How to Audit User Behavior with a WordPress Activity Log
In the Quick Guide we’ll use WP Security Audit Log to keep an activity log of what’s happening on our WordPress site. Activity logs are a chronological list of records of what logged in users did on your WordPress sites and multisite networks. A WordPress activity log a vital part of site security and management because in them, you can find a user log full of information about user logins—from where they logged in and when, what content they have created, published, modified and deleted, what user profile and WordPress settings changes other administrators have done, and much more.
In short, they make security auditing easier and let you log user activity so that in the event of a compromise you know who made a mistake.
When you have a WordPress activity monitor in place, you:
- Ease troubleshooting in case of site problems
- Keep tabs on users’ progress and productivity without having to chase them
- Identify suspicious behavior and stop possible malicious WordPress hack attacks
- Better manage your WordPress site.
WordPress does not keep a record of what users do on your site, so you have to install an activity log plugin. There are a quite a few such plugins available. For this example we will use the free WP Security Audit Log plugin which has good coverage and the features that businesses need to set up a solid activity log system.
What WP Security Audit Log Can Do For You
Once you install the plugin it will start automatically keeping a log of what is happening, so as such there is no much you need to do. Though you are also greeted with a setup wizard which allows you to configure some of the basics:
- Level of log detail: The plugin can keep a record of hundreds of site changes, hence it generates a very comprehensive activity log. Though not everyone is interested in all the fine details. So in the first step of the wizard you can configure the level of activity log details.
- Activity log data retention: By default the plugin only keeps up to 6 months of data, though you can configure it to keep 12 months of data or to never delete any activity logs. The activity logs are stored in their own table in the WordPress database and they are very well optimized, so they do not take a lot of space. Though of course, the more data you keep the more space you need. Most businesses have to keep years of data because of compliance, so usually they store their activity logs in an external database and configure archiving.
- Activity logs access: The activity logs can only be accessed by users with administrator role on the site, and in case of a multisite network the super administrators as well. Though you can allow other users, or users with a specific role to access the activity log in the third step of the wizard.
- Exclude Objects from the activity logs: The plugin keeps a log of everything that is happening on your WordPress site, regardless of who did it and their role. Though in the last step of the wizard you can exclude usernames, roles and even IP addresses, so when something happens from them the plugin does not keep a log of such change.
Setting up a WordPress Activity Log with WP Security Audit Log Video
Here’s a video where I set up the plugin to get a WordPrfess user activity log:
How to Create a WordPress Activity Log with WP Security Audit Log
And the text version of how you’ll get WP Security Audit Log set up to maintain a WordPress activity log for you:
- Install and activate the free plugin from the WordPress.org repository. You’ll do that by going to “Plugins > Add New” from your left sidebar in the WordPress administration area.
- Once you have, work through the wizard. We explained that above, but use the guidance above and on WP Security Audit Log screens themselves to figure out which settings are right for you.
- Now, just do things on your WordPress site. The plugin’s all set up to work and track those as that’s its purpose: logging WordPress user activity.
- To view the log of your test activity (or your normal real activity you’d like to see an activity monitor of go to “Audit Log > Audit Log Viewer” in the left sidebar at the top (right under “Dashboard”).
Benefitting from the Activity Logs for WordPress
At this stage you are all set up and WP Security Audit Log is keeping a log of everything that is happening on your WordPress site. Though there is much more you can do with activity log data. For example you can setup a WordPress intrusion detection system (IDS), generate reports, store the WordPress activity logs in an external database, see who is logged in to your site in real-time and much more with the premium edition of the plugin. No matter what, where’s no arguing that there’s a lot of security arguments in favor of a WordPress user activity log.