When your WordPress website is small, it’s easy to keep tabs on everything that happens within it. However, as it grows in size and complexity it can become a lot harder to keep up. This is particularly true if you enable users to register on your site, run a membership site, or have multiple contributors on it.
Regardless, it’s vital to know what’s happening on your site at all times. You can do this by tracking user activity such as changes to content, profile updates, failed logins, and more. When you have information like this at your fingertips, you can quickly track down the source of any problems and maintain tight security.
In this post, we’re going to briefly talk about why you’d want to track your WordPress site’s activity. Then we’ll help you figure out what types of activity it’s most important to keep an eye on. Let’s jump right in!
Why It’s Crucial to Use a WordPress Activity Log
An activity log can help you keep tabs on important changes to your site.
If your website has only a single user – you – there should be no surprises. Unless your site has been hacked (which we’ll talk more about later), every change and update will have been made by you.
However, many sites permit a lot more than a single user to register. You might encourage your visitors to sign up for subscriber accounts, for example. Alternately, you may have an entire team of writers, developers, editors, and third-party contractors who help you create and manage content.
Either way, having so many people accessing your site can lead to a lot of uncertainty. It’s not always easy to figure out who deleted a post, or to make sense of why a user profile was altered. If you’re worried that a particular change was malicious, or you simply want to know why it occurred, you may not have a good way to proceed.
This is why tracking activity on your WordPress site is so important. Having an activity log of every significant change, along with details about when it happened and which users were involved, makes it simpler to deal with unexpected events. Even if you’re the only user on your site, this type of log can help you track down the source of changes that are the result of successful hacking attempts.
Of course, you cannot maintain an activity log manually. Fortunately, you can use a WordPress activity log plugin to handle this job automatically. All you’ll need to do is check out your log whenever you need the information it contains.
WP Security Audit Log
One of the best plugins on the market for this is WP Security Audit Log. You can download the free version on the WordPress repository. As of writing this, it has over 70,000 active installs with an impressive 4.5 out of 5-star rating. It’s also actively updated on a regular basis by the developers.
There is also a premium version (starting at $89 a year) which gives you additional features such as reports, instant email alerts, and search. But all logging functionality is completely free.
Configuring WP Security Audit Log
We are using the free version of WP Security Audit log in this post. After installing it the first thing you’ll see after activation is the configuration wizard.
Click on “Start Configuring the Plugin” to get started.
Select “Basic” or “Geek.”
- Basic: Choose this option if you only want basic logging data.
- Geek: Choose this option if you want all the data the plugin has to offer.
You can change these settings anytime later, but for this example, we’ll do the “Geek” option to show you more of the WP Security Audit Log plugin.
Next, you’ll want to choose how long you want to keep the WP Security Audit Log data. For this example, we’ll choose 6 months.
- 6 months (data older than 6 months will be deleted)
- 12 months (data older than 12 months will be deleted)
- Keep all data.
You can change this later on. But it’s important to note that the data is stored in your WordPress database. And while it’s done in an efficient manner, you should never store more data than you think you’ll use. For most, 6 months should be fine, especially if you’re pretty proactive about fixing problems as they arise.
If you purchase the premium version of WP Security Audit log you can retain data even longer and even store it an external database.
The next step is to configure additional access if needed. By default, only administrators will be able to access the WordPress activity logs.
On the next screen, you can exclude objects (usernames, roles, IP addresses) from being logged. Perhaps you’re the single admin on a WordPress site and only want to see changes that authors and editors make. Or perhaps you simply want to monitor logins and account registrations. Regardless of the reason, you can easily exclude yourself from the data.
And that’s it! All changes on your WordPress site are now being logged for safe keeping. The data and settings for WP Security Audit Log can be seen in the “Audit Log” menu in your WordPress dashboard. To really dive deep into all the settings, we recommend checking out their getting started documentation.
The rest of this post will highlight some of the various types of activities you’ll want to be included in your log.
7 Types of Changes Your WordPress Activity Log Plugin Should Keep a Log Of
There’s a lot going on within even the simplest WordPress website. Some of these changes and events are more important than others (and are more likely to indicate potential problems or security breaches).
Throughout the rest of this post, we’re going to discuss the seven most crucial activities to track on your site. While not an exhaustive list, these are the items you’ll absolutely want to be included in WordPress activity log.
- Changes to Content
- New and Removed Users
- Failed Login Attempts
- Changes to Themes or Plugins
- WordPress Core and Settings Changes
- User Profile Tweaks
- Changes to Websites and Users on Multisite Setups
1. Changes to Content
Content is the heart of any successful website. At the very least, your site will be made up of one or more pages, which should be updated periodically with new or revised information if you want them to remain relevant.
