Saturday, 9 September 2017

How To Monitoring Security Wordpress With WP Security Audit Log

Security is always an important part to be aware of when you run a business, be it online or offline business. Ignoring security means you are waiting for the destruction of your business. If you are currently running an online business and using the WordPress platform then the security of WordPress site should be taken care of.

WordPress is the most popular website platform in the world and this means WordPress is a very secure platform. But since WordPress is a popular platform it will always be the ultimate target for many hacker hackers who are not responsible for hacking sites run on the WordPress platform, even today every day there are hundreds of thousands of hacking attempts done to attack the WordPress site. By knowing this then you must apply any means to improve the security of WordPress, one of them is to install the plugin WP Security Audit Log.

In this article I will review the complete plugin WP Security Audit Log and bagaiama this plugin works to improve the security of your WordPress site.

WP Security Audit Log is a plugin that serves to record all activities that occur on the WordPress site from behind the scenes. The plugin will record all changes that occur on the site so that you as a website owner can monitor what happens to your website easily and if something suspicious happens, you can take immediate action to prevent errors that could lead to the threatened security of your WordPress site . The WP Security Audit Log plugin also works on WordPress Multisite where you can monitor all changes made by users of your WordPress site and ensure users do what they should do when they log in to your website.

WP Security Audit Log is the only best user tracking and logging plugin for WordPress developed by WP White Security which is a leading company as a provider of security and consulting services WordPress. This plugin is already used by thousands of administrators, owners and professionals of WordPress security around the world. This plugin is also able to store audit trail from WordPress WooCommerce online store and record all changes made to the product.

WP Security Audit Log
WP Security Audit Log
WP Security Audit Log as the name suggests the plugin will record and store all logs that occur on the WordPress website and displayed on the WordPress dashboard. And the following security warning details will be displayed by the WP Security Audit Log plugin when a change occurs.

When There are new users who list through the registration feature or new users are added directly by other users
When User first logs into WordPress
When User changes role or role, password, or other profile settings from other users
When There are users on the WordPress multisite network are added or removed from a site
When Users upload or delete files, change their password or email address
When the User installs the plugin, enable, disable, or upgrade the plugin
When User creates a new post, page, category or special post type
When User modifies an existing posting, page, category or post type
When a User creates, modifies, or deletes a custom field of a post type, page, or special post type
When User adds, moves, modifies or deletes widgets
When User installs or activates a new WordPress theme
When Users make changes to WordPress settings such as permalinks or administrator notification emails
When WordPress is updated or upgraded
When the Table is created, modified or deleted from the database
When Failed to try login
When User logs out of the site
When User adds, edits, or removes products on WooCommerce
And many more.
If you have a multi-user WordPress blog or site, or a WordPress multisite network installation, you can use the WP Security Audit Log plugin to monitor the activity and productivity of your users. With WP Security Audit WordPress plugin you can monitor:

When WordPress users enter or exit
Displays information where WordPress users come in
When users create and delete new sites on multisite networks
Users who create, change or delete categories
Users who create blog posts, pages or custom post
Users who publish a blog post, page or custom post
Users who modify the contents of a published WordPress such as a custom post, page or blog post
Users who move content like blog posts or WordPress pages to trash or permanently delete them
Users who modify the WordPress widget
The use of uploading or deleting any files
And many more
There are still many log alerts that can be displayed by the security log security plugin completely. You can check the log list to be recorded by this plugin in full here ⇒ WordPress Security Audit Alerts.


To use the WP Security Audit Log plugin, the first thing you need to do is to install the plugin via your WordPress Dashboard by going to the Plugins menu ⇒ Add New and type "WP Security Audit Log" in the plugin search field. or can download directly through the official WordPress directory and install via FTP.
WP Security Audit Log
WP Security Audit Log plugin

After the plugin you activate it will show a new menu called "Audit Log" on your WordPress sidebar dashboard. And to see all the logged logs you can see on the "Audit Log Viewer" menu. In this section you can see all log information clearly like Code, type, date and time, username, source and message IP. And to facilitate the search log, in this section can also be filtered and sorted by all the criteria displayed including code, date, username and IP source.
WP Security Audit Log Overview
WP Security Audit Log Overview


In this section you will see a lot of tab menus that you can choose to enable or disable the warning to record on Audit Log, all these settings are split into several menu sections like (Content & Comment, Thrid Party Support, Users Profiles & Activity, WordPress & Multisite Management, Blog Posts, Comments, Custom Post Types and Pages).


