Is your website secure? – This question is one of the most critical ones that you should ask yourself before launching a new website or taking over an old one. Because you have to stay on top of everything that is happening on your site.
Programmers have always kept records of the events occurring in a system using an audit trail. It allows them to track changes, helps them to troubleshoot issues, and identify suspicious behavior.
But nowadays an audit log has become the need of anyone who wants to keep track of the changes occurring on their website. It is almost impossible to track these changes manually because
- ⏳ It is time-consuming.
- 🔍 It is not possible to identify every bit of modifications done by a user of the website.
There is a range of plugins available for WordPress which help you keep an audit trail of your site. But the audit log is only as good as the details coming along with it. My first interaction with the WP Security Audit Log plugin was during the time I was searching such a plugin for my client.
It has been a while now since we first reviewed the WP Security Audit Log at WPCouple. Since then, I’m glad to share that this plugin has grown during all this time and has validated itself to be the best of the lot.
After setting it up on my client’s site and using it for almost over a year, I am super excited to share my two cents and the progress of this plugin with you. So, let’s jump right in.
👁🗨 WP Security Audit Log
WP Security Audit Log offers the most comprehensive audit log of a WordPress website. It is a free WordPress plugin based on the Freemium model by WP White Security.
WP White Security is led by Robert Abela – WordPress Security Professional and Technical Blogger with over 15 years of experience in the IT industry – & his team. His team rocks talented names like Ashar Irfan who is the Lead Developer and one of his strong pillars.
🌟 They recently shifted their licensing model from individual add-ons to packages based model.
👉 There are nearly 250+ WordPress events that can be logged with the help of this plugin. The included events are related to posts, custom post types, users, plugins, themes, menus, widgets, site settings, multisite, and third-party plugins including WooCommerce, BBPress, and Yoast SEO.
🎗 GDPR Compliance Ready
As of 25th May 2018, GDPR – General Data Protection Regulation – became enforceable on businesses dealing with EU citizens. The plugin also meets the GDPR compliance requirements and can be used on GDPR compliant websites. You can read more about it over here.
⚡️ Getting Started with WP Security Audit Log
As I mentioned earlier, WP Security Audit Log is a plugin based on the Freemium model. You can grab a free copy of the plugin from the WordPress repository or buy the premium version of the plugin from the plugin’s website. Let’s quickly set up the premium version of the plugin.
→ Step #1
Log in to your WordPress website dashboard and navigate to Plugins > Add New. Use the Upload Plugin button to upload the zip file of the plugin to your website and then activate the plugin.
→ Step #2
Once you activate the plugin, it will redirect you to the plugin’s licensing page. Copy and paste the license key that you got after buying the premium package here and click on the Agree & Activate License → button.
→ Step #3
After verifying your license key, it will redirect you to the Audit Log Page. The audit log of the website resides on this page. Here, you can view the events and their related parameters. The page also refreshes itself two times per minute to check if there is any new event in the audit log.
You can view the details of a particular event by clicking on the “…” icon.
You will also find a new menu in the sidebar of the WordPress dashboard. This menu contains some important links related to the plugin.
- ✅ Audit Log Viewer – View all of your website’s events here.
- 🗂 Enable/Disable Events – You can find, enable, and disable 250+ events of this plugin on this page.
- 🚦 Settings – This is where you can manage the General, Audit Log, File Integrity, and Exclude Objects settings.
- 👥 Logged In Users – This page allows you to manage the currently logged in users of your website.
- 📊 Reports – Here you can find the settings to immediately generate or schedule reports of the events that occur on your website.
- 📮 Email Notifications – This is where you can add, enable, and disable email notifications for the events generated on your website.
- 💾 DB & Integrations – WSAL is also capable of using an external database to store, mirror, and archive events and their related metadata.
- 🤝 Help – This page contains a setup video to help you get started and some useful links related to support and documentation.
- 📄 Account – You can find your account details and other information related to the package that you bought from wpsecurityauditlog.com.
- ☎️ Contact Us – If you need to contact the team of WSAL for any purpose, then you will find this page useful. This page will help you submit your support query within a matter of minutes.
- 💰 Pricing – You can view, buy, and upgrade your package of WSAL using this page. This page is an all-in-one fully secured shop for this plugin.
WP Security Audit Log comes along with loads of settings to help you manage the plugin. These settings are divided into four major categories. Let’s quickly review each category of the plugin.
🚦 General Settings
This tab contains the general settings of the plugin. You can pick which users or user roles can manage the plugin settings or choose to restrict the access of the plugin to only you. By default, all the admins – or super admins in case of a multisite – have access to the plugin.
You can also hide the plugin from Dashboard > Plugins page – in case you don’t want any other admins to disable the plugin. WSAL also gives you the ability to show a notification on the login page of your site. This option helps you maintain GDPR compliance on your site.