In addition, many WordPress sites frequently put out new content in the form of posts. You may use your site to run a blog, post news articles about your business, or something else entirely. Once your site has been around for a while, the number of posts can skyrocket quickly.
The quality and accuracy of all that content is key for providing value to your visitors, enhancing your authority, and making sure your audience trusts what you have to say. This all means that keeping a close eye on your content is vital. You’ll want to ensure both new content and changes to existing content reflect well on your site and/or company.
That’s why you’ll want to track all content-related changes within WordPress. This includes:
- The creation of new pages, posts, or other content types.
- Alterations to an existing page or post’s title, date, URL, custom fields, or other key variables.
- Modified content within existing content – whether something has been added, edited, or removed.
- Status changes, such as a post that’s been published or returned to draft form.
SEO is another big reason to always keep an eye on changing content. For example, if a URL changes on a popular post with traffic and backlinks, and you don’t know about it, this could be disastrous. While WordPress has built-in redirects and will do its best to try and redirect to the updated content, this doesn’t always work. You should always add 301 redirects, at the server-level if possible for performance reasons. Kinsta’s redirect tool makes this super easy!
All of the above changes happen fairly regularly on an active WordPress site, and are usually not an issue. However, you should always be prepared for the unexpected to happen. A post might be published too soon, for example, or a section within a page may be removed. In these scenarios, if you’ve been tracking content changes on your site, you’ll know exactly who made the alteration and when (and be well-placed to find out why).
2. New and Removed Users
As we mentioned earlier, many WordPress sites end up adding a number of users to their ranks. This is generally a sign of a thriving site, as you have more people engaging with and working on it.
However, you’ll want to keep some level of control over your site’s user base. Even if you enable open registrations, you’ll need to know who holds each user account and why. At the very least, therefore, you’ll want to be aware of it when users are added to or removed from your site.
Tracking both of these activities matters. If a new user registers unexpectedly on your site, you’ll want to know about it right away. If you don’t enable open registrations, this can be a sign of a hacking attempt. The same goes for deleted users – again, this isn’t the type of thing you want happening unexpectedly.
3. Failed Login Attempts
Everyone has to log in before they can access your WordPress admin pages – even you. In fact, your login screen forms a crucial first line of defense when it comes to protecting your site dashboard or ‘customer-reserved’ pages. While there are a variety of ways to try and force access to your site, most attackers will focus their efforts on trying to get in through the login screen.
Generally, these attempts won’t succeed on a first try. Hackers write programs that will try thousands of login combinations, until they hit on one that works. Therefore, keeping track of failed login attempts can give you a warning when someone is trying to brute force your site this way.
Every site will occasionally have failed logins, of course. Most users forget their passwords from time to time, or misspell their credentials. What you’ll want to look for is repeated failed attempts coming from the same IP address. If someone from one location has tried and failed to log in more than a handful of times in a row, they may not have your best interests at heart.
Fortunately, if you are tracking failed logins through your activity log, you’ll know how many attempts were made, when, and where they came from. This can assist you in tracking down the source, and finding out whether it’s a hacking attempt or simply a persistent user. You can also temporarily block the IP address in question, just to be safe.
Of course, you’ll also want to take other measures to protect your WordPress login screen. Changing your WordPress login URL is an easy one. The more you can do to tighten up your site’s ‘front door’, the less you’ll need to worry about malicious users forcing their way in.
4. Changes to Themes or Plugins
At this point, let’s take a moment to talk about WordPress user roles. Every person permitted access to your site is given a particular role. While there are plugins that add extra options, the default roles in WordPress are Administrator, Editor, Author, Contributor, and Subscriber (and Super Admin on multisite installations).
Each role has its own set of permissions – in other words, actions the user is allowed to take. Administrators can do just about anything they like, for example, while subscribers can only manage their personal profiles. The other roles fall somewhere in between.
This matters because there are certain actions only top-level users should be able to perform. For example, on a regular (non-multi) site, only an administrator can install, remove, or update plugins and themes.
Since administrators can make such key changes to your site, it’s recommended that you have only one user with this level of access (you, most likely). The ability to install or remove add-ons from your site gives a user the ability to make huge changes to its functionality, or even break the site entirely if they aren’t careful.
This means if someone else is making changes to plugins and themes, something is probably wrong. Either a malicious user is performing these actions (for instance, they’re trying to install something of their own on your site), or an approved user has a permissions level that’s too high.
