How to Evaluate WordPress Audit Trail Plugins

Last updated on August 31st, 2018 by Robert Abela. Filed under WordPress Security Tutorials

WordPress audit logging plugins and featuresYour business just switched from a custom made and complex CMS system to WordPress. All well and good, you have setup your blog, installed a few plugins and ready to get cracking. But how will you keep track of what the users are doing on your new WordPress website?

Introducing WordPress Audit Trail Plugins

WordPress does not have any built-in audit trail / logging capabilities, therefore over the years several audit log and trail plugins have been developed, such as WP Security Audit Log, Simple History and Audit trail. These are just a few; there are several other WordPress audit trail plugins. With so many different audit trail plugins available, which one is the right one for your WordPress website or blog? This article explains which are the features and capabilities you should look for when evaluating an audit trail plugin for your WordPress website.

Details Reported in the WordPress Audit Log

Every WordPress audit trail (audit log) plugin reports the changes that happen on your WordPress differently. For example when a user changes something in a post some plugins simply log the change in the audit log that the post has been updated.

A record in the WordPress audit trail showing that a post has been updated

Other plugins, such as WP Security Audit Log have a more comprehensive WodPress audit trail since they keep more detailed records. For example if a user changes the URL of a post, in the audit log the plugin reports that the URL of that post has been changed.

WP Security Audit Log reporting a URL change of a blog post

And the same applies to other properties of the post such as content changes, title, date, status, categories etc. As seen in the below screenshot the WP Security Audit Log plugin is keeping track of all the specific changes that happened on the post Hello World!.

WP Security Audit Log has one of the most comprehensive audit trail

How much detailed should your WordPress audit trail be? It depends, but from the security and admin point of view, the more the merrier. The more detailed a WordPress audit trail is the easier it is to troubleshoot something and do forensics. Also, many businesses have to adhere to regulatory compliance requirements, which require them to keep a log of all changes that happen on their website. Therefore the more detailed the audit trail is, the better.

WordPress Changes Coverage

The number of WordPress changes that the audit log plugin can keep track of is also very important. For example some audit trail plugins can only monitor posts and page changes while others can keep track of posts, pages, custom post types, plugins, themes, users, WordPress core changes and much more. To evaluate this type of functionality install the plugin and run some tests yourself; change the content of a blog post, reset a users’ password, install a new them, update a plugin and more.

See what is being reported by the plugin and what is not to get an idea of its coverage. Sometimes plugins make the list of all the WordPress changes that the plugin can keep a record of in the audit trail available to the public, though not all plugins have detailed documentation.

Integrating and Monitoring of Third Party Plugins

Typically WordPress audit trail plugins are installed for security reasons. Though a WordPress audit trail can also be used to keep track of users’ productivity and work, track down specific changes on your website and ease the troubleshooting process. Therefore most of the WordPress audit trail plugins also keep track of changes in popular third party plugins.

For example the audit log plugin Simple History can keep track of changes in the plugins User Switching, Enable Media Replace and Limit Login Attempts. The plugin WP Security Audit Log keeps track of changes on bbPress, WordPress’ most popular forum plugin. Though most audit trail plugins only monitor a few third party plugins because from a security point of view, it is not really important to keep track of changes on SEO and other similar plugins.

Though if you really need this type of logging on your WordPress website look for extensible options; a WordPress audit trail plugin that has an API that allows you to develop your own monitoring and audit log alerts. Typically the plugin developers are willing to help you with extending the plugin’s functionality, especially if you want to keep track of the changes that happen on a popular WordPress plugin.

Other WordPress Audit Trail Tools & Features

The WordPress audit trail alone is not of much use unless you have the right tools to make the best out of it. For example having the ability to search through the audit log is very important, or being able to generate reports. Some WordPress audit trail plugins also have premium add-ons that allow you to configure email notifications & alerts, so you are advised instantly when a specific change happens on your WordPress.

When you start evaluating WordPress audit trail plugins you can’t help but notice that the almost every plugin has its own unique set of features. For example Simple History allows you to configure a RSS feed to which you can subscribe and see the WordPress audit log in your RSS reader. Therefore take your time when evaluating WordPress audit trail plugins and look into every different feature to see which one really ticks all your requirements. Though the biggest deciding factors should always be:

  • The level of detail reported in the WordPress audit log,
  • The coverage of the plugin; which WordPress changes can the plugin keep track of,

And while evaluating the WordPress audit trail plugins do not forget to follow the basic rules of evaluating a WordPress plugin.

Keep an Eye on What is Happening on Your WordPress

And there you have it, no more excuses. Once you have setup your WordPress blog or website, irrelevant if it is a one man show or a multi-user website, make sure you install a WordPress audit trail plugin to keep an eye on what is happening on your WordPress and catch any possible security threats before they become an issue.

WordPress Hosting, Firewall and Backup

This Website is:

Leave a Reply

Your email address will not be published. Required fields are marked *