Widgets or menu changes
User profile changes
User activity (like logins, logouts, failed logins etc.)
WordPress core and settings changes
Plugin and theme changes
Database changes (including those made by plugins and themes)
Changes for some popular plugins, like WooCommerce or bbPress

Features and Usage

The WP Security Audit Log plugin keeps a detailed log of all of the activity that takes place on your site through the admin dashboard. The list of security alerts is very extensive, with some highlights including:

User published a blog post and modified a published WordPress page.
User modified a widget and changed a theme file using the theme editor.
The role of a user was changed by another WordPress user.
User activated a WordPress plugin.
PHP Shutdown error.
New network user created.

Install and activate the plugin

The free edition of the WP Security Audit Log plugin is available on the official WordPress plugins repository. To install the plugin on your WordPress website follow the below steps:

Navigate to the Plugins page in the WordPress dashboard and click the Add New button.
Search for WP Security Audit Log and then click the Install Now button in the plugin dialogue box.

When the plugin installation is complete click Activate Plugin to activate the plugin.
Upon activating the plugin you will be asked if you want to launch a startup wizard to assist you to configure the basics of the plugin.

The wizard will assist you to configure the:

level of detail of the activity log.
activity log retention policies.
activity log privileges.
exclusion of objects from the activity log.

Once you are ready with the wizard the plugin will automatically start keeping a record of all the changes that happen on your website in the WordPress activity log, as seen in the below video.

Changes that the plugin can keep a record of:

Post, Page and Custom Post Type changes such as status, content changes, title, URL, date and custom field changes.
Tags and Categories changes such as creating, modifying or deleting them, and adding or removing them from posts.
Widgets and Menus changes such as creating, modifying or deleting them.
User changes such as user created or registered, deleted or added to a site on the multisite network.
Profile changes such as password, email, display name, and role changes.
User activity such as login, logout, failed logins and terminating other sessions.
WordPress core and settings changes such as installed updates, permalinks, default role, URL and other site-wide changes.
WordPress multisite network changes such as adding, deleting or archiving sites, adding or removing users from sites etc (activity logs for multisite networks).
Plugins and Themes changes such as installing, activating, deactivating, uninstalling and updating them.
WordPress database changes such as when a plugin adds or removes a table.
Changes on WooCommerce Stores & Products, Yoast SEO, Advanced Custom Fields (ACF), MainWP and other popular WordPress plugins.
WordPress site file changes such as new files are added, or existing ones are modified or deleted.

For every event that the plugin keeps a log of it also reports the:

Date & time (and milliseconds) of when it happened.
User & role of the user who did the change.
Source IP address from where the change happened.

Upgrade to WP Security Audit Log Premium to:

See who is logged.
See what everyone is doing in real time.
Log off any user with just a click.
Generate HTML and CSV reports.
Export the activity log in CSV (ideal for integrations).
Get instantly notified via email of important changes.
Search the activity log using text-based searches.
Use built-in filters to fine tune the searches.
Store activity logs in an external database to improve security.
Integrate & centralize the WordPress activity log in syslog, Papertrail, and other third-party log management solutions.
Configure archiving and mirroring of logs.

Free And Premium Support

Support for the WP Security Audit Log plugin on the WordPress forums is free.

Premium world-class support is available via email to all WP Security Audit Log Premium customers.

Paid customers support is always given priority over free support. Paid customers support is provided via one-to-one email and over the phone.

Support and Documentation

As this plugin has been developed by an IT security firm, there is a lot of good advice on the company blog about securing your WordPress site and protecting it from attack.

The team offers support via email or you can use the sub-forum for the plugin on the WordPress.org Plugin Directory to post a question.

The team also offer a number of WordPress services such as security hardening, malware removal, and website security audits.

Conclusion

This plugin is a great addition to any WordPress site. It’s a good choice for those running a multi-author or multi-user WordPress site. They can easily keep track of who is doing what, and when they last logged into the site, including changes to settings and theme files. As this plugin works with WordPress Multisite networks, it’s also a great choice for those managing a network of websites from one installation.