If your WordPress site is a multi-author one or allows the guest blogging submission via dashboard, it is important for you to have a clear picture of what these users are doing while entering the back-end of your site.
In this case, we’d like to showcase a simple guideline about how to monitor WordPress user activity on your website dashboard with the help of WP Security Audit Log plugin. Also, you can check this post to learn the alternative plugin.
Why to Monitor WordPress User Activity
Surely, this practice is beneficial for your website security. After all, it is possible for some bad users to enter your dashboard by pretending as your content contributors, and then maliciously modify your files and work with your plugins.
In addition to this situation, the uninterrupted monitoring is also useful to correct the mistakes made by your users timely, such as removing your qualified blog posts and approving a bad comment.
How to Monitor WordPress User Activity
To achieve this goal, we highly recommend you to have a try on the WP Security Audit Log plugin. With it, you can have an audit log of all the changes that are happening on your WordPress site; thus identify the security issues promptly before they become serious. Generally, this plugin can monitor the following practices and generate a changing alert automatically.
- New users are created.
- Users change their passwords, roles and profile settings.
- Users create, upload, remove and edit your posts, pages, files and any other items.
- Users activate, deactivate, install and uninstall the plugins.
- Users add, delete and modify the widgets.
- Users make any changes on your WordPress settings.
- Users encounter the failed login attempts.
In fact, it is not a difficult task to monitor the user activity using this plugin. After installing and activating it, you can find a newly-added Audit Log tab in your WordPress admin. Then, you need to click the Settings button from its drop-down menu to start the configurations.
To begin with, you need to check the general settings and decide the alerts issues. Here, you can decide whether to delete the alerts that are older than some specific days, along with how many changing alerts can be kept in one time. This kind of Security Alerts Pruning can clean up your Audit Log Viewer effectively.
Also, if needed, you can add a dashboard widget that showcases the latest 5 alerts for the changes made on your site.
Next, you should pay attention to the Firewall and Reverse Proxy options. If your site is running with the reverse proxy and a firewall for the sake of website security, you’d better enable these two options showcased as below. In this way, the plugin can retrieve and filter the IP address from the proxy headers.
Now, you should decide some permission settings. These include who can check the changing alerts made by this plugin and who can manage the settings of this plugin.
Then, it is time to determine the log display in the Audit Log Viewer, including the alerts time format and log columns selection among alert code, type, date, username, source IP and changing details. Also, you can determine to refresh the audit log in either automatic manner or manual way.
Besides these basic configurations, you can also decide whether to hide this plugin in the Plugins page, whether to remove all the data when the plugin is uninstalled and whether to raise an alert upon the WordPress background activities, such as removing the auto drafts. Personally, we do not recommend you to enable these three options.
Based on your real situations, you can exclude some users, roles and IP address from being monitored, so any changes they make will not be logged. Also, if you have some special custom fields that do not want to be monitored, you can also add them into the exclude list.
It is possible that you do not want to monitor some of your website components, such as the blog posts, custom posts, database, multisite, webpages, plugins, templates and user profiles, etc. In this case, you can navigate to the Enable/Disable Alerts section under the Audit Log drop-down.
Here, you can choose to stop the monitoring on some specific components and the actions made on them. This can make your audit log clean and meaningful.
This plugin allows some specific extensions to extend the core functionality, helping you get more benefits out of it. However, these add-on features are not free of charge, so you’d better choose based on your ultimate needs. Check the details as below.
- Email Notification – With this feature, you can get an instant alert via email if some specific changes are made on your WordPress site.
- External Database – This feature allows you to save your log in an external database, thus can improve the website performance and security.
- Search Feature – This add-on allows you to search some special activities on your WordPress site with a free-text search box.
Audit Log Viewer
Now, you have all the settings configured properly. So, you can check the Audit Log Viewer to figure out who have done what on your website. The report gives you a clear picture, showcasing the changing types and dates, the username and source IP for doing the changes and what changes are made.