WP Activity Log

WP Activity Log is a free WordPress plugin that keeps track of everything that’s happening in your WordPress admin area. It maintains a history of actions taken by all users, and will notify you about suspicious behavior. Not only is this a fantastic security tool to have in place, but you can keep tabs on your clients, as well.

WP Activity Log was developed by Robert Abela, founder of WP White Security, a European-based company that also provides WordPress security services & consultation.

Over 100 (and counting) different actions are tracked, including support for the popular bbPress plugin, as well as WordPress multisite networks. WP Activity Log also has several premium add-ons that give you even more insight & control over what’s happening behind the scenes of your WordPress site. These add-ons include email notifications, search & filtering, enhanced reports & the use of an external DB to store WordPress activity logs.

Let’s take a look at the features of the free plugin, and then I’ll dive into the power of the add-ons.


Getting Started with WP Activity Log

When you first activate WP Activity Log, you’ll notice a new menu item in the left-hand navigation called Activity Log. It should appear just below your Dashboard. There are 6 sub-pages to be explored, but I’ll mainly focus on the first 3. Use the links below to jump straight to that section.

  • Audit Log Viewer – This is where all of your user activity is stored, each row representing a user action
  • Enable/Disable Alerts – This is where you can choose which actions you want to track. Turn on/off alerts about certain user activity. This determines what gets added to your audit log viewer.
  • Settings – This page contains general plugin settings. I recommend you start here before setting up your alerts.
  • Add Functionality – Links to the add-ons that I’ll discuss below
  • Help – Links to documentation, support forums & a security blog by the plugin author. A note about support »
  • About – General information about the plugin & the types of user activity it tracks
WP Security Audit Log menu
WP Activity Log menu items (old; needs updated)

Let’s dig deeper into how to best setup your WordPress activity log, which alerts you should care about, and how to read the activity log viewer screen.

Setting Up For Success

Let’s talk about what each setting does, and help you decide what’s best for your site.

General Settings

Security Alerts Pruning determines how you want to remove alerts from your audit log. Alerts are stored in your database, so it’s a good idea to clean them up regularly. I recommend either deleting alerts older than 3-4 months, or keep up to 2,000 or so alerts. This will give you the alerts you need while also keeping your database optimized.

Alerts Dashboard Widget, if enabled, will add a widget to your WordPress dashboard showing the latest 5 security alerts. Completely optional.

Reverse Proxy / Firewall Options are for advanced users who are running WordPress behind a firewall or proxy server.

Can View Alerts allows you to add specific Users and Roles (admin, editor, contributor, etc.) who can see the security audit log.

Can Manage Plugin allows you to control who has access to the plugin’s settings.

Refresh Activity Log Viewer gives you the option to refresh the log manually. For most sites, leave this set to “Automatic.”

Alerts Time Format / Alerts Timestamp allows you to choose between 12- and 24-hour time formats, as well as choosing local vs. UTC time.

Activity Log Columns Selection lets you customize what information you see on the activity log viewer screen. Perhaps you don’t care to see the “Alert Code,” so you would hide it here. NOTE: Even if you disable them here, they will still be collected in the database.

Hide Plugin in Plugins Page will do just that. This might be helpful if you have a client logging into the site and you don’t want them to see you’re using an activity log plugin.

Disable Alerts for WordPress Background Activity will hide alerts for things like the automatic deletion of auto-drafts and spam comments older than 30 days.

WP Security Audit Log general settings
WP Activity Log general settings

Exclude Objects

The Exclude Objects tab gives you the power to exclude users, roles, custom fields and IP addresses from monitoring. You might be tempted to exclude your username, or all “administrator” users, but be careful. Some attackers could gain access to your site and pretend to be one of your admin users. You would then miss out on all the malicious activity that the attacker is performing.

If you have a private IP address that only you (or a few people you trust) are using, then you could exclude all actions at this IP address from being tracked.

WP Security Audit Log exclude settings
Exclude alerts from monitoring

Disable/Enable Security Alerts

This page lets you choose which user activities you want to track. There are over 100 activities to choose from, broken down into the following categories for easier navigation. All alerts are enabled by default.

WP Security Audit Log Alerts
All available security alerts, organized by category

Monitor User Activity

The User Profiles and Other User Activity tabs allow you to track things like:

  • Successful & failed login attempts
  • Uploading or deleting a media file
  • Edits to a theme or plugin using the built-in editor
  • New user creation
  • Email address & password changes

Monitor System Activity

The System Activity tab allows you to track general WordPress settings & automated activity performed by the WordPress core:

  • Updates to WordPress core
  • New user registration options
  • Permalink changes
  • Changes to the WordPress admin email

Monitor Page & Posts Activity

The Blog PostsPages and Custom Posts tabs allow you to track activity on your WordPress content:

  • When posts/pages/custom post types are created, modified or deleted
  • Any changes in author, permalink, status, categories or tags
  • Any change to the page parent, page template or a page’s custom field

Monitor Multisite Activity

The Multisite tab adds alerts for:

  • Users being added or removed from a site
  • Any changes to Super Admin privileges
  • Adding, archiving or deactivating new sites
  • Theme changes on a network site

Monitor bbPress Activity

The bbPress tab adds over 20 alerts for:

  • Forums being added, modified or deleted
  • Users being added or removed from forums
  • Changes to the status, type or URL of a forum
  • Changes to the status, type or URL of a forum topic

Monitor Other Activity

The Plugins & ThemesWidgets and Menus tabs allow you to track:

  • Installation, activation, deactivation & uninstallation of themes and plugins
  • Adding, modifying, deleting, or changing of a widgets position (moved to another sidebar area)
  • Adding, modifying or deleting a menu item
  • Any change in a menu’s order or settings

Monitor WordPress Database Activity

The Database tab allows you to monitor some important actions happening on your WordPress database. Some of these are crucial for ensuring optimal WordPress security. Many attackers will try to edit your database directly so that your WordPress admin area doesn’t look any different. Some of these alerts could provide valuable insight into a potential security breach.

