WP Security Audit Log

Description

THE MOST COMPREHENSIVE & EASY TO USE WORDPRESS AUDIT TRAIL PLUGIN

Keep an audit log of everything that happens on your WordPress and WordPress multisite with WP Security Audit Log to ensure user productivity and identify WordPress security issues before they become a security problem.

WP Security Audit Log is WordPress’ most comprehensive user monitoring and audit log plugin and is used by thousands of WordPress administrators, owners and security professionals. The plugin can also be used to keep an audit trail of WooCommerce store and product changes.

Free and Premium Support

Support for the WP Security Audit Log plugin on the WordPress forums is free. Since it is free support it is not always possible to answer all questions on a timely manner, although we do try our best.

Premium world-class support is available via email to anyone who purchases any of the Premium Add-Ons listed below:

Keep A WordPress Security Audit Log & Identify WordPress Security Issues

WP Security Audit Log keeps a log of everything happening on your WordPress blog or website and WordPress multisite network. By using WP Security Audit Log security plugin it is very easy to track suspicious user activity before it becomes a problem or a security issue. A security alert is generated by the plugin when:

  • New user is created via registration or by another user
  • First time a user logs in to WordPress
  • User changes the role, password or other profile settings of another user
  • User on a WordPress multisite network is added or removed from a site
  • User uploads or deletes a file, changes a password or email address
  • User installs, activates, deactivates, upgrades or uninstalls a plugin
  • User creates a new post, page, category or a custom post type
  • User modifies an existing post, page, category or a custom post type
  • User creates, modifies or deletes a custom field from a post, page or custom post type
  • User adds, moves, modifies or deletes a widget
  • User installs or activates a new WordPress theme
  • User changes WordPress settings such as permalinks or administrator notification email
  • WordPress is updated / upgraded
  • Failed login attempts
  • and much more…

Refer to the complete list of WordPress Security Audit Alerts for more information on what WordPress activity can be monitored with WP Security Audit Log.

Monitor WordPress Users Activity & Productivity

If you own a multi user WordPress blog or website, or a WordPress multisite network installation you can use WP Security Audit Log plugin to monitor your users’ activity and productivity. With WP Security Audit Log WordPress plugin you can monitor:

  • When WordPress users log in or out
  • From where WordPress users are logging in
  • Users who created. modified or deleted categories
  • Users who created a blog post, page or a custom post
  • Users who published a blog post, page or a custom post
  • Users who modified published WordPress content such as custom posts, pages or a blog posts
  • Users who moves content such as blog posts or WordPress pages to trash or permanently deletes it
  • Users who modify WordPress widgets
  • Uses who upload or delete any sort of files
  • and much more…

Refer to the complete list of WordPress Security Audit Alerts for more information on what other WordPress user activity can be monitored with the WP Security Audit Log WordPress plugin.

Upgrade to Premium and Extend the Functionaly of the WP Security Audit Log Plugin

Upgrade to Premium to add Email Alerts, Search, Reports and see who is logged in to your WordPress. Else you can buy any of the add-ons listed below separately:

  • Email Notifications Add-On: get notified via email of important changes. You can setup your own triggers to for example be alerted via email should any WordPress user log in to your WordPress outside office hours.

  • Users Sessions Management Add-On: see who is logged in to your WordPress and WordPress multisite networks. This add-on also allows you to terminate users’ sessions and either allow or deny multiple sessions for the same WordPress user.

  • Search Add-On: do free-text based searches in the WordPress audit trail to easily pin-point a specific WordPress user change. The Search add-on also has built-in filters so you can fine tune your searches and find the WordPress change you are looking for easily and quickly.

  • Reports Add-On: generate any type of HTML and CSV WordPress report. For example generate a WordPress user activity report, role activity report and also site activity report (for WordPress multisite). The Reports Add-On does not restrict you to specific reports types, it allows you to choose any data source for your reports. With this add-on you can also configure automated email summary reports.

  • External DB Add-on: store the WordPress Audit Trail in an external database to improve the security and perforamnce of your WordPress websites and blogs by ensuring such records are not tempered with even in case the website is hacked. By storing the audit trail in an external database you also ensure that your business WordPress website is compliant with today’s strict regulatory compliance requirements.

