Table of Contents
Managing WordPress when you are the only admin is pretty straightforward. You know the changes you make to your website and can reverse them when needed. You are the only person responsible for performance and security.
Once the business scales and the website becomes more prominent and complex, you add users to help run it. More users mean more chances of something going wrong. That’s why knowing all the changes within your website is essential so you can quickly learn and fix them when something goes wrong.
This blog post will discuss the importance of a WordPress activity log, what to monitor on your website, and how to set one up. Let’s dive in.
What is a WordPress Activity Log?
WordPress activity log is a compiled list of all the activities within your WordPress website. Suppose a user changes the content, like changing a word in the title from ‘beautiful’ to ‘pretty’; the log will capture the change and save it with all the crucial information, including time, date, users, and IP address. The activity log enables the website administrator to monitor the changes in theme, design, and plugins to quickly notice any unwanted action and track down the source to fix it.
Why log WordPress Activities?
With multiple contributors to the website, like developers, editors, designers, and third-party agencies – there could be many changes happening at any moment. You would face many surprises and wonder who deleted the images, who updated the plugins, or which user has added the shady external link.
The WordPress log lets you quickly track the cause of problems so you can have more control over security & quality. Let’s see several reasons why you must log WordPress activities.
#1 User accountability
Imagine if someone uninstalled the security plugin or turned off the firewall. This could lead to a hacking attack. Since you cannot pinpoint the account used to perform this action, you cannot hold anyone accountable.
An activity log will keep this information at your fingertips so you can track down the person involved in malicious activities and take the correct action.
#2 Easy to pinpoint the errors
If the website goes down, you can read the logs to uncover the action that caused this crash. Reversing that, you will have your WordPress website back and live.
Without a log, you must compare the entire WordPress website with the clean WordPress core to find the reason behind the error. You also have to ask other admins and moderators for their changes. As the website is down, they might avoid the blame by misleading you. An activity log would be your source of truth for what happened at your WordPress site.
#3 Better website security
Tracking all the changes gives you better insight and control over your website. You can quickly discover suspicious actions, such as a user disabling a security plugin or turning off essential security features.
It is not only users; sometimes, a hacked plugin can misbehave with other plugins installed on your website. Proper monitoring lets you quickly identify and remove the corrupted plugin to protect your WordPress website.
#4 Post-hack investigation
If your website gets hacked by any unfortunate event, you would like to learn how that happened to avoid it in the future. But to do that, you must know what makes your WordPress prone to attack; you would also like to know what changes these hackers made when they were on your website.
You can go over the logs to see the detailed journey of hackers. Analyzing it, you will find how and when they entered, the changes they made, and how it affected your website.
What WordPress Activities Should You Log?
There are so many changes happening within your WordPress. You would prefer to keep your storage private by recording every change. Here, we will tell you the most crucial changes that can affect your website security, and you should monitor them.
#1 Change in content
Though WordPress has a built-in content revision checker, having a log of content changes gives you more detailed insights. You do not have to go from one draft to another to preview the changes. From one page, you can overview all the changes made to the content and perform a quality analysis if required. You can monitor not only content but also if there is any unapproved external link insertion or a change made to the affiliate links.
#2 Setting and code changes
Changes in the WordPress theme & plugin can modify your website’s design and functionality. However, some changes need to be reflected more visibly. For example, you might not notice if a user or a plugin added a PHP script to share the user information with an external service. It will run in the background without you ever knowing.
So tracking the changes in code and setting is crucial for proper insight into your WordPress website. Here are several changes you should be monitoring:
- WordPress core updates & upgrades
- Installation, updates, & deactivations of Theme and plugin.
- Changes in the settings of a theme or plugin, such as Link Permalink, external links, and changes in the tag nofollow and dofollow.
#3 Changes in user account and settings
User accounts are also needed to track; human errors are responsible for 82% of data breaches. You must be aware of all the new charges made and the ones deleted.
Plus more things to look for:
- User profiles change the image and name frequently
- The email address has been changed (which can mean the author might have sold their access)
- Log in from multiple locations at the same time might indicate the user is sharing the password
- User access changes (from moderator to admin, or vice versa)
#4 Failed login attempts
Log of the failed login attempts lets you know the frequency of the attack. You can learn what IP or place you get the most login attempts, and then you can block that IP. If there is an above-average failed login attempt, it could mean a planned attack is happening. You can tighten your WordPress security and ensure all the users have 2FA configured.
#5 Changes to the website in case of WordPress multi-site setup
Super administrators should know every admin-level action happening within their multi-website network. In case of a breach or vulnerability due to a user, super admin must be the first to learn.
Crucial things to monitor:
- WordPress installation and deletions
- Creating and deleting user accounts with an admin role
- Admin-level changes to the website
- Getting emails about WordPress updates
- Changing primary email for the users
How to Implement WordPress Activity Log?
Once you decide what activities you will log, the next step is to configure them. It is not possible to do it manually. Setting up website versioning and monitoring is usually complex, but WordPress makes it much more manageable.
