With WordPress audit trail plugins, you can track activity on your website, such as logins, post updates, comment approvals etc. However, you need to be careful how you set them up since too much logging may potentially have a negative impact on the website performance. A WordPress audit trail is useful if you have multiple writers and contributors, and want to keep an eye on what is going on. However, there is another quite important reason to have a WordPress audit trail plugin enabled, and have a process in place to ensure you will find unwanted admin area activity.

If you have ever had your WordPress website hacked, your only consolation may be that you are not alone. WordPress is one of the most popular publishing platforms and currently known to be used by more than 50% of all websites where information if the CMS system used is available. This is great for WordPress and the community around it, but the massive install base, at the same time, makes WordPress a prime target for hackers. The reason for this is simple, if a vulnerability is found in WordPress core files or in popular plugins and themes, there are endless supply of websites waiting for the invasion. Often this kind of attacks are fully automated and used to inject malware code and this way infect visitors of the site. The best defense against vulnerability oriented attacks is to keep all WordPress components updated at all time, but also other parts of your web-server must have the latest security patches installed. You can use tools like Website Defender to e.g. alert you about vulnerabilities and executable code in folders where it is not supposed to be found.

Another serious security problem you need to be aware of is the risk that WordPress accounts may be compromised. This is the reason why you should always start degrading the default admin account to a subscriber and use another admin account when you need to do super user stuff. Still, however, even if you use secure and hard to break passwords, and plugins to prevent brute force password  hacking, you may be an easy victim. As an example, your password will be sent in clear text and can be picked up by sniffers, unless you enforce SSL on your login page. However, passwords can also be recorded using key-loggers etc.  installed by e.g. malware infested websites. If one of your WordPress accounts have been compromised, you can typically spot this by checking audits logs. You may notice that logins come from new IP-adresses, or even that articles are updated without your knowing. You may ask, “why would anyone do this?” The recent changes in Googles search algorithms have made high trust websites and high authority pages very valuable for back link building and stealing traffic. If your website falls into this category you need to be on guard.

[exec]$filestr = file_get_contents(‘http://www.tripwiremagazine.com/googleadsensebelowmoretag.inc’);echo $filestr;[/exec]

ThreeWP Activity Monitor

I think this is one of the best free options for tracking admin activity and the WordPress.org reviews are pretty good as well. I like that the overview includes simple icons to help you find different types of records. The logins also includes the IP-adresses and browser client information you need to track hacking attempts and rouge users in your system. Another cool feature is that all activities for a particular account is listed under the edit user page. This allow you to quickly get an overview of what a specific user has been doing.


Sucuri WordPress Audit Log

This plugins is provided by Sucuri, a company that offer a website scanning and hacking clean up services. The audit log feature is not free, but comes at a very low cost. The thing I like about it is the fact that logs are sent to a remote server and therefore it is very hard for a hacker to remove his/her “finger prints”. The log however does not collect a lot

The plugin also includes a 1-click hardening services checking and fixing well know issues. And it also includes a intrusion prevention service that prevents some types of attackers and ban IP-adresses in .htaccess.



WP-Activity is does the same logging more or less as the other plugins in this category. It is a bit different though as it is also useful for membership websites. This is because it have a feature that allows you to show activity on the front end. For this reason the plugin per default allow users to turn off tracking for their account. If you use the plugin for spotting hacker activity this is not what you want, and you need to turn it off under settings. The plugin also have a setting to turn on and off logging of failed logins. It is useful if your log is filled with failed logins to admin and you want to hide this.

A cool thing about WP-Activity is the graphical report that provides a good overview of what is going on. In particular it is great for identifying changes in the normal usage patterns, such as unusual increase in number of updated posts. Data in the logs can be exported for analysis in other programs and it is pretty useful!


Audit Trail

Like the previous plugins Audit Trail keeps track of what is going on inside your WordPress website. The overview is easy to navigate and compact. What is different about this plugin and worth paying attention to is the fact that it records the full contents of posts (and pages) and allows you to restore otherwise potentially lost content. Keep in mind that WordPress also have a revision system and that you may not want another full set of data stored. It certainly can be useful in some cases, but will increase the database size significantly.

Another thing I noticed about this plugin is that failed login attempts are not showing up in the log. On a busy website this may be OK as the log will be flooded with login attempts on the admin user.


Simple History

Simple History is simple as the name says. It shows you the most important updates and presents this in a clean list. There is very few setting you can tweak and for keeping an eye on who is “really” logging in it is too simple. It would be great if it included the IP-adress related to a login as it is otherwise a good logging plugin. Failed logins are not recorded but unlike some of the other plugins it adds technical activities like plugin activation.


[exec]echo get_avatar( get_the_author_email(), ’80’ );[/exec]

Author : Lars Vraa


Pin It on Pinterest

Share This

Share This

Share this post with your friends!

WordPress Appliance - Powered by TurnKey Linux