For all the WordPress users, keeping the high level of website security is one of the top priorities. You may already have kept the regular website backup, signed up with the reliable web host and done many other preparations to avoid the potential dangers. However, you also need to keep track of the activities of all the users, readers and audiences who can access your website at any time. Due to this, we’d like to introduce the simple steps of how to start WordPress audit trail. In this case, you can know who have done what on your site. If there is anything wrong, you can take some actions at once.
Make Use of the WP Security Audit Log Plugin
This audit log plugin is the easy to use and free WordPress tool. With it, you can keep a close eye on anything happened behind the scenes. From the automatically generated logs, you can be informed of all the security issues so as to deal with them before becoming serious. In addition, if your website has multiple authors, you can also check their productivity easily. Frankly speaking, the close monitoring can make sure that everyone accessing your site will do what they are supposed to do.
Note that this plugin works for both the single WordPress site and the WordPress multisite network. In the following, we have listed the main options this plugin can monitor. With the built-in system, you can get the alerts of any suspicious or unusual activities.
- The new user accounts are created via your registration system or by other users.
- Users login to your website.
- Users change their profile information, including the role, password, emails and settings.
- Users upload and delete the files.
- Users take some actions on your plugins, themes, widgets, posts, pages, post types and many more.
- Users change the settings of your website.
- WordPress script updates or upgrades.
- Login attempts fail.
- And many others……
Set Up for This Plugin
To set up for it, you should click the Audit Log > Settings button. The settings mainly include three aspects – General, Audit Log and Exclude Objects.
Firstly, if you enable the add-on tool of Email Notifications to get notified of all the important changes, you should provide the email address and the sender name for the From details. Next, you can display the dashboard widget to showcase at least 5 alerts.
If your WordPress site is running behind the proxy or firewall, you should enable the option to reverse proxy and firewall. Also, you can choose to filter the Internet IP from your proxy headers.
For the better plugin security, you can decide that only the administrators and some specific users can manage the settings of this plugin. Even, you can hide this plugin from the Plugins page.
Audit Log Settings
For this part, you firstly need to decide the security alerts pruning. The scheduled cleanup can be categorized into two ways.
- Delete the alerts that are older than the specific period.
- Keep the exact number of alerts at the maximum.
When there are some new alerts available, you can refresh automatically or manually. As for the audit log display, you should choose the alerts timestamp based on UTC or the timezone of your WordPress site. And also, you can decide what can be displayed in the log details, such as the alert code, type, date, username, source IP and message.
For the better security, you should choose who have the right to view the security alerts.
Exclude Objects Settings
From this part, you can set some exceptions. For instance, you can exclude some users, user roles, custom fields and IP addresses from monitoring.
Enable or Disable the Alerts
Now, you should click the Enable/Disable Alerts button from the drop-down list of Audit Log. Here, you can enable or disable the monitoring for some special activities. In general, these activities are categorized into 4 groups, including Contents & Comments, Third Party Support, Users Profiles & Activity and WordPress & Multisite Management.
These 4 categories almost cover all the activities that may happen on your WordPress site. For instance, you can monitor the deletion of your blog posts, the creation of the forum and forms on your site, the update of user information and many more.
View the Audit Log
While all the settings finish already, now, this plugin will monitor the website activities uninterruptedly and display the audit log in the Audit Log Viewer section. Here, we highly recommend you to check this section on a daily basis. Thus, you can prevent some potential dangers timely.