The concept of a Big Brother who knows and controls everything can be rather scary… unless the Big Brother is you and “everything” is your WordPress-based website.
Fixing a problem is way easier when you can track back to its source and reproduce all the steps that have led to this problem. Since WordPress isn’t equipped with a user-friendly tool for this purpose, you will need a third-party plugin.
That’s why we want to introduce you to WP Security Audit Log - a free, full-featured security camera among WordPress plugins.
It’s not just a regular logging tool: this plugin keeps an eye on every aspect of your WordPress website, thoroughly logging any changes, sorting them and providing additional information on every single issue.
Features and settings of the plugin
WP Security Audit Log distinguishes a large number of events. Here is a short list of the most important of them:
- Unauthorized log-in attempts;
- Changes made to posts/pages;
- Plugin/theme installations;
- Database changes;
- Changes made to user profiles;
- Changes made to WordPress settings and widgets, etc.
You can manage notifications from your WordPress dashboard, where they are sorted by type and arranged under separate tabs, so it won’t be a problem for you to find a specific option. All notifications are divided into three groups by importance: notices, warnings and critical messages. They are easily recognizable by colors of their icons.
The results are displayed on the plugin’s main page in your WP dashboard. The default columns include issue code, issue type, date, username, source IP address, and description. Any of them can be excluded from the resulting table, but they will still be recorded.
Despite rich functionality, the settings of the plugin are quite simple and intuitive. The Security Audit Log creates a separate menu in your WordPress dashboard, where you can set up the process of logging. The default settings are pretty well balanced, but if you are an experienced user, you can fine-tune them to suit your requirements.
Developer settings are included for advanced PHP savvy users. They can be enabled from the ‘Settings’ tab, and include such functions as logging backtrace for PHP-generated alerts, viewing data of each triggered alert, etc.
Let's look at a few common situations in which WP Security Audit Log will be indispensable:
Suppressing unwanted activity
Typically it means multiple login attempts by unknown visitors trying to access your website’s back-end under existing or nonexistent usernames. Most of these types of attempts are doomed to failure (if your password is not ‘qwerty’, of course); however, increased interest in your WordPress dashboard may be a sign of a much more dangerous hazard – brute-force. With this plugin you can quickly detect the most persistent intruders in order to block them by IP.
Tracking user-caused problems
No one is immune to mistakes. Even if you know by name all the users of your WordPress website, you still need to control their activity. What can possibly happen? Anything, and that’s the problem. A malicious file can be uploaded; a wrong post can be accidentally moved to trash, and so on. As an administrator, whose job is to ensure smooth operation of the website and safety of the information, you can track all disasters listed above by examining the log.
Preventing technical issues
Not only human errors lead to serious consequences. Incompatibility of plugins and themes is a common cause of WordPress malfunctioning, especially if auto updates are enabled. With this plugin you will be able to isolate all the plugin-related problems, and fix them one by one.
Though the WP Security Audit Log itself is completely free, it can be enhanced with a number of premium extensions that extend its capabilities and usability. There are four of such add-ons and we would like to present them all.
External DB ($59 for a Single Site license) allows you to store the log in an external database, thus decreasing the load on your main WordPress database.
The Reports ($39 for a Single Site license) plugin generates convenient easy-to-read HTML or CSV files from your logs. You can apply dozens of filters to receive a fancy report as the output. This feature can be particularly useful if you are a hired administrator of a WordPress website, and have to provide detailed reports to your boss, or if you just like to keep your logs in order.
The Search ($59 for a Single Site license) add-on provides you with a text-based search, whose results can be narrowed down with the use of a complex filter system.
Email Notifications ($59 for a Single Site license) enables automatic notifications via email. With this add-on you are able to set up flexible triggers using AND/OR operators together with alert codes, user IPs, and other data monitored by WP Security Audit Log plugin. You will be notified if the criteria of one of your triggers are met.
You can save 60% if you buy all of the extensions in a bundle. It will cost you $99 per website. Options for multiple websites are also available.
WP Security Audit Log is a must-have plugin if you take website security seriously - and you should. WordPress, being the most popular CMS in the world, experiences hacking attempts (mostly successful) more often than any other web platform. That’s why it is wise to have the ability to recognize them early on in order to prevent problems.
Why this plugin? It perfectly copes with its task, is flexible and extendable, and is really easy to master even for a novice. Its functions are pretty well balanced: it doesn't try to be an all-in-one tool, yet performs great within its competence.
Do you need premium add-ons? We recommend that you purchase the Search add-on in the first place - it's a "must". It will make significantly simpler for you to navigate the logs. The rest of them are optional, but if you want to squeeze the most of this tool, it's better to opt for the full spectrum of extensions, especially when together they cost less.
And what actions do you take to keep your website secure? Please feel free to share your solutions with the MonsterPost community.