Either way, these are problems you’ll want to deal with immediately. If you ever spot a change to your site’s plugins or themes in your WordPress activity log that you didn’t make yourself, you’ll be able to track down the source right away. Plus, you’ll see exactly what changes were made, so you can reverse them if necessary.
5. WordPress Core and Settings Changes
In a way, these types of activities are very similar to those in the last section. There are various other things that only administrators can do, along with installing plugins and themes. In fact, just about any administrator-only privileges are worth tracking on your site.
Most crucial, however, are any changes to the core WordPress platform and to your site’s overall settings. It should be fairly clear why these two categories are so vital. Both can affect your site as a whole in a very dramatic way.
Alterations to WordPress core, for instance, can cause incompatibility with plugins, themes, and other parts of your site. As for settings, there are a lot that can create problems if not used carefully. Changing your site’s permalinks can play havoc with its Search Engine Optimization (SEO), for one thing. There are also settings that alter your site’s home page, enable or disable comments, and a lot more.
In other words, changes should only be made to WordPress core and your settings with great care. So you’ll absolutely want to know right away if these elements of your site are being altered by someone else. As in the previous section, this likely means either your site is under attack, or someone has more permissions than they need.
6. User Profile Tweaks
We’ve already discussed users in a broad sense – new and deleted users are something you’ll want to know about right away. However, staying abreast of changes to existing user profiles is just as vital.
Everyone with a user account on your site is able to make at least some basic changes to their own profiles. However, user roles determine what kinds of activities each person can perform. Most users won’t be able to edit someone else’s account, for example. What’s more, only administrators can change a user’s role.
It’s not uncommon to see fairly frequent changes to user details on a busy WordPress site. However, there are still some activities to watch out for, including:
- Password, email, and display name changes. While it’s normal for a user to alter this information from time to time (and smart in the case of passwords), an unusual amount of changes in a short period of time might indicate a problem.
- User role changes. This is the number-one activity to track when it comes to user profiles. As an administrator, no one’s user role should be altered on your site without your knowledge.
If you permit open registration on your site, you’ll particularly want to be aware of unusual activity levels on new accounts. This can be a sign that the owner of the account isn’t a legitimate user.
7. Changes to Websites and Users on Multisite Setups
Earlier, we briefly mentioned multisite installations. This is one of WordPress’ lesser-known but most useful features. Using the multisite functionality, you can run several individual but connected websites in an organized network.
When you’re running a multisite setup, each site is its own entity. At the same time, all of them can be managed through a central dashboard. One or more super admins oversee the entire network, making large-scale decisions about users, settings, plugins, and themes. Then, each website has its own administrator, who can only make changes to that particular site.
Multisite setups can be particularly challenging to keep organized and secure. After all, you now have multiple sites to worry about, each with its own set of users. This means tracking activities on every site (along with the network as a whole) is more important than ever.
Here are a few of the activities you’ll want to pay special attention to if you run a Multisite network:
- Added or deleted sites. This is the big one. As a super admin, you’re the only one who should be able to create or remove sites – no other user should be performing such a key action.
- Adding or deleting users from sites. For the same reasons discussed earlier, keeping track of the users registered to each site on the network is a smart idea.
- Changes to network settings. On a multisite setup, you’ll get access to a special screen with network-specific options. These settings have far-ranging effects, and shouldn’t be modified lightly.
Using an activity log for WordPress Multisite networks enables you to track activities from all possible directions. This lets you keep an eye on user behaviors on each individual site, as well as changes made to the network as a whole.
Don’t Forget About Your Hosting Account
Besides your WordPress sites, it’s also advisable to keep track of what’s happening on your WordPress hosting account. This is of course what is powering everything behind the scenes.
If you’re a Kinsta client you can easily see changes from the Activity Log screen in the MyKinsta dashboard. Everything from site creations, deletions, domain changes, redirects, etc. If you have multiple users on your account, it’s logged globally so you can see who did what action.
The smallest changes made to a WordPress website can have dramatic results. A simple settings tweak can alter the way your site works, and the installation of a plugin or theme that isn’t compatible with your other tools can break important functionality. That’s why, especially if you have a lot of users, you’ll want to keep track of everything that happens on your site.
One of the best ways to do this is to get a WordPress activity log plugin that compiles information about each change made to your site into one handy log. This log should track all of the most important (and potentially problematic) changes, such as:
- Changes to content.
- New and removed users.
- Failed login attempts.
- Changes to themes or plugins.
- WordPress core and settings changes.
- User profile tweaks.
- Changes to websites and users on multisite setups.
Do you have any questions about how to track user activity on your WordPress website? Ask away in the comments section below!