How to Monitor User Activity in WordPress with Security Audit Logs

    Do you want to monitor user activity on your WordPress site?

    Running a multi-author blog or membership site comes with its own unique challenges such as stopping spam registrations and managing editorial workflow.

    One solution that owners and admins of multi-user WordPress sites seek out is the ability to easily monitor user activity on their website.

    This allows them to put a check and balance system in place. If things go out of control, then they can easily figure out what went wrong, who did it, and how to fix it.

    In this article, we will show you how to monitor user activity and keep a security audit log in WordPress.

    Why You Should Enable WordPress Activity Monitor and Logs?

    A common objection that often comes up is you shouldn’t give WordPress login access to anyone that you don’t trust. If you do that, then you won’t need an activity tracking solution.

    That’s a bit extreme because there are several very valid use-cases of activity logs.

    Sometimes users can accidentally make an error or mistake that may break your WordPress website. Having an activity tracking log helps you identify and fix those issues faster.

    Since the audit logs will show you which user made the mistake, you can also educate them on best practices to prevent the same mistake in the future.

    A good example is if a moderator approved a comment that doesn’t fit your comment guidelines, then you can quickly correct their mistake and also notify them about it.

    Another very good use-case for security audit logs is when you hire a WordPress developer from third-party contract websites like Codeable, Upwork, etc.

    While most developers are trustworthy, sometimes you will run into a dishonest developer who can cause your business to lose significant amount of money.

    Recently one of our Facebook group members reported that a developer she hired from Upwork changed the PayPal address in her WooCommerce store.

    These kind of subtle changes are extremely hard to detect unless you have a WordPress user audit log that keeps track of all activity.

    Several years ago this issue happened to Techevangelistseo founder, Syed Balkhi, where a freelance developer quietly changed several of his affiliate links. Syed caught and fixed the issue thanks to a security audit log plugin.

    With the above benefits in minds, let’s take a look at how to set up and monitor user activities on your WordPress website.

    We will share two WordPress audit log plugins.

    1. Simple History (free plugin, but not as robust)
    2. WP Security Audit Log (best-in-class for what it does)

    Monitoring User Activity with Simple History

    Simple History is a free user activity monitoring plugin for WordPress, but it is not as feature rich. If you run a small website or WordPress blog, then this plugin will work for you.

    The first thing you need to do is install and activate the Simple History plugin. You may follow our beginner’s guide on how to install a WordPress plugin for detailed instructions.

    Upon activation, head over to Settings » Simple History from the left sidebar of your WordPress admin panel.

    On the settings page, you can choose whether you want the activity log to appear on the dashboard, on a separate page, or both.

    You can also decide the number of items that will appear on the Dashboard and the log page.

    By default, the Simple History plugin cleans the activity log history that is older than 60 days. You can also delete the history manually by clicking on the Clear log now button on the settings page.

    This plugin allows you to monitor the history with the help of a secret RSS feed. However, you need to check the “Enable RSS feed” option to use it.

    Viewing User Activities with Simple History

    To check the user activity log, you need to visit the Dashboard » Simple History page. You can also view them on the Dashboard, but this will depend on how you have configured the settings of this plugin.

    This plugin displays the events of the last 30 days by default. You can change it to a fixed range (up to 60 days) or to a custom range by clicking on the Dates dropdown menu.

    To search for specific events on your site, you need to click on the “Show search options” link. This will open up a number of fields. You can either use a single field or a combination of them to find the desired data.

    For example, you can use the Users field to find someone and then, click on the Search events button to see the activities of that person in the last 30 days.

    By default, the Simple History plugin allows you to monitor login, logout, wrong password, post/page editing, media upload, plugin install/update, user profile changes, and more.

    It also has support for bbPress forums which lets you see the forum and topic activities on your website.

    Simple History allows you to add your own custom events as well. If you have development experience and want to add a custom event, then you can check out the details on this page.

    Monitor User Activity using the WP Security Audit Log

    Although Simple History does a good job of tracking user activities on your website, it is limited in functionality.

    If you are looking for a plugin that provides detailed and real-time user activity reports, then you should use the WP Security Audit Log plugin.

    It is a feature-rich plugin that allows you to keep track of every change that happens on your website. You can also get email and SMS notifications for important site events.

    To get started, you need to install and activate the WP Security Audit Log plugin on your WordPress site.

    Upon activation, you will see a new menu item Audit Log in the left sidebar of your admin panel. You need to click on it to configure this plugin.

    On the settings page, you will have to enter the license key of this plugin, and then you need to click on the “Agree & Activate License” button to start using this plugin.

    Note: To get the license key, you can check the welcome email that you have received after purchasing the plugin.

    Once activated, you will see new options under the Audit Log menu in the left sidebar.

    To monitor the events on your website, you need to head over to the Audit Log » Audit Log Viewer page.

    This plugin displays the latest events at the top bar of your screen. You can also click on those notifications to go to the Audit Log Viewer page.

    The log page will allow you to see all events on your website. You will get important details like the date of the event, the user involved, IP address of the user, and the event message.

    For example, if someone logged into your site, then you will be able to find out who was that user, when did that person login, and the IP address of the user.

    You can also control the events that you want to track by going to the Audit Log » Enable/Disable Events page.

    Here you can select Basic, Geek, or Custom from the Log Level dropdown menu. Based on your selection, you will see different event names and their description on that page.

    You can now enable or disable individual events by checking/unchecking the boxes. You can do the same by going to different tabs like Content & Comments, WordPress Install, Visitor Events, etc.

    To track the logged in users on your site, you need to go to the Audit Log » Logged In Users page.

    From here you will see all the users who are logged into your site. You can also force someone to log out by clicking on the Terminate Session button.

    If you want to download the activity log of your site, then simply go to the Audit Log » Reports page to generate a report based on the criteria that you may have.

    That’s all! We hope this article helped you to understand how to monitor user activity in WordPress with the help of Simple History or WP Security Audit Log plugin.

    You may also want to check out our ultimate WordPress security guide and our list of the best WordPress firewall plugins.

    If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

    The post How to Monitor User Activity in WordPress with Security Audit Logs appeared first on Techevangelistseo.

    Recent Articles

    See the making of “Mythic Quest: Quarantine” in new behind the scenes video

    Go behind the scenes of "Mythic Quest: Quarantine". What you need to know Ubisoft has posted a behind the scenes look at "Mythic Quest: Quarantine". Executive producer...

    ‘Struggling’ Zuckerberg decides doing nothing is best when it comes to Trump

    Mark Zuckerberg has officially weighed in and —surprise! — after much deliberation has decided that doing nothing is the right and just thing. On Friday...

    Here’s how an unknown TikTok clone topped the App Store charts

    Been on the App Store over the past few days? You might have noticed a curious new free iPhone app in the number one...

    Twitter Lets Users Schedule Tweets in Advance via @MattGSouthern

    Twitter now offers its own method of scheduling tweets in advance, a feature that was once only available with third-party tools.The post Twitter Lets...

    Twitter’s Web App Now Supports Saved Drafts, Scheduled Tweets

    What began as an experiment last fall is now rolling out to all main web app users. Twitter this week announced a new feature that lets folks...

    Latest Stories

    Stay on op - Ge the daily news in your inbox

    Do NOT follow this link or you will be banned from the site!
    Translate »