If you're running a WordPress install as a membership site, with lots of users and…
WordPress currently powers some of the most resourceful sites across the world. Many of the big enterprises are using WordPress CMS to present their ideas in front of their customers.
One of the big concerns of any business is security. You not only need to make sure that your site is secure but also need to make sure that any user data you have, should be kept private and secured. This is now true more than ever with the introduction of GDPR.
There are many security plugins which are available in WordPress repository. Most of them deal with implementing security protocols or policies which will make your site more secure.
But there is one other side of security which gives you an ability to find security breaches as fast as possible – Logging. If you are logging all your activities and checking log reports, it can point out-liners easily which can help in identifying the security breaches.
WP Security Audit Log
WP Security Audit Log WordPress plugin takes care of the logging for your WordPress site. It creates a detailed logging mechanism and allows you to log all activity to your WordPress Database or any other external database.
Most of the security plugins come with a basic set of logging features, but none of them come close to WP Security Audit Log logging capabilities.
For a smaller site, the logging capability of other plugins might be sufficient, but as the site grows, logging needs to improve as well. More users and more activity will need some automatic solutions as it will not be feasible to check everything manually. This is where this plugin shines.
Extensive Logging Options
Once you install and activate the plugin on your blog, you will get a new menu option – Audit Log. This contains all the sub-menu options for the plugin.
The plugin comes with a capability to record most of the activity on your WordPress site including user profiles, posts & pages, WordPress file editing, etc.
It logs all the events under three different categories – Notices, Warning & Critical. You can enable or disable all those events under Enable/Disable Events submenu.
The page shows all the possible events which the plugin can log; just select which events you want to log for your site. Many of the event logging can be resource consuming in case of bad events, so make sure you set the options correctly.
As you can see, there are many options and events to select from, so you need to spend some time on this screen. This panel needs to be set up according to your site structure and functionality.
Please refer to the complete list of WordPress security event IDs for more information on which WordPress website and multisite network changes the WP Security Audit Log plugin can keep a record of in the WordPress activity logs.
One thing which sets it apart is the capability to store the activity log on an external database so it is segregated from the WP database. If anything happens to your WordPress site and your log records are only available in your WordPress database, it might not be accessible. The external database makes sure you can still access and check what happens to your site. There’s also database mirroring which can help you keep a backup of the original database.
If you are getting too much activity on your WordPress site, you can generate automatic reports on the remote database server. This way you will get an eye on any security issue without adding much load to your WordPress server.
You can set your remote database under DB & Integration option.
Like any normal WordPress database connection, you can define the parameters for your external database. You can decide to mirror the current database or archive the records after a specific time interval.
Current User Session Management
You can not only log the user activities but also can check the current logged in users. It shows all the information like when a user logged in, by when his session is valid, IP address and events.
If you find any connection suspicious, you can destroy it right from this screen.
User Sessions Management has more fine grain controls like not allowing multiple sessions with the same username or automatically kill a session after being idle for some time.
Another amazing premium feature is Reporting which allows you to generate periodical reports and send them through emails. Customised report generation capability set this plugin apart from other solutions.
You can set the report generations based on many different types of collected data. It also has an option of scheduled reports, use that if you want a report regularly. The plugin can update you on what has been happening on a daily, weekly, monthly and quarterly basis, and you can have everything delivered to your inbox. A Statistics Report will let you know useful stuff like how many times a user logged in every day or what pages a user has viewed over the last few months. And a great thing is that if you don’t like the reports in HTML, you can quickly export them in a CSV format.
You don’t have to rely only on the reports provided by the plugin. If you are using an external database, you can use your own reporting tool by connecting it with that.
Though I must admit, this plugin provides very good options for generating reports. It should be sufficient for most of the people or organizations. You have an option to define the events with the help of event code to generate event specific reporting.
Instead of constantly worrying about what will happen by looking at your log, you can use Email Notification option to create an event-based trigger which will send an email to you. The plugin offers some great templates & options that will let you set up notifications in a click! Some typical email notifications WordPress administrators like to setup are:
- User logs in for the first time or at an unusual time or location,
- Too many failed logins
- Too many 404 errors
- Changes to posts & pages
- A plugin or theme changes
Once you complete the steps mentioned in notification wizard, you will start receiving emails about that specific events. You have full control over what events should trigger the notifications. It’s a good way to keep an eye on out-liners.
Apart from the built-in email alerts, you can also use the WordPress email notifications trigger builder to build your own custom triggers so you are notified of any type of changes that you’d like to be alerted of.
One of the key aspects of the security is to make sure your files are intact. Many malware makes inroads to a site with the help of updating PHP files on the server. This plugin keeps a watch over the files and logs all the file changes activities including user information.
You can set your file scanning preference in the settings panel. You can select the directory which should be scanned. It not only scans the WordPress directories and files but all the added files also. You can also set up exclusion rules, in case you want any of the file types should be skipped.
If anything happens, you can easily come back to your audit log and find the root cause. In case it’s an edited file, you can file the source of it also. If your files are updated by a plugin, you can easily find it in your audit log and remove the plugin.
Anyone who has worked long in corporate enterprises can let you know the importance of Audit and logging. This plugin fulfills both the requirement for any organization who wants to maintain their sites. If you want to make sure your WordPress blog is safe, WP Security Audit Log is something you just have to have.
You can quickly start with a free version and see what the plugin can do for you. But when you realize all the benefits of the PRO version, use code WEBFACTORY15 at the checkout and get 15% off any pricing plan.