{"id":1217,"date":"2017-07-21T12:50:22","date_gmt":"2017-07-21T07:50:22","guid":{"rendered":"https:\/\/thedevcouple.com\/?p=1217"},"modified":"2018-09-11T12:28:34","modified_gmt":"2018-09-11T07:28:34","slug":"wordpress-audit-logs","status":"publish","type":"post","link":"https:\/\/thedevcouple.com\/wordpress-audit-logs\/","title":{"rendered":"Improving WordPress Auditing and Logs with WP Security Audit Log Plugin"},"content":{"rendered":"
\n

\ud83d\udea8<\/h2>\n

Folks! This is an old review of the WP Security Audit Log plugin. To read an all-new review with the recent updates and working\u00a0visit this link \u2192.<\/a><\/p>\n<\/div><\/div>\n

Website security is a never ending debate in the WordPress community. Normally, when you launch a website, you forget taking security measures unless something breaks.<\/p>\n

Keeping an audit log is an effective way of improving your WordPress site security. <\/em>When I (@MaedahBatool<\/a>) came to know about it, I started hunting for the possible ways of doing it. And once again WordPress plugins came to rescue.<\/p>\n

However, when I scrolled through the repository very few options existed. After, a good deal of testing, trial, and error \u2014 I ended up with the\u00a0WP Security Audit Log<\/a>\u00a0<\/strong>plugin. It\u00a0is a security logging plugin which tracks happenings of your website. It’s been quite some time since I’m using this plugin and today I’m pretty excited to talk about it with you guys.<\/p>\n

\ud83d\udea8\u00a0WP Security Audit Log<\/a><\/h2>\n
\n

\"WP-Security-Audit-Log-FT1\"<\/a><\/p>\n<\/div>\n

The concept of tracking and monitoring parameters in WordPress is not new. People have been doing it for optimization, page speed, traffic, etc. Likewise, security logs can be monitored and an audit of these tracks everything you do.<\/p>\n

The WP Security Audit Log plugin is developed by\u00a0WP WhiteSecurity<\/a> <\/strong>and Robert Abela<\/a><\/strong>\u00a0(who is now <\/em>one of the WPCouple-partners<\/a>). It logs what happens on the backend of your website.The plugin monitors tasks like failed login attempts, themes & plugins activated and the file changes that take place.<\/p>\n

\ud83c\udf1f\u00a0With more than 50,000<\/strong> active installs, so far, the plugin has performed quite well.<\/p>\n

\"\"<\/a><\/p>\n<\/div>\n
\n\t\t\t\t\t

According to its developers:<\/h3><\/div>\n\t\t\t\t\t
THE MOST COMPREHENSIVE & EASY TO USE WORDPRESS AUDIT TRAIL PLUGIN.<\/div>\n\t\t\t\t<\/div>\n

Well, I think it is. I wasn’t able to find any plugin that could log this data and has this comprehensive set of features (not options … more on that later). The audit logs are\u00a0accessible directly from your WordPress admin dashboard, and all the events are presented in an easy to read format.<\/p>\n

\ud83c\udf52 Plugin Features<\/h2>\n

The WP Security Audit Log bears a whole\u00a0plethora of features which make it stand out as a modern audit log plugins of its kind. Now I am going to highlight some of the prominent activities against which the plugin generates audit logs.<\/p>\n

Site Contents Changes<\/h3>\n
\n

\"\"<\/p>\n<\/div>\n

Whenever a user modifies<\/strong> or uploads<\/strong> any file, it gets audited. Likewise, changes regarding posts, pages, categories, widgets,<\/strong> and even the settings<\/strong> are tracked and notified to the site owner. Which user added, modified or deleted something \u2014 everything is monitored.<\/p>\n

Failed Login Attempts<\/h3>\n
\n

\"\"<\/p>\n<\/div>\n

Brute force attacks<\/strong> are one of the major security concerns which site owners face right from the beginning of their site launch. WP Security Audit Log plugin responds here as well. It tracks the exact number of the failed login attempts<\/strong> from the time they are attempted and the details of their IP addresses. Also, it records the activity when a user successfully logs in or out of the site.<\/p>\n

User Activity & Productivity<\/h3>\n
\n

\"\"<\/p>\n<\/div>\n

WP Security Audit Log plugin monitors both users’ activity<\/strong> and\u00a0productivity<\/strong>. You can trace what your users are doing at the backend. E.g. which user created what post and at what time \u2014 all get listed. Not just that, WP Security Audit Log tracks if a user changes its role, password or email address<\/strong>.<\/p>\n

You can also track when a particular user logged into your site. This way you can count on the number of hours<\/strong> a user invest and makes it easier for you to pay him accordingly.<\/p>\n

