WP Security Audit Log is a WordPress security plugin by WP White Security that was designed to detect security issues before they arise. This allows you to stop malicious activity before it becomes a problem.
The plugin is free to download, however a host of affordable extensions are available that add additional functionality.
WP Security Audit Log works with the single and multi-site version of WordPress and can be used to track changes in your WooCommerce powered store.
Let’s take a closer look at what this security plugin can do.
What Does WP Security Audit Log Do?
The key concept of WP Security Audit Log is that the plugin tracks and monitors everything that changes on your website.
Security alerts can be set up for changes such as when a new user is created, when a user changes a password or role, when a user uploads files, when they modify a post or page, when they install or deactivate a plugin, and much more.
Important website changes are tracked too. For example, the plugin will monitor changes to widgets, website settings, and WordPress themes. Failed login attempts are tracked too.
This kind of tracking and monitoring is useful for many reasons.
For example, if you find that someone has gain unauthorised entry to your website, you could would have a record of every single thing they did. They will help you resolve the problem and ensure that nothing malicious remains.
The plugin will prove to be very useful for multi-user WordPress websites too as you can monitor exactly what users are doing and what they are not doing. This can help you manage productivity and ensure that users are not doing anything malicious.
Protecting Your Website with WP Security Audit Log
Getting started with WP Security Audit Log is simple. You can download the plugin via your WordPress admin area or directly from WordPress.org.
When you have activated the plugin on your website you will see a new Audit Log menu in your WordPress admin area. The premium extensions that are available are marked as red in the menu, though will be unlocked and displayed in white should you purchase them.
The Audit Log Viewer tracks every single action on your website. For each action you will see a code, the action type (e.g. critical, warning, notification etc), the type of user, the source IP address, and a description of what happened.
If a user of your website is listed, it shows their avatar, a link to their profile, and the user groups they are assigned to.
Hovering over a code will explain the the code and give you an option to disable logging those actions.
One of the critical messages I was getting constantly was “Website Visitor Has requested a non existing page (404 Error Pages)”. This was noted as code 6023.
To find out more information, I went into the alerts area and enabled the log for this error code. Once I did that, there was an option to download the log for this error.
The log showed that hackers have been bombarding my website by trying to visit www.kevinmuldoon.com/-/-/-/-/-/-/-/-/-/-/. I was expecting the log to show hackers attempting to access my WordPress admin area so was surprised to see this bizarre URL.
I spoke to Robert Abela from WP White Security and he explained what this was.
“Regarding the 404s; yes that is an old-school trick for directory traversal. So someone is trying some sort of attacks on your website, which is normal. Actually since my plugin is mostly focused on security this is exactly the reason why I developed this feature, so you can see:
1) who is trying to hack / scan your website
2) see what type of attacks they are trying to launch so you can learn about them and better protect your website.”
There are good explanations about what a Directory Traversal Attack is on Wikipedia and Acunetix.
Acunteix describes it as:
“Directory traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server’s root directory.”
Whilst I was concerned that hackers were so actively trying to infiltrate this website, I was impressed about the fact WP Security Audit Log had discovered this problem when no other security WordPress plugins had.
Configuring WP Security Audit Log
There are hundreds of different alerts in WP Security Audit Log and each alert can be disabled or enabled.
You will find a huge array of alerts for blog posts, pages, custom post types, comments, user profiles, users logging in, and session activity. Alerts for third-party plugins such as bbPress and WooCommerce are available too.
You will also find a huge number of alerts for your website database, WordPress multisite, plugins, themes, system activity, menus, widgets, and website settings. These are important alerts as they highlight activity that could have a major effect on your website’s security.
The plugin settings area is divided into three different sections: General, Audit Log, and Exclude objects.
In the general settings area you can define the email address to get alerts, specify who can manage the plugin settings, and restrict access to the plugin to specified users.
There are some developer options too, however what I was really pleased to see was an option to remove all data when the plugin is deactivated. This is something I have been actively encouraging developers to include.
In the audit log settings area you can set when alerts are deleted. By default, 5,000 alerts are kept, though you can change this value. You can also delete alerts longer than a defined time period or retain all alerts in your database.
This section also lets you select which columns are displayed in the audit log viewer. This is useful for removing information that is not important to you.
In the exclude objects area you can stop WP Security Audit Log from monitoring the actions of excluded users and user roles. You can also exclude custom fields, IP addresses, and custom post types, from being monitored.
Another page you will find in the plugin menu for the plugin is the help area. This links to the support forum on WordPress.org that they actively support and free email support. The developers are to be commended for providing so many support options to users of the free version of their plugin.
You will also find links to their extensive plugin documentation area and their security blog.
Thus far I have showcased everything that is offered in the free version of the plugin. The developers also offer five premium extensions that add more functionality.
Apart from their reports extension, which retails at $39 for a single license, their extensions cost $59 each. The smart move is to opt for their all extensions bundle at $89 as it will save you around 70% against buying the extensions separately.
Further pricing is available on their website for support and updates up to 5, 10, 20, and 50 websites.
The five premium extensions are Users Sessions Management, Email Notifications, Search, Reports, and External DB.
Users Sessions Management allows you to actively monitor who is logged onto your website. It can be used to terminate the sessions of users and block users.
Email alerts can be sent to you whenever a user session is blocked or whether there are multiple sessions from the same user.
The Email Notifications extensions takes alerts to a whole new level. It allows you to customise the plugin so that you are alerted whenever a specific action has been made.
This gives you even greater control over who and what is being tracked and monitored. For example, you could set it up so that you are notified whenever a particular user signs in or when a theme file is modified.
Search adds searching and functionality to your audit trail. This will help you more easily search through thousands of alerts and find the exact information you want.
For example, you could specify actions for a specific user between two dates. This will show you every single action they did on your website during that time.
HTML and CSV reports can be generated if you opt for the Reports extension.
You can generate reports between two dates on websites, users, roles, IP addresses, alert codes, and more. You can also display number of logins, views, and published content.
The External DB extension allows you to save your audit trail to an external database. Data can also be mirrored to the Syslog and Papertrail services.
There is an option to archive data to an external database too. This allows you to keep the main database (i.e. your main website) to remain small.
As you can see, these premium extensions add a lot of useful functionality to WP Security Audit Log.
I have been really impressed with what WP Security Audit Log can do. For multi-user WordPress websites and Multisite installations, the plugin gives you all the necessary tools to monitor users and manage productivity.
My WordPress website is solely managed by myself and I only have guest posters occasionally submitting content, however I have found the information it provides invaluable. WordPress websites, particularly those who have traffic, are always being attacked by hackers. By using WP Security Audit Log you can monitor what is happening on your website and address any security holes you find.
I encourage you all to download it from WordPress.org and give it a try.