How to Monitor User Activity in WordPress with Security Audit Logs
Do you want to monitor user activity on your WordPress site?
One solution that owners and admins of multi-user WordPress sites seek out is the ability to easily monitor user activity on their website.
This allows them to put a check and balance system in place. If things go out of control, then they can easily figure out what went wrong, who did it, and how to fix it.
In this article, we will show you how to monitor user activity and keep a security audit log in WordPress.
Why You Should Enable WordPress Activity Monitor and Logs?
A common objection that often comes up is you shouldn’t give WordPress login access to anyone that you don’t trust. If you do that, then you won’t need an activity tracking solution.
That’s a bit extreme because there are several very valid use-cases of activity logs.
Sometimes users can accidentally make an error or mistake that may break your WordPress website. Having an activity tracking log helps you identify and fix those issues faster.
Since the audit logs will show you which user made the mistake, you can also educate them on best practices to prevent the same mistake in the future.
A good example is if a moderator approved a comment that doesn’t fit your comment guidelines, then you can quickly correct their mistake and also notify them about it.
While most developers are trustworthy, sometimes you will run into a dishonest developer who can cause your business to lose significant amount of money.
These kind of subtle changes are extremely hard to detect unless you have a WordPress user audit log that keeps track of all activity.
Several years ago this issue happened to Latest Blog founder, Syed Balkhi, where a freelance developer quietly changed several of his affiliate links. Syed caught and fixed the issue thanks to a security audit log plugin.
With the above benefits in minds, let’s take a look at how to set up and monitor user activities on your WordPress website.
We will share two WordPress audit log plugins.
- Simple History (free plugin, but not as robust)
- WP Security Audit Log (best-in-class for what it does)
Monitoring User Activity with Simple History
Simple History is a free user activity monitoring plugin for WordPress, but it is not as feature rich. If you run a small website or WordPress blog, then this plugin will work for you.
Upon activation, head over to Settings » Simple History from the left sidebar of your WordPress admin panel.
On the settings page, you can choose whether you want the activity log to appear on the dashboard, on a separate page, or both.
You can also decide the number of items that will appear on the Dashboard and the log page.
By default, the Simple History plugin cleans the activity log history that is older than 60 days. You can also delete the history manually by clicking on the Clear log now button on the settings page.
This plugin allows you to monitor the history with the help of a secret RSS feed. However, you need to check the “Enable RSS feed” option to use it.
Viewing User Activities with Simple History
To check the user activity log, you need to visit the Dashboard » Simple History page. You can also view them on the Dashboard, but this will depend on how you have configured the settings of this plugin.
This plugin displays the events of the last 30 days by default. You can change it to a fixed range (up to 60 days) or to a custom range by clicking on the Dates dropdown menu.
To search for specific events on your site, you need to click on the “Show search options” link. This will open up a number of fields. You can either use a single field or a combination of them to find the desired data.
For example, you can use the Users field to find someone and then, click on the Search events button to see the activities of that person in the last 30 days.
By default, the Simple History plugin allows you to monitor login, logout, wrong password, post/page editing, media upload, plugin install/update, user profile changes, and more.
It also has support for bbPress forums which lets you see the forum and topic activities on your website.
Simple History allows you to add your own custom events as well. If you have development experience and want to add a custom event, then you can check out the details on this page.
Monitor User Activity using the WP Security Audit Log
Although Simple History does a good job of tracking user activities on your website, it is limited in functionality.
If you are looking for a plugin that provides detailed and real-time user activity reports, then you should use the WP Security Audit Log plugin.
It is a feature-rich plugin that allows you to keep track of every change that happens on your website. You can also get email and SMS notifications for important site events.
To get started, you need to install and activate the WP Security Audit Log plugin on your WordPress site.
Upon activation, you will see a new menu item Audit Log in the left sidebar of your admin panel. You need to click on it to configure this plugin.
On the settings page, you will have to enter the license key of this plugin, and then you need to click on the “Agree & Activate License” button to start using this plugin.
Note: To get the license key, you can check the welcome email that you have received after purchasing the plugin.
Once activated, you will see new options under the Audit Log menu in the left sidebar.
To monitor the events on your website, you need to head over to the Audit Log » Audit Log Viewer page.
This plugin displays the latest events at the top bar of your screen. You can also click on those notifications to go to the Audit Log Viewer page.
The log page will allow you to see all events on your website. You will get important details like the date of the event, the user involved, IP address of the user, and the event message.
For example, if someone logged into your site, then you will be able to find out who was that user, when did that person login, and the IP address of the user.
You can also control the events that you want to track by going to the Audit Log » Enable/Disable Events page.
Here you can select Basic, Geek, or Custom from the Log Level dropdown menu. Based on your selection, you will see different event names and their description on that page.
You can now enable or disable individual events by checking/unchecking the boxes. You can do the same by going to different tabs like Content & Comments, WordPress Install, Visitor Events, etc.
To track the logged in users on your site, you need to go to the Audit Log » Logged In Users page.
From here you will see all the users who are logged into your site. You can also force someone to log out by clicking on the Terminate Session button.
If you want to download the activity log of your site, then simply go to the Audit Log » Reports page to generate a report based on the criteria that you may have.
That’s all! We hope this article helped you to understand how to monitor user activity in WordPress with the help of Simple History or WP Security Audit Log plugin.