Best WordPress PluginsBlog

Why & How To Create A Security Audit Log On WordPress For Free

Ever wished that you just had extra details about what’s taking place inside your WordPress dashboard?

In the event you run a website the place you enable different contributors to entry the dashboard, you may need to know what these persons are doing – like whether or not they edit a submit, or add a picture.

Or, even when you’re the one individual with entry to your dashboard, you may want some sort of monitoring to ensure that a malicious person doesn’t get your account credentials someway and begin modifying issues, or that your plugins aren’t making malicious edits to your website’s database.

In each circumstances, a WordPress safety audit log plugin may help you keep on prime of the whole lot that’s taking place. It will provide you with an inventory of all of the actions customers, plugins, and themes carry out in your WordPress dashboard, which can enable you to:

  • Monitor Actions inside WordPress dashboard
  • Spot suspicious habits
  • Keep organized
  • Simpler auditing of WordPress adjustments

On this submit, I’ll present you add a safety audit log to your WordPress website utilizing a free plugin referred to as WP Safety Audit Log. I’ve been utilizing this plugin for nearly a 12 months at ShoutMeLoud, and it has develop into an integral a part of the listing of should have WordPress plugins.

As a weblog admin, this plugin goes to be very helpful. If you’re a freelancer or an company who manages WordPress for his or her consumer or setup WordPress based mostly web sites, you must set up this plugin and audit the log every so often to make sure the whole lot is alright.

Web page Contents

What Can You Observe With A Safety Audit Log Plugin?

Utilizing a safety audit log plugin, you’ll have the ability to observe when any WordPress person performs any of the next actions:

  • Submit, web page, or customized submit sort adjustments
  • Tag or class adjustments
  • Widgets or menu adjustments
  • Person profile adjustments
  • Person exercise (like logins, logouts, failed logins and so forth.)
  • WordPress core and settings adjustments
  • Plugin and theme adjustments
  • Database adjustments (together with these made by plugins and themes)
  • Modifications for some well-liked plugins, like WooCommerce or bbPress

And for each single change, you’ll have the ability to see the:

  • Username of the one that made the change
  • Date and time when the change occurred
  • IP deal with of the person who made the change

Under, I’ll present you how one can get began with your personal safety audit log.

How To Create A Safety Audit Log On Your WordPress Website

To create a WordPress safety audit log without cost, you need to use the WP Safety Audit Log plugin. This well-liked plugin is listed at and is energetic on over 70,000 websites whereas sustaining a 4.7-star score. Additionally they have a premium model that one can think about if they need superior options. Right here at ShoutMeLoud, I’m utilizing the free model.

To get began, set up and activate the plugin at your website. When you’ve performed that, right here’s configure and use it…

Configuring The WP Safety Audit Log Setup Wizard

As soon as you put in and activate the WP Safety Audit Log, it ought to routinely launch a setup wizard:

wp security audit log setup wizard

Click on Begin Configuring the Plugin to start the method.

Subsequent, you’ll select the extent of logging you need. In the event you’re simply working a daily weblog, the Primary degree might be sufficient:

logging level

The primary distinction is that Geek provides logging for extra area of interest exercise like:

  • Altering widget positions
  • Altering menus
  • Enabling trackbacks
  • Modifying database tables
  • …extra

Geek is an efficient possibility, particularly for security-conscious websites, however once more, Primary needs to be high-quality for many bloggers.

Learn this submit for a full listing of the variations between the 2 monitoring ranges.

When you’ve chosen your logging degree, you’ll be able to select how lengthy you need to preserve the info for. I like to recommend utilizing 6 months or 12 months to keep away from utilizing an excessive amount of database cupboard space. If you wish to preserve the entire knowledge, then you definately want the premium model because it lets you use a separate exterior database to retailer your logging knowledge:

log retention

Subsequent, you’ll be able to select who has entry to view your exercise log. By default, solely Directors can view the log. But when desired, you’ll be able to grant entry to particular customers or different person roles.

Until you already know another person wants entry to the logs, I like to recommend leaving this setting on the default (“No”):

grant access

Lastly, on the Exclude Objects web page, you’ll be able to exclude particular customers from being logged. If desired, you need to use this to exclude your self from logging. I like to recommend not doing this, although, as there’s a profit to monitoring your self as a result of you’ll be able to see if anybody has gained unauthorized entry to your account:

exclude objects

What you are able to do, although, is exclude your personal IP deal with. That approach, you’ll be able to nonetheless see if another person makes use of your account.

When you click on Subsequent, you’ll see successful display screen and also you’re all completed with the setup course of.

Viewing And Utilizing The Exercise Log

When you end the setup wizard, your exercise log will begin monitoring all of the exercise in your website.

To view a stay stream of the exercise, go to Audit Log → Audit Log Viewer in your WordPress dashboard:

WordPress security audit log

This view will present you a primary take a look at the entire exercise in your website.

The Severity column will present you ways probably crucial a change is. Notice {that a} extreme score isn’t essentially dangerous – it simply signifies that you must pay particular consideration to ensure that the exercise was licensed.

And the Person and Message columns will inform you who made the change and what the change was in plain English.

If you wish to see extra details about a selected occasion, you’ll be able to click on on the ‘…’ icon to open a extra detailed view:

alert data inspector

The extra detailed view is simply actually useful for builders – however it does present the entire related info if wanted.

That’s just about all there’s to utilizing the log – it’s fairly easy!

Over the time, you must allow/disable the occasions that matter to you. This can be sure that you see solely helpful logs.

Options of Premium model of WordPress Safety audit log plugin:

The free model of WP Safety Audit Log makes a terrific possibility for many websites, particularly blogs.  In lots of situations, similar to, for businesses, for the WooCommerce WordPress website, a premium model could be extra acceptable. I’ve shared the pricing chart within the later part of this text. For now, this chart reveals the distinction between the free model and numerous premium model plans:

Right here I’m highlighting three options amongst many, that provides most worth:

Notifications And Stories

To make monitoring your exercise log simpler, the premium model helps you to:

  • Ship e mail notifications every time a person takes a specified motion
  • Create reviews that spotlight sure exercise. You may also have these reviews emailed to you on a selected timeline.

Logged In Person Management

The premium model helps you to see an inventory of all of the customers who’re at present logged in to your WordPress website. It additionally helps you to see the place they’re logging in from. And if wanted, you’ll be able to terminate their present session (log them out) with the press of a button.

Exterior Database

If you wish to preserve a everlasting log, it’s higher for efficiency and storage to make use of an exterior database, as a substitute of your WordPress website’s database. The premium model helps you to do that, and it additionally helps you to mirror your audit logs to different instruments like Syslog or Papertrail.



Obtain free model | Obtain Premium model

Ultimate Ideas On Creating A WordPress Safety Audit Log

Utilizing a WordPress safety audit log helps you retain your website safer and monitor what actions customers take in your website.

With a plugin like WP Safety Audit Log, you will get this performance without cost and the setup takes only a few minutes to start out logging.

And whereas some particularly security-conscious websites may need the premium model of the plugin, the free model ought to work high-quality for many websites, particularly blogs.

Download The WPSaviour App Now

Related posts

Slider Revolution WordPress Plugin Review & How To Guide


5 Ways to Find the Latest and Greatest Free WordPress Plugins


How to Get Started With the WordPress Dashboard (In 4 Simple Steps)


How E-Commerce AI is Changing WordPress Shops

Leave a Reply

Your email address will not be published.

Pay in your preferred currency
Indian rupee