WP Security Audit Log for WordPress Multisite

WP Security Audit Log is the first tracking and audit WordPress security monitoring plugin that supports WordPress multisite network installations and can monitor activity on such WordPress multisite network installations.

For more information about the features for WordPress Multisite network installation refer to WP Security Audit Log Features for WordPress Multisite

Easily Create Your Own Custom Alerts

Is there something on your WordPress that the plugin does not monitor, but you would like to keep a record of it? Refer to the Hooks for custom alerts documentation to easily create your own custom alerts and keep record of any change on your WordPress, be it a change in a WordPress customization, a third party plugin and more.

WordPress & PHP Errors Monitoring Tools

Plugins and themes customizations are most probably the norm of the day on large WordPress websites, not to mention the installation of new plugins and components. With WP Security Audit Log now it is easier than ever before to monitor your plugins’, theme’s and other code behaviour, it will generate a alert when a PHP error, warning, exception or shutdown is detected. It is also possible to log all HTTP GET and POST requests that are reaching your WordPress installation to a log file with WP Security Audit Log. Simply enable the PHP Errors monitoring or logging from the plugins settings.

NOTE: Developer options should NEVER be enabled on Live websites. They should only be enabled on testing, staging and development WordPress and WordPress multisite installations.

Other Noteworthy Features

WP Security Audit Log plugin also has a number of features that make WordPress and WordPress multisite monitoring and auditing easier, such as:

  • Realtime Audit Log viewer allowing you to see the changers as they happen without any delays
  • Built-in support for reverse proxies and web application firewalls more information
  • Detailed WordPress audit trail allowing you to see what actually changed when the content of posts, pages and custom post types is changed
  • WhatIsMyIpAddress.com integration so you can get all information about an IP address with just a mouse click
  • Limit who can view the WordPress audit trail by either users or roles
  • Limit who can manage the plugin by either users or roles
  • Configurable WordPress dashboard widget highlighting the most recent critical activity
  • Configurable WordPress security audit trail automatic pruning
  • User role is reported in alerts for a complete overview of what is happening
  • User avatar is shown in the alerts for better recognizability
  • Enable or disable any security alerts
  • and much more…

As Featured On:

WordPress Security Audit Log in your Language!

We need help translating the plugin and the WordPress Security Alerts. Please visit the WordPress Translate Project to translate the plugin and drop us an email on support@wpwhitesecurity.com to get mentioned in the list of translators below.

Related Links and Documentation

For more information and to get started with WordPress Security, check out the following:

Stay a Step Ahead of the Bad Guys – Keep Yourself Informed

Even if WordPress security is not your cup of tea, the security of your WordPress is your responsibility. Keep yourself up to date with the latest WordPress Security Tips, Tricks and news. Subscribe to the WP Security Bloggers newsletter, for an aggregate of posts from the most popular WordPress security blogs.

WP Security Audit Log Plugin Newsletter

To keep yourself updated with what is new and updated in the WP Security Audit Log plugin please subscribe to the newsletter.

Note: This plugin requires PHP 5.3 or higher. Older versions of PHP are no longer maintained by PHP and are prone to security issues. For more information or if you need assistance with your version of PHP please get in touch with us by using our contact form.

Screenshots

  • The Audit Log Viewer from where the WordPress administrator can see all the security events generated by WP Security Audit Log WordPress plugin.
  • See who is logged in to your WordPress and manage users sessions with the Users Sessions Management Add-On
  • The WP Security Audit Log plugin settings from where WordPress administrator can configure generic plugin settings such as reverse proxy support, who can manage the plugin etc.
  • The WordPress audit trail settings from where you can configure automatic pruning of alerts, which timestamp should be used, how many 404 requests should be logged and more.
  • Configuring WordPress email alerts with the Email Notifications Add-On
  • Search and filters functionality to automatically search through the WordPress security audit log with the Search Extension
  • The Enable/Disable Alerts settings node from where Administrators can disable or enable WordPress security alerts.
  • The Audit Log Viewer of a Super Admin in a WordPress multisite network installation with the Site selection drop down menu.
  • If there are more than 15 sites in a multisite, an auto complete site search shows up instead of the drop down menu (see screenshots for reference)
  • WP Security Audit Log is integrated with the built-in revision system of WordPress, thus allowing you to see what content changes users make on your WordPress posts, pages and custom post types. For more information read Keep Record of All WordPress Content Changes with WP Security Audit Log Plugin
  • Mirror the WordPress audit trail to an external solution such as Syslog or Papertrail to centralize logging, ensure logs are always available and cannot be tampered with in the unfortunate case of a hack attack.