In the section "Settings" there is a section of the settings are divided into 3 tabs namely (General, Audit Log and Exclude Objects).
WP Security Audit Log Settings
WP Security Audit Log Settings


Under General you can enter your email address which can then be used as a place to send warning notifications from the log list. To use this feature you are required to upgrade to the premium version by purchasing one of Add ons ie Email notifications.
WP Security Audit Log General Settings
WP Security Audit Log General Settings

Next is the option to add the latest 5 alerts to your WordPress Dashboard and some Proxy / Firewall options that will customize how the plugin runs by retrieving the user's IP address while running behind the web app's firewall.

In this section you can also add users to be able to manage this audit log plugin, in the end plugin by default only allows WordPress administrators who can view report logs or manage plugins but this can be changed and access can be granted to certain roles and users simply by adding information in Can View Alerts for Managing Plugins settings.

On the settings tab, you can also control how the Audit Log view is set including automatic or manual refresh, displaying specific columns and time format.

If you want to hide the plugin from the plugin page you can do it with a simple checkbox. If you are not interested in the default WordPress background activity, you can also hide that activity from your logs.
Audit Log

In this section you can set the scheduling for deletion of log alerts, you can set by month or limit the number of logs at a certain value. Add users and roles to view the log reports.

There are also settings to refresh the audit logs automatically or manually and you can set the time and choose what you want to display in the log reports such as (Alert code, type, date, username, source IP and warning messages)

The Exclude object tab lets you be a bit more selective in terms of who or what you want to monitor. You can exclude certain users and user roles from monitoring and any activity from specific IP addresses and custom field changes. If, as a site owner, you often work from the same IP address, you can reduce the use of the database by excluding your personal activity.
WP Security Audit Log Exclude Object
WP Security Audit Log Exclude Object


WP Security Audit Log is a free plugin, but you can upgrade this plugin to become a premium version by adding some premium Add-ons to enhance the features and functionality. Additionally, by adding these Add-ons you will get an update and full support for 1 year directly from the WP White Security team.
WP Security Audit Log Add ons
WP Security Audit Log Add ons

And here are 5 lists of paid add-ons offered by the WP Security Audit Log. You can buy one by one Add-ons to suit your needs or can buy directly bundled packages that contain all add-ons at a more affordable price.

The Users Sessions Management Add-on adds a feature that lets you see who's logged in to your WordPress and WordPress multi-user sites, and also gives you the ability to stop suspicious sessions and allow or disallow multiple sessions for the same user. You can also be automatically notified by email when multiple sessions of the same user are allowed or blocked. This feature will provide detailed information such as:

  • Username
  • The role of WordPress users
  • The date and time at which the session was created and when it will expire
  • Source IP from where the user is connected
  • Site (in case of multi-user WordPress)
  • Session ID

Email Notifications is an Add-ons that will provide up to date information directly to your email. This way you do not have to login to your WordPress admin every time you want to check every log report. By utilizing this feature you will quickly know the danger warning that is sent directly to your email address and immediately quickly take action in case of any danger that threatens the security of your WordPress site.


Search Add-on is a feature that will save you time in searching or supervising certain activities or users. And if you record a number of warnings then it will waste your time and can be very difficult for you. With this search feature you can easily find certain information by typing a keyword or by filtering data by date, warning number, IP address, or username. This greatly reduces the amount of time it takes to find the important information you are looking for.


Reports is an Add-on that lets you create WordPress log reports that you can later save in customized CSV or HTML formats based on various criteria such as:

Based on certain Sites or all sites in the network
Based on the user or for all users
Based on the user role or for all roles
Based on a special warning or with a warning code

The External DB Add-on allows you to keep all audit log information in an external database so that your site will remain secure and have stable performance. If you do not use this external database feature it can cause problems if the number of reports is stored in large numbers which of course will affect the performance and security of your WordPress site because by default WP Security Audit Log saves the audit log information in the WordPress database. Moreover, if the plugin is used in WordPress multisite it will happen swelling database quickly.

The above add-ons can be purchased separately for each unit's add-on license price ranging from $ 39 to $ 399. But you can get a more affordable price for all add-ons for a price:
Single Site - $ 89.00
Up to 5 Sites - $ 189.00
Up to 10 Sites - $ 279.00
Up to 20 Sites - $ 369.00
Up to 50 Sites - $ 489.00

And that's a full overview of the WP Security Audit Log plugin that you can use to enhance and monitor the security of your WordPress and WordPress Multisite sites. Hopefully this article useful for you and good luck

see video related to this post, sourced from