  • Any time a theme or plugin adds or deletes a table, or modifies a table’s structure
  • Any time an unknown source adds, deletes or modifies anything in the database

Check out the external database add-on below.

Activity Log Viewer

Once you’ve adjusted your settings & customized which alerts you want to track, you shouldn’t need to go back to those settings. The rest of your time will be spent on the Activity Log Viewer page. This is where all your alerts will appear.

There are 6 main pieces of information for each alert:

  • Code – A proprietary 4-digit code used for tracking the different types of alerts and advanced triggering for notifications
  • Type – A color-coded icon that explains the severity of the alert
    • WP Security Audit Log - notice icon Notice: least severe
    • WP Security Audit Log - warning icon Warning: medium severity
    • WP Security Audit Log - critical icon Critical: most severe
  • Date & Time – When the action took place
  • Username (and role) – The user who initiated the action, along with their assigned role
    • This would come in handy if you wanted to keep tabs on a client website, or if you run a multi-author blog. You can see who is creating & updating which pages/posts, if they’ve updated their password, etc.
  • Source IP Address – The IP address of the network on which the action was initiated
    • This could be useful in detecting suspicious activity. If the IP address for an action taken by Amy is different than all of Amy’s previously listed IP addresses, someone else might be logging into her account.
  • Message – This provides a description of the user activity, including any plugin or theme names, post or page IDs, usernames, etc. Reading the message is the best way to determine suspicious activity.

Most of these columns are sortable, which allows you to view all alerts from the same IP address in a row. Or all alerts from the same user. If you need more control over your alerts, consider the search/filtering add-on.

WP Security Audit Log Viewer
An example of several alerts from a testing site

Dashboard Widget

You can optionally choose to show a widget on your Dashboard that contains the last 5 alerts from your activity log. Easily turn it on or off in your settings, or show/hide it using Screen Options at the top of the page.

WP Security Audit Log dashboard widget

Premium Add-Ons WP Activity Log

The free version of WP Activity Log will be enough for some people. For those who want more control over user activity, consider one of these add-ons. You can purchase any of them individually, but you’ll receive a huge discount if you buy the entire bundle.

Purchase Add-Ons: 60% OFF

Watch the video review of all pro add-ons »

Email Notifications

Don’t want to login to your WordPress admin area just to check your audit log? No problem. The email notifications add-on will send the alerts straight to your inbox. Every alert that is tracked in the viewer can also be sent to your email.

The add-on comes with a handful of built-in notifications that the author thought would be used frequently. You can turn them on with one click, or setup your own custom alerts using a combination of various triggers. There are no restrictions on what you monitor, and no limit on how many email notifications you setup.

WP Security Audit Log default email notifications
The built-in email notifications
WP Security Audit Log custom email notifications
A custom email notification each time a draft post is created

The search & filtering add-on is great for those with a lot of user activity. It would take forever to scroll through thousands of alerts. This add-on provides a text-based search option to find specific alerts. You could search for specific theme or plugin names, specific posts/pages, etc.

You can combine a search with additional filtering rules. For example, you could search for all alerts about the “Jetpack” plugin that occurred between 1/1/2016 and 4/21/2016. You can filter by:

  • type of alert
  • date
  • username
  • IP address

WP Security Audit Log search & filters

Reports

With the reports add-on, you can:

  • generate reports in HTML and CSV format
  • have reports sent via email (multiple emails supported)
  • schedule reports to run weekly or monthly
  • create on-demand reports at any time

You might want to keep tabs on a particular user. You can have that user’s activity sent to you via email every month. You could also have a weekly report sent to you about all the changes that occurred on a certain post or page on your website. Reports are completely customizable, and the CSV format allows you to import user activity into other programs.

WP Security Audit Log report types
Example of pre-built report types. You can also customize your own.

External Database

With this add-on, you can select a custom database to store your alerts in, keeping your WordPress database as small as possible. Right now, only MySQL database servers are supported, but they plan to add support for more servers in the future.

One of the other neat aspects of this add-on is that you can migrate your alerts from one database to another. So if you started storing alerts in your WordPress database, you can migrate them to a separate database at any time. Likewise, you can move them back into your WordPress database.

Just enter your database credentials on the settings page, click “Save,” and you’re good to go.

WP Security Audit Log external database settings

Security Add-On NEW

This add-on provides the ability for you to see all the active sessions on your WordPress site. Everyone who is currently logged in will show up. You’ll see details about the user’s session, such as:

  • username
  • when they last logged in
  • when their login will expire, and they’ll have to login again
  • their IP address
  • the last action they took
  • the ability to terminate their session with the click of a button

WP Security Audit Log current users logged in

If an attacker gained access to your site through an old user account, you could quickly terminate their session. Or just anyone in general who shouldn’t be logged in. If you run a large, multi-author blog, or a site with many editors/contributors, this could definitely come in handy.

Plugin Support

Free support is provided via the WordPress.org support forums, as well as via email. The plugin author has been very active in the forums, and all reported issues have been resolved. I’ve had the opportunity to personally interact with Robert, the developer behind the plugin, and he’s been great to work with.

While support is provided for users of the free plugin, priority is given to premium users who pay for add-ons & support.


WP Activity Log is a quality plugin, built by a WordPress security professional. For anyone looking to track user activity in WordPress, or a little extra security peace-of-mind, I can definitely recommend this one.