🚨
Folks! This is an old review of the WP Security Audit Log plugin. To read an all-new review with the recent updates and working visit this link →.
Website security is a never ending debate in the WordPress community. Normally, when you launch a website, you forget taking security measures unless something breaks.
Keeping an audit log is an effective way of improving your WordPress site security. When I (@MaedahBatool) came to know about it, I started hunting for the possible ways of doing it. And once again WordPress plugins came to rescue.
However, when I scrolled through the repository very few options existed. After, a good deal of testing, trial, and error — I ended up with the WP Security Audit Log plugin. It is a security logging plugin which tracks happenings of your website. It’s been quite some time since I’m using this plugin and today I’m pretty excited to talk about it with you guys.
🚨 WP Security Audit Log
The concept of tracking and monitoring parameters in WordPress is not new. People have been doing it for optimization, page speed, traffic, etc. Likewise, security logs can be monitored and an audit of these tracks everything you do.
The WP Security Audit Log plugin is developed by WP WhiteSecurity and Robert Abela (who is now one of the WPCouple-partners). It logs what happens on the backend of your website.The plugin monitors tasks like failed login attempts, themes & plugins activated and the file changes that take place.
🌟 With more than 50,000 active installs, so far, the plugin has performed quite well.
Well, I think it is. I wasn’t able to find any plugin that could log this data and has this comprehensive set of features (not options … more on that later). The audit logs are accessible directly from your WordPress admin dashboard, and all the events are presented in an easy to read format.
🍒 Plugin Features
The WP Security Audit Log bears a whole plethora of features which make it stand out as a modern audit log plugins of its kind. Now I am going to highlight some of the prominent activities against which the plugin generates audit logs.
Site Contents Changes
Whenever a user modifies or uploads any file, it gets audited. Likewise, changes regarding posts, pages, categories, widgets, and even the settings are tracked and notified to the site owner. Which user added, modified or deleted something — everything is monitored.
Failed Login Attempts
Brute force attacks are one of the major security concerns which site owners face right from the beginning of their site launch. WP Security Audit Log plugin responds here as well. It tracks the exact number of the failed login attempts from the time they are attempted and the details of their IP addresses. Also, it records the activity when a user successfully logs in or out of the site.
User Activity & Productivity
WP Security Audit Log plugin monitors both users’ activity and productivity. You can trace what your users are doing at the backend. E.g. which user created what post and at what time — all get listed. Not just that, WP Security Audit Log tracks if a user changes its role, password or email address.
You can also track when a particular user logged into your site. This way you can count on the number of hours a user invest and makes it easier for you to pay him accordingly.
Theme or Plugin Install
The plugin records when a user installs, activates, deactivates, upgrades or uninstalls a new theme or plugin. It logs the exact time when any activity is done on a particular theme or a plugin.
⚙ How Does WP Security Audit Log Work?
Once the WP Security Audit Log plugin is installed and activated a new menu in added in the dashboard called the Audit Log. From here you can access the plugin settings and configurations.
Anywho, if I talk about the basic setup, then you start with configuring the Settings. Here, you find quite a detailed set of options which are easy to comprehend. You can set the section of Audit Log separately. Likewise, you can exclude specific objects as well which you think shouldn’t be logged.
Moreover, you can view a separate the section for Audit Log Viewer where the entire site’s activity is logged in one go. Finally, you are left with the section of Enable/Disable Alerts from where you can manually check or uncheck your desired options.
🙌 My Take & Recommendations
I’ve been an early adopter of this plugin from the time when its active installs were near about 10K and today, I find great potential in it.
👉 Overall, you find few plugins which deliver the auditing functionality this well. So, it’s a 5⭑ rating as far as I am concerned. This plugin follows the WordPress philosophy of making decisions and not options. That’s why Robert has taken some intelligent steps in deciding which options will users need — which is why there are not a plethora of options here. The plugin precisely caters the exact needs of its users.
👉 However, the plugin’s main menu (Audit Log) interface is a bit messy. I found the links for premium add-ons in red color as quite distractive. Ahmad wrote about not using colors in the admin panel. I think one single menu would do a much better job. Or at least no red colors.
[UPDATE]: Robert just reached out to let us know that in the current major release he’s has addressed these UI related issues. Just tested it, and it looks great. Which is super-awesome of him! 👌
👉 Also, the icon against the Add Functionality option gives an impression that it’s an external link but no it’s not.
⚡ Conclusion
WP Security Audit Log plugin is a decent user monitoring and audit log plugin. After toying around with it for quite some time I recommend this plugin as one of the fixes for WP security.
If getting a better understanding of what’s happening on your website sounds appealing, then you should give WP Security Audit Log a spin. You can download its free version right away and get started. For more advanced features you can upgrade to its premium add-ons as well. Try it out and let me know through comments.
🙌
SUBSCRIBE TO DEVELOPERS TAKEAWAY!
A Premium Development Newsletter by TheDevCouple! What is TheDevTakeaway?