Why & How To Create A Security Audit Log On WordPress For Free

By WP Saviour •  Updated: 02/27/21 •  8 min read

Ever wished that you just had extra details about what’s taking place inside your WordPress dashboard?

In the event you run a website the place you enable different contributors to entry the dashboard, you may need to know what these persons are doing – like whether or not they edit a submit, or add a picture.

Or, even when you’re the one individual with entry to your dashboard, you may want some sort of monitoring to ensure that a malicious person doesn’t get your account credentials someway and begin modifying issues, or that your plugins aren’t making malicious edits to your website’s database.

In each circumstances, a WordPress safety audit log plugin may help you keep on prime of the whole lot that’s taking place. It will provide you with an inventory of all of the actions customers, plugins, and themes carry out in your WordPress dashboard, which can enable you to:

ezoic-7681615

On this submit, I’ll present you add a safety audit log to your WordPress website utilizing a free plugin referred to as WP Safety Audit Log. I’ve been utilizing this plugin for nearly a 12 months at ShoutMeLoud, and it has develop into an integral a part of the listing of should have WordPress plugins.

As a weblog admin, this plugin goes to be very helpful. If you’re a freelancer or an company who manages WordPress for his or her consumer or setup WordPress based mostly web sites, you must set up this plugin and audit the log every so often to make sure the whole lot is alright.

Utilizing a safety audit log plugin, you’ll have the ability to observe when any WordPress person performs any of the next actions:

And for each single change, you’ll have the ability to see the:

Under, I’ll present you how one can get began with your personal safety audit log.

How To Create A Safety Audit Log On Your WordPress Website

To create a WordPress safety audit log without cost, you need to use the WP Safety Audit Log plugin. This well-liked plugin is listed at WordPress.org and is energetic on over 70,000 websites whereas sustaining a 4.7-star score. Additionally they have a premium model that one can think about if they need superior options. Right here at ShoutMeLoud, I’m utilizing the free model.

To get began, set up and activate the plugin at your website. When you’ve performed that, right here’s configure and use it…

Configuring The WP Safety Audit Log Setup Wizard

As soon as you put in and activate the WP Safety Audit Log, it ought to routinely launch a setup wizard:

wordpress-security-audit-log-1-7678471

Click on Begin Configuring the Plugin to start the method.

Subsequent, you’ll select the extent of logging you need. In the event you’re simply working a daily weblog, the Primary degree might be sufficient:

wordpress-security-audit-log-2-4299079

The primary distinction is that Geek provides logging for extra area of interest exercise like:

Geek is an efficient possibility, particularly for security-conscious websites, however once more, Primary needs to be high-quality for many bloggers.

Learn this submit for a full listing of the variations between the 2 monitoring ranges.

When you’ve chosen your logging degree, you’ll be able to select how lengthy you need to preserve the info for. I like to recommend utilizing 6 months or 12 months to keep away from utilizing an excessive amount of database cupboard space. If you wish to preserve the entire knowledge, then you definately want the premium model because it lets you use a separate exterior database to retailer your logging knowledge:

wordpress-security-audit-log-3-1246762

Subsequent, you’ll be able to select who has entry to view your exercise log. By default, solely Directors can view the log. But when desired, you’ll be able to grant entry to particular customers or different person roles.

Until you already know another person wants entry to the logs, I like to recommend leaving this setting on the default (“No”):

wordpress-security-audit-log-4-1232317

Lastly, on the Exclude Objects web page, you’ll be able to exclude particular customers from being logged. If desired, you need to use this to exclude your self from logging. I like to recommend not doing this, although, as there’s a profit to monitoring your self as a result of you’ll be able to see if anybody has gained unauthorized entry to your account:

wordpress-security-audit-log-5-3145272

What you are able to do, although, is exclude your personal IP deal with. That approach, you’ll be able to nonetheless see if another person makes use of your account.

When you click on Subsequent, you’ll see successful display screen and also you’re all completed with the setup course of.

Viewing And Utilizing The Exercise Log

When you end the setup wizard, your exercise log will begin monitoring all of the exercise in your website.

To view a stay stream of the exercise, go to Audit Log → Audit Log Viewer in your WordPress dashboard:

wordpress-security-audit-log-6-1024x493-1672198

This view will present you a primary take a look at the entire exercise in your website.

The Severity column will present you ways probably crucial a change is. Notice {that a} extreme score isn’t essentially dangerous – it simply signifies that you must pay particular consideration to ensure that the exercise was licensed.

And the Person and Message columns will inform you who made the change and what the change was in plain English.

If you wish to see extra details about a selected occasion, you’ll be able to click on on the ‘…’ icon to open a extra detailed view:

wordpress-security-audit-log-7-6640350

The extra detailed view is simply actually useful for builders – however it does present the entire related info if wanted.

That’s just about all there’s to utilizing the log – it’s fairly easy!

Over the time, you must allow/disable the occasions that matter to you. This can be sure that you see solely helpful logs.

enable-disable-security-audit-log-wordpress-6115427

Options of Premium model of WordPress Safety audit log plugin:

The free model of WP Safety Audit Log makes a terrific possibility for many websites, particularly blogs.  In lots of situations, similar to, for businesses, for the WooCommerce WordPress website, a premium model could be extra acceptable. I’ve shared the pricing chart within the later part of this text. For now, this chart reveals the distinction between the free model and numerous premium model plans:

free-vs-premium-version-features-5602339

Right here I’m highlighting three options amongst many, that provides most worth:

Notifications And Stories

To make monitoring your exercise log simpler, the premium model helps you to:

wordpress-logs-email-notifications-1024x986-5825720

Logged In Person Management

The premium model helps you to see an inventory of all of the customers who’re at present logged in to your WordPress website. It additionally helps you to see the place they’re logging in from. And if wanted, you’ll be able to terminate their present session (log them out) with the press of a button.

Exterior Database

If you wish to preserve a everlasting log, it’s higher for efficiency and storage to make use of an exterior database, as a substitute of your WordPress website’s database. The premium model helps you to do that, and it additionally helps you to mirror your audit logs to different instruments like Syslog or Papertrail.

Pricing:

security-audit-log-wordpress-plugin-3254170

Obtain free model | Obtain Premium model

Ultimate Ideas On Creating A WordPress Safety Audit Log

Utilizing a WordPress safety audit log helps you retain your website safer and monitor what actions customers take in your website.

With a plugin like WP Safety Audit Log, you will get this performance without cost and the setup takes only a few minutes to start out logging.

And whereas some particularly security-conscious websites may need the premium model of the plugin, the free model ought to work high-quality for many websites, particularly blogs.

gp-7496155 as-8907981

WP Saviour