When you run your own website, you should know exactly what’s going on. If anything happens, it will be you that did it and you’ll know the what, when and why.
But what happens when your website grows? When you begin collaborating with writers and editors? What about if you begin accepting user submissions?
Who keeps track of everything that’s going on then?
That’s where WordPress activity log plugins come in. They provide a chronological audit trail of what changes have been made, when and by whom.
When you’re not around to oversee everything that happens on your website, these plugins can help.
That’s what today’s post is all about.
We have taken the current top performing WordPress activity log plugins and compared them like for like.
What Are Activity Logs?
Activity logs are also known as audit logs, security logs or activity logs. They are a record of every change that happens on a website.
As WordPress is a database-driven content management system, every change is logged in that database in order for it to keep track of what’s going on. That means there is a record of everything that happened on your website at any given time.
A log will include a unique event ID, date and time, user and role and details of what changed. Depending on the log type, there may also be the user’s IP address, event type designation (blog post updated, imaged changed etc.), and details of the object that was changed on a page, post, social comment or something else.
The main challenge is accessing those logs. The default WordPress log tool isn’t exactly easy to use. Which is where WordPress activity log plugins come into their own.
WordPress activity log plugins are useful if you run a membership website, are under constant attack from hackers or if your website keeps erroring and you don’t know why.
If you’re the only person with access to your website, you don’t necessarily need a WP security audit log plugin.
If you allow others to access your website, you do. It doesn’t matter if they are friends, family, staff, freelancers or people you trust. You need to know what’s going on with your website.
That’s even more true if you allow user submissions, account profiles and other changes by the general public!
If you’re experiencing WordPress, theme or plugin errors, log files are invaluable. They are used across the IT industry to help guide us in identifying and fixing faults.
WordPress and its many themes and plugins are very reliable but mistakes can happen. Bugs can be introduced, different plugins can bring compatibility issues and any changes we make to these products can cause all kinds of issues.
If you find yourself frequently trying to identify and fix errors or bugs, log files can be invaluable. You could literally save hours, if not days from troubleshooting and rolling back if you have log files.
WordPress has a log tracker built in called Debug Mode. It isn’t enabled by default and it isn’t exactly user friendly.
It offers a wide range of logs specifically for monitoring WordPress core and can provide amazing insight into how your install is working.
It won’t track users, content, media, plugins, WooCommerce or other website activity though.
That’s why we don’t recommend using it and why we recommend these specific plugins instead.
Here are some specific reasons why you should use a WordPress activity log plugin.
WordPress activity logs can show failed login attempts, system changes, system setting changes, any changes with plugins and user account changes. All can contribute to the overall security of your website.
Failed login attempts is particularly useful if your existing security solution doesn’t track them. You can identify regular login attempts and blacklist the IP address or take other measures.
Changes to system settings, plugins or back-end changes can also be tracked and addressed quickly.
Users who know the website logs changes know they will be held accountable and should behave accordingly. Prevention is always better than cure!
Most WordPress activity logs show the user, the time, the changes that were made and a unique identifier. All help create an audit trail identifying who made what change and when.
This is evidence to use however you need to use it.
Many website issues are the result of a change of some kind. If a website worked fine one minute and didn’t the next, logs are where you go to find out what changed, when and why.
They are an essential part of all kinds of troubleshooting and can save hours of detective work trying to figure out what went wrong.
Changes to content can be useful to see whether your content schedule is being maintained, whether contributors are delivering on time or meeting their KPIs.
You can also check to see when content was last updated in order to perform a refresh.
If you manage websites on behalf of clients or for a company, WordPress activity logs can prove you’re doing your job, that you performed the tasks you said you would and that you are meeting your obligations.
It’s hard to argue with data and if these logs for part of reporting, you have evidence to back up any claims you make.
If you work within a regulated industry or deal with information pertaining to regulated industries, log files can be an audit trail to help maintain compliance.
It’s a niche use for WordPress activity logs but it can be an important one if you’re working within a regulated environment.
Fast Detection of Malware
Security log tools help you track and find out if any malware enters your website or application. It helps take quick precautionary measures so sort things out.
