Whether you have one user on your WordPress site, or 1,000 users, it’s vital to keep track of every plugin that is installed, every user that logs in, and every post that is published.
Why? Because you want to make sure that no malicious activity is occurring on your site that could lead to breaches in security.
And if you do have a website with multiple users, you want to be able to track what each user is doing. If one user installs a plugin that crashes the site, you want to be able to know which plugin it was.
And lucky for us, it’s free. You can download WP Security Audit Log from the WordPress Plugin Repository here: https://wordpress.org/plugins/wp-security-audit-log/
What WP Security Audit Log Does
Whenever any user on your site takes an action, WP Security Audit Log will note it and display it in the Audit Log Viewer.
In the Audit Log Viewer, you will see an alert code, the type of alert, the date and time that action was taken, what user took the action, the user’s IP address, and a message to clarify what action was taken.
In the screenshot above, you can see that I created a new user, then installed a plugin, then logged out, and finally logged back in.
Here are just a few of the actions it tracks:
- New user created by another user
- User installs, activated, deactivates, upgrades, or uninstalls a plugin
- User creates/modifies/deletes a new post of pages
- User edits widgets
- WordPress is updated
- Failed login attempts
- Users log in or out
As mentioned earlier, this is perfect if you need to keep track of what users are doing on your site (such as if you have clients or if you need to track user productivity) or if you need to track users for security reasons.
Premium Add-ons Available
This plugin is available for free, but there are some premium add-ons that extend its capabilities.
Get an email notification whenever a specified alert is triggered. You can keep these alerts simple or complex. For instance, you can just have an email sent when a user logs in. Or you can have an email sent when a specific user logs in between midnight and 4 in the morning.
Generate HTML or CSV reports of all alerts. You can specify what sites, users, user roles, alert groups, alert codes, and dates to show in your report. You can then store or print the HTML versions, or even import the CSV version into a program you use to track data.
The more alerts that are generated in WordPress, the harder it can be to find what you are looking for. The Search Extension lets you run a search for a keyword, or even filter by alert ID, date range, IP address, or username.