There are two popular ways to implement a WordPress activity log:
Using the Hosting Dashboard: Popular WordPress hosting companies like Kinsta, Hostinger, Siteground, and GoDaddy have dashboards with many unique features like backup, cache, and even logging. However, the way they log in will be very different as they will track server-level changes. It would help to have the site’s details set up within WordPress. To do so, you have to install a WordPress plugin.
Use a WordPress Plugin: One can use various WordPress plugins to store activity logs. Many of them are free and have enough features to help you out. However, if you have extensive needs, it is OK to have premium ones as they are worth it.
What should you look for in a WordPress Activity Log plugin?
With so many plugins, picking one would be a challenge. So, we have made a list of must-have features when selecting a plugin.
#1 Ability to turn on/off the features
As mentioned above, you can track only some changes. Keep it minimal and relevant so you can audit them later easily. So, there must be an option for you to select the things you want to track and log.
#2 Compliance with data retention rules
The plugins collect data on the changes made by the users. In a way, you store users’ data under compliance laws. So, the plugin must have all the compliance needed so it does not backfire legally.
#3 Integration with other plugins
The plugin would track the changes in the WordPress website and in the plugins. It must also integrate with other plugins. If other plugins installed on your website do not allow the activity log plugin to save the changes, then it will be pointless to pick that monitoring plugin.
#4 Search and filters to view the logs
The search and filter option lets you quickly review what you want to check. There should be a way to categorize the various types of logs according to time, date, and user.
#5 Exporting the logs
Keeping the logs at the hosting server would eat up all the space. You want to keep them offsite, like on your computer or free Google Drive. To do that, there must be a way to export the logs safely and transparently.
#6 Support for multiple networks
If you have a multi-site network, the plugin should support the multi-site. It should be able to compile the data from all the websites and show it on a single page so you don’t have to go through each website.
Best WordPress Activity Logs Plugins
Simple History
Simple History is a free, lightweight, and straightforward Activity Log plugin for WordPress. It seamlessly integrates with the WordPress settings and displays the logs on the WordPress admin dashboard.
You do not have to be logged in to see the log. It also offers a RSS feed feature enabling you to view the changelog directly from an RSS reader application.
You can export all the logs in JSON and CSV format. There is no filter, but under the Debug page, the record categorizes the logs by different loggers, such as the Post and Plugin loggers.
Simple History is a minimal activity log with enough features. However, the UI does not make it easier to analyze the logs. If you are tech-savvy, you can export the records to an external database and connect them to your favorite log visualizer (r) for better monitoring. For beginner WordPress users, Simple History might not be that useful.
Activity Log
Activity Log is another simple plugin with a fantastic dashboard to view all the logs easily.
You can filter the logs by time, topic, roles, and action. This dashboard is the USP of this nifty plugin, as the plugin offers no more customization than the time to keep the logs.
We have been using the Activity Log plugin for one year. The plugin provides a clean and comprehensive monitoring dashboard. Only a few plugins offer search and filter options for logs within the WordPress dashboard, and this is typically a premium feature.
WP Activity Log
WP Activity Log is a freemium comprehensive WordPress activity log with many advanced features. Even the free plan has excellent features for WordPress beginners. For example, you can turn on and off the events you wish to keep a log of. Plus, integration can be installed to monitor what’s happening on your WordPress site more intricately, such as file changes, form changes, and SEO changes.
The plugin’s UI is as simple as possible, but the many features could be too much. For the free version, most of these features are unlocked but visible.
Features of WP Activity Log:
- Exclude users, posts, pages, and IP addresses from the log
- Select what you wish to see (events, time, user, IP address) in the WordPress activity log
- Log for background activities (automatically running WordPress processes)
- Email notifications, log searches via filters and keywords, and exports are paid features.
Frequently Asked Questions (FAQs)
Does WordPress have a log of changes?
WordPress does not have a native change log. There is a way to see the version history of blog posts and content. However, regarding the changes occurring within the setting and plugin, there is only so much you can do besides implementing an activity log using a plugin.
How do I find my WordPress Activity Log?
WordPress doesn’t collect activity logs by default, so they cannot be found on your dashboard. If you use a plugin to track suspicious activities, the log page will be visible per the plugin setting. Some plugins show it on the admin dashboard, while others have a separate section under the left toolbar.
Can you see the login history on WordPress?
No, you cannot see the login history on WordPress. You must add this security feature via WordPress plugins like WordFence and Sucuri. You can also add a plugin that explicitly records login attempts. If your website has enabled logs, login history will also be visible under the security audit log.
Can you track user activity in WordPress?
You can track user activity in WordPress by adding the user activity log feature using any Activity Log plugins for WordPress.
Final Words
Small or big, if your WordPress website has multiple authors, admins, and editors, you must consider having an activity log to monitor all the activities. It will make the website more secure, enabling you to make the workflow transparent and keep users accountable for their actions.
This article helped you understand the importance of Activity logs and implementing the solution to streamline website management. If you have questions, please comment or contact us for more information on WordPress maintenance, errors, and performance.
Author Bio
Faizan Fahim is a B2B content marketer who likes to write about WordPress, Cloud Native technologies, and SaaS products. Besides professional writing, he likes reading and runs a book blog. You can connect with him through LinkedIn.