These security logs also help you track the vulnerabilities in your website that let the malware in by identifying what systems were triggered and when.
We recommend using logging alongside malware removal security plugins to help identify and remove malware.
Tighten Login Page Security
When you maintain a track of logins on your website, every user is accountable. This log helps track the source in case something goes wrong such as data breaches, data loss or system failure through user action.
We now have a good idea of what WordPress activity logs are and why we should all use them. Now let’s look at the plugins.
|Plugin||Starting Price||Free Version Available|
|WP Activity Log||$89||Yes|
|User Activity Log||$99||Yes|
|Error Log Monitor||Free||Yes|
|User Activity Tracking and Log||$49||No|
|Website File Changes Monitor||Free||Yes|
Sucuri is a WordPress security plugin that has logging as one of its core features. It’s a premium plugin that helps remove malware, repair SEO and blacklist status, protects from hack attempts, DDoS (Distributed Denial of Service) attacks, zero day exploits and brute force attacks.
Sucuri is a highly regarded security plugin that monitors your website for changes, hack attempts, login attempts, user sessions, content changes and just about anything else you could need.
Logging is only a small part of what Sucuri is capable of!
Pros of Sucuri:
- Full WordPress security suite
- Protects from external and internal attacks
- Firewall and DDoS protection
- Full site logging
- Malware removal
Cons of Sucuri:
Sucuri costs from $199.99 per year.
Sucuri is very good at what it does and is capable of much more than just tracking activity. The number of features and pricing makes it more suitable for those looking for a complete security solution rather than just log tracking.
WP Activity Log used to be called WP Security Audit Log and is a dedicated logging plugin. It helps track users, logs changes, can track changes to other plugins like WooCommerce and provides an audit trail of everything that happens on your website.
The premium version of WP Activity Log can also send SMS or email alerts of events, log out inactive users, integrate with Slack, provide logs externally to avoid tampering and lots of other useful features.
This is a highly regarded WordPress activity log plugin with over a million users so is well worth trying.
Pros of WP Activity Log:
- Tracks users, sessions, changes, plugins and everything that goes on
- Can track changes to other plugins
- Can send SMS or email alerts for specified events
- Integrates with third party tools
- Can export logs elsewhere for increased security
Cons of WP Activity Log:
- Notifications and Slack integration are premium only
WP Activity Log has a free and three premium tiers costing between $89 and $149 per year.
WP Activity Log is a great WordPress activity log plugin that makes it simple to track users across your site. The ability to have logs stored externally has extra security and compliance benefits too. That makes it ideal for its purpose.
Simple History is a free WordPress activity log plugin available from the WordPress repository. It’s a powerful logging tool that tracks content changes, comments, widgets, users, user profiles, failed logins, menu edits and a selection of other elements.
Simple History can also track what happens with other plugins like Jetpack, Advanced Custom Fields, Enable Media Replace, Beaver Builder and other plugins.
Considering it’s free, this is a very feature-rich plugin. It doesn’t quite have the depth of monitoring of WP Activity Log but it is very good at what it does!
Pros of Simple History:
- Tracks changes to content and your website
- Audits user sessions and activity
- Monitors failed logins
- Monitors changes to other compatible plugins
- Enables you to exclude users from logging
Cons of Simple History:
- Not as feature-rich as some other WordPress activity logs
Simple History is free to use.
Simple History is the ideal starter plugin to get you used to how log files are generated and used. It’s free, easy to use and tracks most of what you’ll need to know. Ideal for hobby sites or non-commercial websites.
4. Activity Log
Activity Log is another free audit plugin for WordPress available from the repository. It’s capable of logging website updates, WordPress updates, content changes, category changes, comments, media, users, theme changes, WooCommerce and a whole lot more.
Activity Log can also send email notifications for user defined alerts, export logs to a CSV (Excel) file for analysis and even export records using the Export Personal Data tool for GDPR compliance.
Pros of Activity Log:
- Logs most website changes
- Monitors users and WordPress core
- Can monitor and log WooCommerce activity
- Customizable email notifications
- Log file export tools
Cons of Activity Log:
- Very little to complain about
Activity Log is free to use.