Installation

  1. Upload the wp-security-audit-log folder to the /wp-content/plugins/ directory
  2. Activate the WP Security Audit Log plugin from the ‘Plugins’ menu in the WordPress Administration Screens
  3. Access the Security audit logs and the plugin settings from the “Security Audit Log” menu that appears in your admin menu

FAQ

Installation Instructions
  1. Upload the wp-security-audit-log folder to the /wp-content/plugins/ directory
  2. Activate the WP Security Audit Log plugin from the ‘Plugins’ menu in the WordPress Administration Screens
  3. Access the Security audit logs and the plugin settings from the “Security Audit Log” menu that appears in your admin menu
Plugin FAQs and Technical Documentation

Please refer to the FAQs page on the plugin’s website for the FAQs and the Support & Documentation section for more technical information and documents about the WP Security Audit Log plugin.

Reviews

Great Package for keeping an eye on things

We have had WP Security Audit installed on our site since the beginning. It has an easy to use interface and has proved to be a great way of seeing what is happening on the site and rectify any glitches (broken links / files).

It also allows me to see if unauthorised users are trying to access the site.

Very useful bit of software

Superb functionality – crucial plugin

WP Audit Security Log is one of those crucial plugins that ties your site together. It is a plugin that is unrivalled for functionality. Not only making the very difficult possible, but makes it easy to do. For security and auditing your users activity, it’s a must.

Great support that is responsive and helpful..Well done WP Audit Security Log!

An essential website security tool

WP Security Audit Log is one of the few plugins and plugin authors I fully trust within the WordPress plugins community. If you are “into security” the WP Security Audit Log is the number one of its kind available for WordPress today.

The features are right on target in regard to what might need to fully monitor the activity with a WordPress based website. The premium features are truly premium. And the author seems to truly care what others think in regard to making his set of plugins better.

Great Plugin for Audit and Tracking

This plugin is easy to install and configure using a wide range of options to choose from. The user interface is well designed.

This great plugin has extensive knowledge base documentation and the plugin website has a security focused blog. Nice!

Read all 141 reviews

Contributors & Developers

“WP Security Audit Log” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

2.6.9.1 (2017-10-24)

  • Bug Fix
    • Fixed a syntax issue in the code that was affecting installs on PHP lower than 5.4

2.6.9 (2017-10-24)

  • New Audit Trail Alerts for logging of Tag changes

    • Alert 2119: User added tag to a post
    • Alert 2120: User removed a tag from a post
    • Alert 2121: User added new tag on WordPress
    • Alert 2122: User deleted a tag from WordPress
    • Alert 2123: User renamed a tag
    • Alert 2124: User changed the slug of a tag
    • Alert 2125: User changed the description of a tag
  • New Audit Trail Alerts for logging of User Profile Changes

    • Alert 4017: Changed the first name of a user
    • Alert 4018: Changed the last name of a user
    • Alert 4019: Changed the nickname of a user
    • Alert 4020: Changed the display name of a user
  • New Functionality

    • New hover over option to modify alerts’ behaviour. This applies to alerts that have configuration such as 1002, 1003, 6007 and 6023.
    • Option to record referrer URL in log file when logging 404 errors to a log file.
    • Option to specify how many failed logins the plugin should log.
    • Option to capture the usernames used during failed login attempts with non WordPress users.
  • Improvements

    • Drop down menu to select number of alerts to display in Audit Log Viewer now has only fixed numbers.
    • Renamed first column to Alert ID (standardising text in plugin)
    • New French translation by Denis Moscato

Refer to the WP Security Audit Log change log on the plugin page for a complete changelog.