Logs have been an essential part of many administrators’ toolbox since the very first IT systems. They can provide those who manage a system with a timestamped account of what happened, when, where and how.
Logs are useful to troubleshoot anything from bugs and system failures to account access and security breaches. Their versatility and ease of use ensure they remain a core tool in troubleshooting websites to web hosts and everything in between.
Website administrators can also benefit from activity logs in WordPress.
While WordPress doesn’t log activity straight out of the box, there are plugins that add this functionality at the click of a button.
However, before we look at what activity log plugins for WordPress offer, it’s worth looking at what kind of logs we can collect on a website. This will allow us to understand the value we can derive from them.
Essentially, there are two classes of activity logs that we can collect – user activity logs and system activity logs.
While the names are pretty self-explanatory, understanding how they work can give us a better appreciation of activity log plugins and what they can help us achieve.
User activity logs track activity that users generate. It’s worth noting that, generally speaking, a website visitor is not a user. In this context, a user is someone who can access WordPress through a login, be it a username and a password, two-factor authentication, or anything else.
System activity refers to the activity generated by the system. In a WordPress setting, this can be either WordPress itself or any of the plugins installed and running on the system.
For example, system activity logs are generated when the WordPress core is automatically updated, or when a plugin creates a new post or page.
Hello! My name is Sujay and I’m CEO of Astra.
We’re on a mission to help small businesses grow online with affordable software products and the education you need to succeed.
Here are some of the things you can look forward to when installing an activity log plugin.
The more complex a system is, the more difficult troubleshooting can be when things go wrong. Which is where logs come in.
If you know roughly when something happened, logs can tell you the what, where, who, and even why.
Checking logs for around the time of the issue can tell you a lot about what happened, or at least give you enough information to start your investigation and solve the issue.
This is where logs can truly shine as they capture streams from different data points, giving us a bird’s eye view of everything that is going on, making the troubleshooting process that much more efficient.
Activity logs play a vital role in website administration, which is the task that keeps a website up and running.
They can help you understand who is doing what, when and from where, allowing you to keep track of the work being done on the website itself.
For example, development work (such as code and file changes), content changes, or metadata changes (such as stock quantity changes in an eCommerce store) can all generate logs.
Activity logs can also help you be proactive with website administration. While logs don’t predict the future, you can find a lot of information that can give you an insight into what issues you might face down the line.
For example, if logs indicate some users are doing a specific change that they are not allowed to do, you can tighten the permissions by modifying the privileges of their user role.
WordPress websites with multiple users might face a different set of challenges than smaller websites with just one user account. The primary of which is holding users accountable.
Accountability is even more critical in settings where users have rights to resources that are essential to the website’s success. With activity logs tracking users’ activity, it becomes much easier to hold everyone accountable.
Security is not always given the attention it deserves, yet securing WordPress is critical to a website’s success.
Whether intentional or not, security breaches can have multiple adverse effects and can even force the website to shut down for good.
With activity logs monitoring logins and resource access, you will be in a better position to understand if there have been any breaches and, if so, what happened.
For example, if your team of editors always log in from a specific IP address, or a number of IP addresses, and during a specific time, you can spot suspicious activity if you see an unusual IP address, or a login at an odd time.
Like other WordPress plugins, activity log plugins come in all shapes and sizes with varying feature sets. This can make it challenging to choose the one that works best for your setup.
To this end, we have listed some of the top features you’ll find in activity log plugins such as WP Activity Log.
Different plugins log different kinds of activity. Some can be very niche and specialized, while others offer a broader scope and can log activities across different areas.
If choosing the latter, you’ll want to make sure that you can switch on or off different events, helping you ensure that resources are being put to good use, the plugin only keeps a log of what is relevant to you and your business, and you manage the amount of data being stored.
Data retention can be a make-or-break deal, especially if your website has to comply with certain regulations. Ensure that a long enough data retention timeframe is possible not to fall foul of any applicable law.
For example, if a WordPress website is being used to handle patient data, or to share patient data with the patients and their families, that website has to be HIPAA compliant. HIPAA requires system owners to keep logging data for up to 7 years.
ISO 27001, an international standard for information security, which is more popular in Europe, requires businesses to keep up to 3 years of logging data.
If your WordPress website is heavily dependent on plugins such as WooCommerce, you might want to consider a plugin that can log activity generated through such plugins. This will provide you with a broader view that also covers key components of your website.
Logs are, by their very nature, chronological. As such, you’ll find all events in the order of the time they happened, irrespective of which component they originated from.
This can make it harder to find particular events if, for example, you know which component has an issue but not the date or time.
Search and filtering fixes this by allowing you to look for specific events or filter by criteria – so that you can find answers faster.
With user session management logs, you can view and manage active sessions, limit simultaneous user sessions, and even use logs to identify and terminate inactive sessions.
This feature is good to have from a security standpoint as it gives you control over how users interact with your site and eliminates potential security issues.
Activity log mirroring is a feature that allows you to mirror, or copy, activity logs externally. For example, to a log management system or to cloud storage for auditing.
If you’re already using such a system, this feature may be indispensable with numerous benefits associated with collating all of your logs under one system.
The ability to save logs to an external database can also help you make sure you keep your WordPress database as lean as possible, especially if you have a larger website that generates lots of logs.
If you’re managing a WordPress multisite network, an activity log plugin with multisite support can save you a lot of hassle and time by bringing together your multisite logs.
Best Plugins to Track Activity in WordPress
As we mentioned earlier, plugins come in all shapes and sizes.
To help you get started, we will look at some of the best activity log plugins available today that you can download directly from the WordPress plugin repository.
WP Activity Log is a comprehensive WordPress activity log plugin with more than 1,000,000 downloads. It features email and SMS alerts, search and filtering capabilities and can integrate with log management systems and even save the logs in an external database, among other things.
WP Activity log also offers third-party plugin integration, including activity log for WooCommerce and others.
Activity Log lets you monitor and track WordPress website activity. It features log export functionality and tools to help you remain GDPR-compliant. It can track a wide range of activities and comes with support for a variety of languages.
Simple History keeps a log of the most important events that happen on a WordPress website. It has built-in support for a number of third-party plugins and an API through which you can add your own events – provided that you’re a plugin developer.
Stream is designed to help administrators debug issues and achieve compliance. It features built-in tracking integrations as well as email alerts among other benefits.
It can record a number of core actions, which are kept in the Stream logs. Other notable features include the ability to export the stream to a CSV or JSON file and WP-CLI for record querying.
Activity log plugins are a must-have plugin whether you have one user account or a thousand on your WordPress website. With the ability to track both system and user activities, small and large, WordPress websites can gain a lot from logging.
When choosing a plugin, you need to make sure it offers all of the features you need today and for potential future needs, depending on your projected growth.
This can help you make sure that any investment you make now will continue to give you a return well into the future as your website grows.
This is a guest article contributed by Robert Abela.
Robert Abela is the founder of WP White Security, developers of high-quality WordPress security & management plugins. Robert has over 20 years experience in the software industry and his work has been featured on leading security websites. Learn more about his work and latest articles on Twitter: @robertabela