If you’re after a competent WP security audit log plugin with all the basic features you need, Activity Log is it!
Stream is another very competent WordPress activity log plugin. It’s able to log user interactions, system changes, content updates, media, users, theme changes, menus, media, WordPress updates and all kinds of changes within your website.
Stream can also monitor third party plugins like WooCommerce, Jetpack, Yoast SEO, BuddyPress, Easy Digital Downloads, Gravity Forms and others. It can maintain logs onsite, integrate with Slack or IFTTT and send email alerts.
It’s another fully-featured plugin that delivers a lot for free.
Pros of Stream:
- Logs the majority of activity you would ever need
- Integrates with third-party plugins such as WooCommerce
- Integrates with Slack and IFTTT
- Can be configured to send email alerts
- Works with WordPress Multisite
Cons of Stream:
- Not much to criticize as it’s free
Stream is free to use.
Stream is another very good plugin that offers a lot of logging features for free. The ability to track some popular third party plugins is an added bonus, as is Slack integration.
User Activity Log is a user friendly WordPress activity log plugin with a free and premium version. It can track users, passwords, system changes, content changes, media, taxonomies, themes, plugins and just about everything that goes on within a website.
The premium version allows you to configure exactly what is tracked, configure hooks to track only what you want, allows log sorting, export and log deletion. This version can also track WooCommerce, Easy Digital Downloads, Advance Custom Field, bbPress, Yoast SEO and many other plugins too.
There is also a very useful demo of User Activity Log in action as an added bonus.
Pros of User Activity Log:
- Free and a premium version
- Logs a wide range of users and activity types
- Can monitor lots of third-party WordPress plugins
- Log file export and email notifications
- Advanced log configuration in the premium version
Cons of User Activity Log:
- Premium version isn’t cheap
User Activity Log has a free version and premium version that costs $99.
User Activity Log is an excellent plugin that offers a lot, including third party plugin integration. It tracks all the main log types you would want along with tools to manage them. It’s an excellent option if you don’t mind the price.
Error Log Monitor is a no frills, no nonsense WordPress activity log plugin that does exactly what it says on the tin. It’s a free plugin that tracks PHP error logs rather than users and activity.
If you suffer from PHP issues or make regular changes to your website back end, this plugin can help you troubleshoot any PHP error that occurs. It’s easy to install and configure and can send notifications of specific errors should you need them.
This is a niche plugin but could be invaluable for any website with frequent changes to PHP or that suffers regular errors or performance issues with it.
Pros of Error Log Monitor:
- Monitors for PHP errors
- Email notification feature
- Log files can be set to admin only
- Logs list where, when and what for easy troubleshooting
- Can work with large log files
Cons of Error Log Monitor:
- Very narrow focus
Error Log Monitor is free to use.
If you suffer repeated PHP issues, being able to log events is useful for troubleshooting. In that, it works perfectly. It doesn’t track anything else though so is limited in scope.
User Activity Tracking and Log is a premium WordPress activity log plugin that provides a user friendly way to track users and website activity. It can audit users, user activity, content changes and most things you would want to track on your site.
You can also track IP addresses, use search and filters, find by location, filter by role, export logs to CSV files and use the Rest API to view logs in JSON format.
The plugin can also store log files for up to 4 years if required and is GDPR and CCPA compliant.
Pros of User Activity Tracking and Log:
- Full website tracking plugin
- Simple to use
- Search and filter function
- Rest API compatible
- GDPR and CCPA compliant
Cons of User Activity Tracking and Log:
- Little to criticize here
User Activity Tracking and Log costs $49 up to $199.
User Activity Tracking and Log is a great little WP security audit log plugin with an added bonus for developers in the Rest API compatibility. Aside from that, this premium plugin has most of the features most websites would need.
Website File Changes Monitor is our last WordPress activity log plugin but it certainly isn’t least. It’s a fully featured log tool that can log code changes, user file activity, WordPress core changes and scan and track changes to any code on your website.
