Track and keep an audit of every change on your WordPress and WordPress multisite installations easily with WP Security Audit Log, the most popular WordPress security monitoring plugin.

WP White Security is happy to announce a new revamped version of WP Security Audit Log; the most popular WordPress security monitoring and auditing plugin is finally out of beta and is available for download from the WordPress repository plugin page. Here is an overview of what is new and improved in Version 1.0 of WP Security Audit Log.

WordPress Security Monitoring Just Got More Robust and Better

We have learnt a lot since we launched the first version of WP Security Audit Log plugin 9 months ago, and we decided to put what we have learnt into practise. Version 1.0 of WP Security Audit Log is a complete rewrite of the plugin. Version 1.0 is much more stable and robust when compared to its predecessors. Version 1.0 also allows us to scale the plugin much better, so expect a number of new and cool features in the near future, such as searching, filtering, alerting and reporting.

Granular WordPress Monitoring and Detailed Security Alerts

With this new version of WP Security Audit Log we take WordPress monitoring to the next level. Unlike other WordPress monitoring plugins, WP Security Audit Log reports extensive details in the WordPress alerts. For example while other plugins will alert you that a page was changed, WP Security Audit Log will alert you about what was changed in the page, such as the author, date, template and much more. Such details are really important especially if you need to trace back suspicious behaviour or a malicious WordPress hack attack.

Monitor Themes and Plugin File Code Changes

Version 1 of WP Security Audit Log keeps a record of who is using the WordPress in-build editor to modify themes and plugins files. The modified filename will also be reported so you can easily track down any website breakdowns, plugin or theme code modifications, or a malicious code injection and other similar WordPress hacks.

Monitor WordPress Settings

WordPress security alerts will be generated when WordPress is updated or when the WordPress permalinks are changed. WP Security Audit Log also monitors several other WordPress settings changes as explained in the section WordPress Settings and System Security Alerts.

Monitor WordPress Themes

In this new version of WP Security Audit Log WordPress administrators can also monitor the WordPress themes; a WordPress security alerts are generated when a new theme is installed or when a theme is activated on WordPress.

Granular Monitoring of WordPress Pages

An alert advising you that a WordPress page was modified is not enough. The new version of WP Security Audit Log alerts WordPress administrators even when a page’s template or parent is changed. For more detailed information about WordPress pages monitoring alerts refer to the WordPress Pages Activity Security Alerts section.

New Audit Log Viewer

The Audit Log Viewer has also been revamped. It will auto refresh upon new activity; hence administrators do not have to click the refresh button to view the latest alerts generated by the latest activity.

Audit Log Viewer

New Developer Tools

The new version of the WordPress monitoring plugin is also shipped with a number of new developer tools which allow WordPress developers and administrators to get more information about the alerts, monitor and get alerted of WordPress and PHP errors and much more.

Alert Data Inspector

Once enabled from the settings, the Alert Data Inspector allows developers and administrators to see more detailed information about each alert generated by the plugin, such as the user-agent string, the user ID and more as seen in the below screenshot.

Alert Data Inspector

PHP Errors

By enabling the developer option PHP errors from the plugin settings, WP Security Audit Log will also generate an alert about all the PHP errors, warnings, notices, exceptions and shutdown. Such features come in handy for anyone developing a theme, plugin or other extension on WordPress. A screenshot of a PHP shutdown alert is shown below.

PHP Error reported in WP Security Audit Log

Request Log

Enable the Request Log from the plugin settings to log all the HTTP GET and POST responses sent to your WordPress and WordPress multisite websites to a log file. The log file Request.log.php is created in the plugin directory and is using a PHP extension for security reasons; if someone guesses the log file name it cannot be downloaded like a normal log file, thus exposing sensitive details about the WordPress blog or site.

Sandbox

Once enabled from the plugin settings, developers can execute PHP code and check the results via the Sandbox.

List of New WordPress Security Alerts Introduced in this Version

Below is a list of new WordPress security alerts that are generated by the plugin when such activity is noticed:

  • Alert 2046: User modified a file using the editor
  • Alert 2047: User changed parent of page
  • Alert 2048: User changed template of page
  • Alert 2049: User set post as sticky
  • Alert 2050: User removed post from Sticky
  • Alert 5005: User installed a new theme
  • Alert 5006: User activated a theme
  • Alert 6004: User upgraded WordPress
  • Alert 6005: User changed the WordPress permalinks

As explained in the previous section, the new version of WP Security Audit Log can also monitor PHP activity and errors, thus making it a handy tool for WordPress developers. Below is a list of alerts that monitor PHP errors:

  • Alert 0000: Unknown error
  • Alert 0001: PHP error
  • Alert 0002: PHP warning
  • Alert 0003: PHP notice
  • Alert 0004: PHP exception
  • Alert 0005: PHP shutdown error

For a complete list of WordPress security alerts and WordPress activity that WP Security Audit Log can monitor and keep an audit of refer to the Complete List of WordPress Security Alerts.

Download WP Security Audit Log Plugin

Download the WordPress security monitoring plugin WP Security Audit Log from the official WordPress plugin repository and start monitoring your WordPress and WordPress multisite installations today. For more information about the plugin, visit the official WP Security Audit Log plugin product page. For more details about the WordPress activity that WP Security Audit Log plugin can monitor refer to the List of WordPress Security Audit Log Alerts.

Upgrading WP Security Audit Log Plugin

Once you login to your WordPress using an administrator account you will be automatically notified that an upgrade of WP Security Audit Log plugin is available. You can upgrade automatically by clicking the upgrade link.

If you want to manually upgrade the plugin; download WP Security Audit Log from the WordPress repository, deactivate the plugin from the WordPress dashboard, delete all plugin files and replace them with the new files. Once all files are uploaded, enable the plugin from the WordPress dashboard.

Rate WP Security Audit Log Plugin

If you use WP Security Audit Log plugin and it helped you improve the security and monitoring of your WordPress blogs and websites, please rate WP Security Audit Log on the WordPress repository. If you have any questions, feedback or need support please get in touch with us by sending us an email on plugins@wpwhitesecurity.com.

You can also subscribe to our WP White Security Plugins newsletter to get notified via emails when new updates, plugins and tips are available.

Comments

  1. Noticed that with this recent release, the table name changes.
    If the consumer doesn’t deactivate the plugin and reactivate it, the plugin stops working due to it missing the new table. Just a heads up.

    • Hi Sterling,

      Thank you for your comment. It seems there is an issue with the upgrade script and the tables are not being created during the first activation, hence the user has to disable and activate the plugin for the second time for it to work properly. We are currently looking into it to ensure that future upgrades do not fail. Having said that, we do not envisage any more table changes in the future versions.

      Also FYI the old plugin was using the following tables which after the upgrade can be safely deleted:

      wp_wordpress_auditlog
      wp_wordpress_auditlog_events

      The new plugin is using the following tables:

      wp_wsal_metadata
      wp_wsal_occurrences

      Thanks again for the heads up and for showing interest in our plugin.

Speak Your Mind

*

Get Notified Instantly of Changes on Your WordPress

The WSAL Notifications Extension plugin enables WordPress administrators to setup monitoring rules so they are notified instantly via email when important changes happen on their WordPress.

Learn More