Theme or Plugin Install<\/h3>\n
\n

\"\"<\/p>\n<\/div>\n

The plugin records when a user installs, activates, deactivates, upgrades<\/strong> or uninstalls<\/strong> a new theme or plugin. It logs the exact time when any activity is done on a particular theme or a plugin.<\/p>\n

\u2699 How Does WP Security Audit Log Work?<\/h2>\n

Once the WP Security Audit Log plugin is installed and activated a new menu in added in the dashboard called the Audit Log<\/strong>. From here you can access the plugin settings and configurations.<\/p>\n

\n

\"\"<\/p>\n<\/div>\n

Anywho, if I talk about the basic setup, then you start with configuring the Settings<\/strong>. Here, you find quite a detailed set of options which are easy to comprehend. You can set the section of Audit Log<\/strong> separately. Likewise, you can exclude specific objects<\/strong> as well which you think shouldn’t be logged.<\/p>\n

\n

\"\"<\/p>\n<\/div>\n

Moreover, you can view a separate the section for Audit Log Viewer<\/strong> where the entire site’s activity is logged in one go. Finally, you are left with the section of\u00a0Enable\/Disable Alerts<\/strong> from where you can manually check or uncheck your desired options.<\/p>\n

\ud83d\ude4c\u00a0My Take & Recommendations<\/h2>\n

I’ve been an early adopter of this plugin from the time when its active installs were near about 10K and today, I find great potential in it.<\/p>\n

\ud83d\udc49\u00a0Overall, you find few plugins which deliver the auditing functionality this well. So, it’s a <\/span>5\u2b51 rating as far as I am concerned. This plugin follows the WordPress philosophy of making\u00a0decisions and not options<\/strong><\/em>. That’s why Robert has taken some intelligent steps in deciding which options will users need \u2014 which is why there are not a plethora of options here. The plugin precisely caters the exact needs of its users.\u00a0<\/span><\/p>\n

\ud83d\udc49 However, the plugin’s main menu (Audit Log) interface is a bit messy. I found the links for premium add-ons in red<\/em><\/span> color as quite distractive. Ahmad wrote about not using colors in the admin panel<\/a>.<\/span>\u00a0I think one single menu would do a much better job. Or at least no red colors.<\/p>\n

[UPDATE]:\u00a0<\/strong>Robert just reached out to let us know that in the current major release he’s has addressed these UI related issues. Just tested it, and it looks great<\/a>. Which is super-awesome of him! \ud83d\udc4c<\/p>\n

\ud83d\udc49 Also, the icon against the Add Functionality<\/strong> option gives an impression that it’s an external link but no it’s not.<\/p>\n

\u00a0\u26a1 Conclusion<\/h2>\n

WP Security Audit Log plugin is a decent user monitoring and audit log plugin. After toying around with it for quite some time I recommend this plugin as one of the fixes for WP security.<\/p>\n

If getting a better understanding of\u00a0what’s happening on your website\u00a0sounds appealing, then you should give\u00a0WP Security Audit Log<\/a>\u00a0<\/strong>a spin. You can download its free version<\/a><\/strong> right away and get started. For more advanced features you can upgrade to its premium add-ons<\/a> <\/strong>as well. Try it out and let me know through comments.<\/p>\n","protected":false},"excerpt":{"rendered":"

Website security is a never ending debate in the WordPress community. Normally, when you launch a website, you forget taking security measures unless something breaks. Keeping an audit log is an effective way of improving your WordPress site security. When I (@MaedahBatool) came to know about it, I started hunting for the possible ways of […]<\/p>\n","protected":false},"author":3,"featured_media":1281,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":""},"categories":[18],"tags":[26,27],"coauthors":[81],"jetpack_featured_media_url":"https:\/\/thedevcouple.com\/wp-content\/uploads\/2017\/07\/WP-Security-Audit-Log-FT2.jpg","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/thedevcouple.com\/api\/wp\/v2\/posts\/1217"}],"collection":[{"href":"https:\/\/thedevcouple.com\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedevcouple.com\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedevcouple.com\/api\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/thedevcouple.com\/api\/wp\/v2\/comments?post=1217"}],"version-history":[{"count":5,"href":"https:\/\/thedevcouple.com\/api\/wp\/v2\/posts\/1217\/revisions"}],"predecessor-version":[{"id":6253,"href":"https:\/\/thedevcouple.com\/api\/wp\/v2\/posts\/1217\/revisions\/6253"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedevcouple.com\/api\/wp\/v2\/media\/1281"}],"wp:attachment":[{"href":"https:\/\/thedevcouple.com\/api\/wp\/v2\/media?parent=1217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedevcouple.com\/api\/wp\/v2\/categories?post=1217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedevcouple.com\/api\/wp\/v2\/tags?post=1217"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/thedevcouple.com\/api\/wp\/v2\/coauthors?post=1217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}