The plugin can alert you via email, log hack attempts and any malicious code changes and check the integrity of WordPress.
This is more a security plugin to help protect against hacks and malware than a user audit tool but what it does, it does very well.
Pros of Website File Changes Monitor:
- Monitors your entire website for code changes
- Monitors WordPress core and scans for changes
- Identify and alert to malware and attacks
- Send email alerts where necessary
- Track all code changes
Cons of Website File Changes Monitor:
- More security tool than log tool
Website File Changes Monitor is free to use.
Website File Changes Monitor is free, is capable of logging hack attempts and code changes and can notify you of defined alerts. It’s log handling features aren’t as extensive as some here but it should work for most smaller websites.
Setting up a WordPress activity log plugin is as straightforward as installing any other plugin.
As Stream is a plugin we recommend, let’s set that up.
- Log into your WordPress website
- Select Plugins from the left menu of the WordPress dashboard
- Select Add New and type ‘stream’ in the search box
- Select to Install and then Activate the Stream WordPress activity log plugin
- Select the new Stream menu item in the WordPress dashboard
- Select Settings from the submenu and work your way through them
The default settings should be enough for most websites but you can change anything you see. We wouldn’t recommend keeping log files indefinitely as you will quickly find yourself running out of disk space!
We would recommend tracking comment flooding and WP cron. Access those from the Advanced tab at the top of the page.
Comment flooding is when a bot or hack sends multiple comments at once to your website. It can be useful to track these so you can bulk delete and don’t have to rely on the WordPress comment tool to track everything.
If you use another type of comment plugin or third-party comment plugin, you don’t need to change this setting.
WP cron tracking is useful if you run cron jobs at the website back end. Cron jobs are automated scheduled tasks that perform basic maintenance. If you don’t use cron jobs, you obviously don’t need to use this setting.
Once configured, select the Stream submenu item under the main Stream menu to see a list of all log files it collects. No plugin can collect log files retrospectively so you will only see those generated from when the plugin was activated.
Now you have a good idea of the WordPress activity log plugins available and their strengths and weaknesses, let’s take a closer look at what can be tracked and why.
Tracking content is a core feature of any WordPress activity log plugin. It isn’t necessary when you’re running your site alone but as soon as you begin collaborating with others, it’s essential.
Even if your writers and editors are completely trustworthy, knowing what was published, when and by whom has benefits to content scheduling, marketing and general website administration.
There is also an SEO benefit of audit logs. If you suddenly get an SEO boost or hit, you can theoretically track it back to a particular change. An SEO hit could be down to a redirect, incorrect link or some other error that can be quickly identified and remedied.
An SEO benefit can be identified using logs as well as your main SEO tools to help quantify what happened and when it began.
Pages are crucial to your website so tracking any changes to those is just as important as tracking posts, if not more so.
Pages for most websites are the primary engagement medium so need to be maintained and monitored. Any accidental changes and purposeful updates can be watched to provide the same benefits as for posts above.
Users can be added on purpose on membership websites and through hacks. You want to keep an eye on both. If you’re running a subscription website, your main software will track new subscriptions but logging them separately enables you to confirm the accuracy of that data.
New unauthorized users can also be tracked and quickly removed. If you don’t run a subscription or membership website and suddenly get a new user, you will know immediately if your website has a vulnerability and do something about it.
The same goes for users who are deleted or removed from your website. This can be a natural process of churn for subscription or membership websites or a sign of something else.
If you don’t usually have other users, seeing them added and then removed can be a sign someone has hacked you, made a change and then tried to clear their tracks.
Failed login attempts are an essential security function for every website. Some security plugins offer this feature while others don’t. Either way, having an extra WordPress activity log plugin tracking these attempts is useful.
With hack bots available everywhere online, it is ridiculously easy to target particular websites with dictionary attacks or brute force attacks. Being able to identify failed login attempts can provide the data you need to add IP addresses to your blocklist or implement another layer of security.
Many security plugins out there automatically identify and blacklist failed logins but it is a valuable extra tool for WordPress activity log plugins too.
