WP Security Audit Log is a complete audit log plugin for WordPress, which helps you keep an audit log of everything that is happening on your WordPress and WordPress multisite installation. Ensure user productivity and identify WordPress security issues before they become a security problem. This is claimed to be the most comprehensive user monitoring and audit log plugin for WordPress and is already helping thousands of WordPress administrators, owners and security professionals ensure the security of their websites and blogs.
Increase the security of your WordPress install with good security measures, supplement it by installing WP Security Audit Log and using tools like WPScan the WordPress Vulnerability Scanner.
Features
The plugin has a number of features that make WordPress and WordPress multisite monitoring and auditing easier, such as:
- Realtime Audit Log viewer to watch user activity as it happens without any delays
- Built-in support for reverse proxies and web application firewalls more information
- Limit who can view the security alerts by users and roles
- Limit who can manage the plugin by users and roles
- Configurable WordPress dashboard widget highlighting the most recent critical activity
- Configurable WordPress security alerts pruning rules
- User role is reported in alerts for a complete overview of what is happening
- User avatar is reported in the alerts for better recognizability
- Enable or disable any security alerts
It also has a whole bunch of extensions/add-ons which are mostly paid which allow you to do things like store the log in an external database and generate compliance reports.
Logs Generated
The main purpose of using this, is that it keeps a log of everything happening on your WordPress blog or website and WordPress multisite install. This plugin makes it easier to track suspicious user activity before it becomes a problem or a security issue. A security alert is generated by the plugin when:
- New user is created via registration or by another user
- User changes the role, password or other profile settings of another user
- User on a WordPress multisite network is added or removed from a site
- User uploads or deletes a file, changes a password or email address
- User installs, activates, deactivates, upgrades or uninstalls a plugin
- User creates a new post, page, category or a custom post type
- User modifies an existing post, page, category or a custom post type
- User creates, modifies or deletes a custom field from a post, page or custom post type
- User adds, moves, modifies or deletes a widget
- User installs or activates a new WordPress theme
- User changes WordPress settings such as permalinks or administrator notification email
- WordPress is updated / upgraded
- Failed login attempts
It also helps with troubleshooting and enables you to quickly pin-point what went down before a problem occured. Very helpful if you support a lot of WordPress customer sites.
You can download WP Security Audit Log latest stable version here:
wp-security-audit-log.latest-stable.zip
Or read more here.