If you're running a WordPress install as a membership site, with lots of users and…
WordPress currently powers some of the most resourceful sites across the world. Many of the big enterprises are using WordPress CMS to present their ideas in front of their customers.
One of the big concerns of any business is security. You not only need to make sure that your site is secure but also need to make sure that any user data you have, should be kept private and secured. This is now true more than ever with the introduction of GDPR.
There are many security plugins which are available in WordPress repository. Most of them deal with implementing security protocols or policies which will make your site more secure.
But there is one other side of security which gives you an ability to find security breaches as fast as possible – Logging. If you are logging all your activities and checking log reports, it can point out-liners easily which can help in identifying the security breaches.
WP Activity Log
The WP Activity Log plugin takes care of the logging for your WordPress site. It creates a detailed logging mechanism and allows you to log all activity to your WordPress Database or an external location whether it’s a MySQL database, Log Management Service such as Loggly or Amazon Cloudwatch, Slack, and a number of other options.
Most of the security plugins come with a basic set of logging features, but none of them come close to WP Activity Log logging capabilities.
For a smaller site, the logging capability of other plugins might be sufficient, but as the site grows, logging needs to improve as well. More users and more activity will need some automatic solutions as it will not be feasible to check everything manually. This is where this plugin shines.
Extensive Logging Options
Once you install and activate the plugin on your blog, you will get a new menu option – WP Activity Log. This contains all the sub-menu options for the plugin.
The plugin comes with a capability to record most of the activity on your WordPress site including user profiles, posts & pages, WordPress file editing, etc.
It logs all the events under four different severity levels – Critical, High, Medium, Low, and Informational. You can enable or disable all those events under Enable/Disable Events submenu.
The page shows all the possible events which the plugin can log; just select which events you want to log for your site. The plugin has been highly optimized to not consume too much resources, so feel free to include everything you need.
As you can see, there are many options and events to select from, so you need to spend some time on this screen. This panel needs to be set up according to your site structure and functionality.
Please refer to the complete list of WordPress activity log event IDs for more information on which WordPress website and multisite network changes the WP Actvity Log plugin can keep a record of in the WordPress activity logs.
One thing which sets it apart is the capability to store the activity log on an external database so it is segregated from the WP database. If anything happens to your WordPress site and your log records are only available in your WordPress database, it might not be accessible. The external database makes sure you can still access and check what happens to your site. There’s also database mirroring which can help you keep a backup of the original database.
If you are getting too much activity on your WordPress site, you can generate automatic reports on the remote database server. This way you will get an eye on any security issue without adding much load to your WordPress server.
You can set your remote database under DB & Integration option.
Like any normal WordPress database connection, you can define the parameters for your external database. You can decide to mirror the current database or archive the records after a specific time interval.
Current User Session Management
You can not only log the user activities but also can check the current logged in users. It shows all the information like when a user logged in, by when his session is valid, IP address and events.
If you find any connection suspicious, you can destroy it right from this screen.
User Sessions Management has more fine grain controls like not allowing multiple sessions with the same username or automatically kill a session after being idle for some time.
Another amazing premium feature is Reporting which allows you to generate periodical reports and send them through emails. Customised report generation capability set this plugin apart from other solutions.
You can set the report generations based on many different types of collected data. It also has an option of scheduled reports, use that if you want a report regularly. The plugin can update you on what has been happening on a daily, weekly, monthly and quarterly basis, and you can have everything delivered to your inbox. A Statistics Report will let you know useful stuff like how many times a user logged in every day or what pages a user has viewed over the last few months. And a great thing is that if you don’t like the reports in HTML, you can quickly export them in a CSV format.
You don’t have to rely only on the reports provided by the plugin. If you are using an external database, you can use your own reporting tool by connecting it with that.
Though I must admit, this plugin provides very good options for generating reports. It should be sufficient for most people or organizations. You have an option to define the events with the help of event code to generate event specific reporting.
Email Notifications & SMS
Instead of constantly worrying about what will happen by looking at your log, you can use the Email & SMS Notification option to create an event-based trigger which will send an email to you. The plugin offers some great templates & options that will let you set up notifications in a click! Some typical notifications WordPress administrators like to setup are:
- User logs in for the first time or at an unusual time or location,
- Too many failed logins
- Too many 404 errors
- Changes to posts & pages
- A plugin or theme changes
Once you complete the steps mentioned in notification wizard, you will start receiving notifications about that specific events. You have full control over what events should trigger the notifications. It’s a good way to keep an eye on out-liners.
Apart from the built-in email alerts, you can also use the WordPress custom notifications trigger builder to build your own custom triggers so you are notified of any type of changes that you’d like to be alerted of.
One of the key aspects of security is to make sure your files are intact. Many malware makes inroads to a site with the help of updating PHP files on the server. This plugin integrates with Website File Changes Monitor to keep an eye on your WordPress site for file changes.
Once Website File Changes Monitor is installed, WP Activity Log adds a convenient shortcut to its Settings page. You can select the directory which should be scanned. It not only scans the WordPress directories and files but all the added files also. You can also set up exclusion rules, in case you want any of the file types should be skipped.
If anything happens, the audit log will report that file changes have been detected, allowing you to investigate further.
Anyone who has worked long in corporate enterprises can let you know the importance of Audit and logging. This plugin fulfills both the requirement for any organization who wants to maintain their sites. If you want to make sure your WordPress blog is safe, WP Activity Log is something you just have to have.
You can quickly start with a free version and see what the plugin can do for you. But when you realize all the benefits of the PRO version, use code WEBFACTORY15 at the checkout and get 15% off any pricing plan.