Don’t forget that some failed logins are real users who just cannot remember their password. Be careful when dealing with these so as not to lose a valuable user!
Tracking changes to themes and plugins is also useful. First, to track any unauthorized changes that could impact the safety of your website and second, to track any accidental changes.
If you modify your theme or a plugin and things go wrong, you can identify what, when and where. If a theme or plugin begins misbehaving without warning, you can check for automatic updates or code changes that may have caused the issue.
Log files are essential tools for quickly identifying root causes. They can reduce the time to fix by hours!
Any changes to WordPress code or system settings can have far-reaching consequences for your website. Limiting access to these settings is a good start but tracking any and all changes is also key.
You can log any administrator changes as they happen to identify who does what. In case of an accidental error, you can quickly identify what was changed and roll it back.
In the event of a hack, you can identify what code was changed, when and by whom. You can then take remedial action on the change and block the IP address of the user.
If a particular user keeps making mistakes, you can use WordPress user roles to restrict access to certain areas. That means revoking Admin or Super Admin access to minimize disruption.
The same goes for any system settings and updates. That could be theme or plugin updates, WordPress core updates or anything else you might use on your website.
WordPress activity log plugins protect from user error and nefarious action in equal measure.
If a user accidentally changed a time zone for example, your two-factor authentication plugin might stop working or your backups might run during peak times.
If your website was hacked and your .htaccess file was changed, your website could then be vulnerable to all kinds of exploits.
Tracking all these changes means you can quickly see everything that has happened and take any action necessary. You can also set up email notifications on some plugins to alert you immediately of changes you configure it to alert you to.
If you run a membership website or Learning Management System (LMS), you’ll be used to users changing profiles all the time. A WordPress activity log plugin can help you identify any changes you can ignore and any you need to take notice of.
Frequent password and email address changes are one warning sign. We all forget our logins occasionally but doing it often could be a sign of something more sinister.
Changes to user roles can also be a sign of something to watch. It could be an administrator who is offering preferential treatment or a hacker giving themselves Admin privileges. Or something else entirely.
The point is, that without a WordPress activity log plugin, you wouldn’t know this stuff was happening or be able to do anything about it.
If you don’t have a dedicated comments plugin, a WordPress activity log plugin can help track all comments that appear on your site. While WordPress has its own tool for comments, having an extra log file can help.
That’s especially true if you monitor logs anyway as you can see all activity from one place rather than having to check individual dashboards within your website.
Dangerous, hurtful, rude, hateful and racist comments should be dealt with quickly and efficiently so they don’t put others off or bring your website into disrepute.
Log files are another way to do that.
WordPress Multisite makes it so very easy to manage multiple websites within a single installation. But there is still a lot to monitor. A WordPress activity log plugin can bring all the relevant logs from all connected websites into a single manageable dashboard.
As a Super Admin, you can monitor all logs, activity, users and all those logs we have talked about, quickly and easily.
If you have ever managed WordPress Multisite, you will know that there is a lot to look after. While the Multisite dashboard helps a lot, there is only so much space on there for key elements.
Log files can be a separate way to monitor everything that happens on every one of your websites. All the log types and use cases we have discussed here can work equally well for WordPress multisite.
Now you know everything you need to know about WordPress activity log plugins. What they are, how they work, how they can help and why you should use one.
Now begs the question, which should you use?
Were we to choose, we would choose WP Activity Log for its ease of use, attractive dashboard and the ability to export log files for an extra level of security.
A backup is only effective if it is stored somewhere other than the main files and that’s something this plugin gets right.
We would also recommend Stream. It’s a free plugin that packs quite the punch. It logs all kinds of activity, can interact with Slack and IFTTT and covers all the bases you could want from a WordPress activity log plugin. All for free.
To be fair to the others in our list, you won’t be sorry if you choose any of them!
Each has its strengths and weaknesses and some have a specific use case not covered by other plugins. Whatever you choose, you will quickly find yourself depending on log files for a lot more than monitoring!
Do you use a WordPress activity log plugin? Is it one of these or something else? Tell us your thoughts in the comments below!