📝 Audit Log
This category contains settings related to the audit log of your site. Depending on the activity on your website, the audit log can quickly grow large. To cope with this situation, there is a retention setting available which can delete events after certain limits are crossed.
You can choose the events’ timestamp, the user information to display, and the columns you want to hide in the audit log table. You can also select specific users and user roles who can view the audit log using these settings.
🎩 File Integrity Checks & Warnings
WSAL announced this feature at the start of June this year. This feature is single-handedly capable of detecting addition, modification, and removal of files present on the web server of your WordPress site.
After enabling this feature, you only need to select the frequency and the time of the scan. The dev team has split the whole WordPress server into seven significant pools, and the file integrity engine scans each repository at a time.
While talking to the dev team of WSAL, they told us that they had split the server so that scan engine does not take much time & resources to go through the server. There are also settings related to filter directories, files, and file types while running the scan.
👉 A Scan Now button is also available to run an instant scan of the website server.
⚠️ Exclude Objects
This section contains exclude settings related to events. You can choose to exclude events if they include one or more of the following objects:
- 👥 Users
- 🗣 User Roles
- 💼 Meta/Custom Fields
- 🌎 IP Addresses
- 📋 Post Types
- 🔗 Non-Existing URL(s)
📦 Premium Version of WP Security Audit Log
WSAL used to have a few premium add-ons which – after the release of version 3.0 – they combined these add-ons to form a premium version of the plugin. Now you can buy three types of premium versions from them, Starter, Professional, and Business.
1️⃣ Starter Package
The starter package of the plugin includes two premium add-ons.
This module allows you to search your audit log using a combination of filters and search term. You can also save your searches for your ease of use or future reference.
📮 Email Notifications
It is one of the essential add-ons of WSAL. It enables a user to create conditions or group conditions to verify that an event occurred on a website and sent an email notification about it to the user.
To create an email notification, browse to Audit Log > Email Notifications and click on the Add New button. Then – using the Add Trigger button – add conditions that will match your criteria to send you an email notification.
For example, if you want to be notified everytime an author logs in to your site,
- ✅ Click on the Add Trigger button.
- 🎟 Select EVENT CODE from the first select box and enter 1000 in the input after the comparison select box.
- 💥 After that, add another trigger using Add Trigger button.
- 👤 Select USER ROLE in the new trigger and then select AUTHOR.
- 📇 Enter the email address that you want to notify after the triggers and hit the Add Notification button.
2️⃣ Professional Package
This package contains everything a starter package contains and three other modules which combines to make a complete solution to monitor your WordPress site.
This module allows you to configure reports related to the events that occur on your website. Once the reports are scheduled, they are automatically delivered according to the selected frequency of the report – Daily, Weekly, Monthly, and Quarterly.
💾 DB & Integrations
WP Security Audit Log plugin uses custom tables to store events and their metadata. This feature enables you to store your events in a custom database remotely on another server. You can also set databases to mirror and archive the events in separate databases.
👥 Users’ Sessions Management
Sessions Management gives you the ability to control and manage users’ sessions on your website. You can terminate a session at any time. You can also set the rules to allow multiple user sessions – allow, block, or override multiple user sessions.
There are also a bunch of other options available that makes the task of user sessions management a piece of cake.
3️⃣ Business Package
Like the previous package, this one also contains everything that is a part of a professional package. The other three features that make this a complete business package are:
- 📞 Setup Consultation Call
- 1️⃣ Priority Support
- 🎓 Personal Success Manager
🚀 Integration with MainWP
WSAL released another update announcing support for MainWP last month. For those of you who don’t know, MainWP is a WordPress plugin which allows its users to manage multiple WordPress sites from a single dashboard.
🤑 Membership Discount
Robert Abela was kind enough to let us know that the exclusive discount coupon for WPCouple readers from last year still works. Just use the coupon code WPCOUPLE25P at checkout to avail 25% discount on the premium packages.
🙌 Final Words!
Robert and his team have put a lot of efforts into transforming their plugin into a complete audit log solution. The number of features offered by WSAL alone makes it a far more sophisticated plugin than any other plugin available in the market.
The plugin can be used by a vast range of people provided how easy this plugin makes the users see the details of an event on their website. That’s why I’d say that this plugin is worth a shot for those who want to keep a close watch on the security of their website.
That’s pretty much it! Do you have any experience of using WP Security Audit Log or any other audit log plugin? Would you like to share your experience with me? Please leave your comments in the section below. ↓
SUBSCRIBE TO DEVELOPERS TAKEAWAY!
A Premium Development Newsletter by TheDevCouple! What is TheDevTakeaway?