WordPress activity logs – the definitive guide to understanding & using them

A lot happens on your WordPress website – perhaps even more than you think. When it comes to security, troubleshooting, user management and accountability in business, having a system to keep track of activity on your website is key.

An activity log plugin enables you to do just that. By maintaining a record of user and site changes you keep your finger on the pulse of your WordPress site, e-Commerce store, or multisite network. This guide explains what is a WordPress activity log, how to keep one on your site, and what information you can find in it.

What Is an activity log, and what does it track?

An activity log is a log in which a chronological record of a sequence of changes and activities are recorded. A WordPress activity log is a record of events and user changes that take place on your website.

Also sometimes called an ‘activity log’, ‘audit log’, ‘activity log’, or ‘security log’, logs are not part of the core WordPress platform. So you need to install the WP Activity Log plugin to keep a log of everything that happens on your WordPress websites and multisite networks.

An activity log plugin has sensors for tracking and recording various events. The more sensors a plugin has, the greater its ‘coverage’ will be. The WP Activity Log plugin can keep a log of activities such as:

Login attempts. This includes successful user logins, as well as failed attempts, and users with multiple active sessions.

Plugin and theme installation. This includes installing, activating, updating, deactivating and uninstalling a plugin or theme.

Comment moderation. Various comment-related activities, such as users approving, deleting, or marking post comments as spam.

Content changes. In the activity logs you will find a record of when users create, publish, update or delete content. You will also find information about other content changes. For example  when files are uploaded or deleted, and when categories, tags, status, URL, custom fields etc are changed.

System settings & updates. WordPress core updates, including automated ones are tracked. Also changes to the WordPress settings.

WooCommerce store, product & other changes. This encompasses changes to products, pricing, shipping, tax, units and other settings. Read activity logs for WooCommerce for more details.

Changes in third party plugins and their data. In the activity logs you will also find a record of changes in other plugins. Refer to the list of activity log extensions for more details.

Yoast SEO plugin settings & SEO metabox changes. In your log you will also find or changes done to the on-page SEO of a page. For example when there are keywords, meta descriptions, and search engine visibility. The plugin also keeps a log of Yoast SEO plugin settings changes.

Multisite network site, system and user changes. As an activity log plugin for WordPress multisite, the plugin keeps a log of all network settings, sites, users and other changes.

Coverage varies widely across plugins. Always vet plugins thoroughly to ensure the one you choose tracks the key activities you want to monitor. We have a complete list of changes WP Activity Log can keep a log of.

A comprehensive activity log & the events metadata

Some activity log plugins simply inform you that an event happened, but do not specify the details. That is not enough to troubleshoot a technical issue, keep track of user changes, and identify suspicious behaviour.

There are several other details you’ll need to know of in order for your logs to be useful, hence why WP Activity Log generates a comprehensive activity log. In every activity log event the plugin reports:

  • Event ID: A unique code assigned to the type of event to help identify it.
  • Severity level: An indicator of how critical the event is.
  • Date & time: When the event occurred.
  • User & role: Who executed the activity, and what their permissions level is.
  • IP address: The IP address of the user who executed the activity.
  • Object: What element of your site the activity impacts.
  • Event type: A general indication of what activity has taken place.
  • Message: A detailed description of what activity or user change has occurred.

Refer to the WordPress activity log metadata guide for more details about the information reported in the activity log events.

WordPress activity logs


Reading and understanding the activity logs

Here’s an example to help you better understand how these pieces of information work together:

From the image to the left, we can learn quite a few things. For example:

  1. In the third event you can see that the user Robert Abela with administrator role opened the profile page of wpauthor user (event ID: 4014) and then he changed the user’s role from Editor to Author (event ID: 4002 at the top). This event is considered to be critical because it can have an impact on the website’s security. Though it is nothing to be alarmed about if the change is legit.
  2. We can also see that the user Miriam Dalli opened a post in the editor. The post status is pending and it is called File integrity scanning for WordPress websites. You can see this in event ID 2100, the one before the last. Then she published it (event ID: 2001) and later on changed the content (event ID:2065).

Refer to the list of activity log severity levels for more information about the different severity levels in the WordPress activity log.

You’ll notice that in the Message column, you can see all the relevant information you’ll need. For example the post’s title, ID and content type. The metadata also includes the old status, the new status, and a link to view the post. Having all of this information in one place makes it much easier to monitor your site. It allows you to react quickly to potentially-problematic changes.

The details in the activity log metadata

As highlighted above, WP Activity Log records a lot of details in the activity log. This section provides specific insights into what the plugin reports in the message entry of every activity log event.

These details are especially helpful for WordPress users who manage large, multi-author blogs. For example, in the Message column, you’ll find the following specifics that are relevant to content changes:

  • Title of the post, page or custom post type
  • URL of the post
  • Content status (draft, scheduled, published, etc.)
  • Visibility status
  • Post category
  • Content changes
  • Parent content
  • Author
  • Custom field modifications
  • Other content metadata such as tags, categories & others.

In case of a change in WooCommerce, you can see the specific changes done to your store or individual items. This will  include references to the following elements in the Message column:

  • Name of the product
  • Status of the product (draft, published, etc.)
  • Product category
  • Prices
  • Product stock status (in/out of stock, back-ordered, etc.), quantity and measurements (weight, dimensions, etc.)
  • Downloadable product file name and URL
  • Store location
  • Store currency
  • Order status & many others.

This list just scratches the surface – there are several other specifics related to your store, products, managers etc that may be mentioned in activity logs as needed.

5 key reasons why you need an activity log for your WordPress website

Having access to the information an activity log provides may seem unnecessary at first. However, there are many critical situations in which being able to quickly reference your records will come in very handy.

You can keep track of user changes

Being able to track user changes is helpful and improves user accountability. It can be especially useful for multi-author and user websites such as blogs, news sites and eCommerce stores. Just to give one example, it can help you track down which of your writers or editors may have been involved in mistakes such as the publication of an incomplete post.

An activity log can also be helpful for monitoring contributions, in order to determine whether everyone is pulling their weight. Plus, WP Activity Log provides a link to a side-by-side comparison of content changes, for a more detailed examination of any revisions:

The WordPress revision viewer

Even if you’re not running a content-heavy site. An activity log still helps you keep an eye on general website management tasks. This is key to monitoring any WordPress maintenance professionals involved in your site, as well as catching unauthorized behavior.

Your logs will help towards having a website that meets the legal & industry regulatory compliance requirements

Every business must adhere to several legal and compliance requirements. These requirements are typically stipulated by governing bodies.

Most requirements require businesses to maintain an activity log of changes that happen on their website. Those who deal with sensitive information, such as payment details and medical records often have even stricter obligations.

Ecommerce retailers and business sites also have legal regulations to follow, such as the Payment Card Industry Data Security Standard (PCI DSS). If customers can enter cardholder data on your website, you’ll need an activity log in order to protect card holders and comply with the law, as stipulated in PCI DSS requirement 10: track and monitor all access.

You’ll simplify WordPress troubleshooting

An unfortunate fact of WordPress is that many plugins and themes don’t always get along. Conflicts between these are one of the leading causes of site problems. These can be annoying and time-consuming to fix.

With an activity log, you can easily pinpoint the last installation or change that occurred before the error. That will often be the source of the problem. By helping you find who did what quickly, your logs enable you to get your website back to normal without any guesswork.

The same applies to most other kinds of user errors that may occur on your site. The activity that took place immediately before the problem started will often hold clues about what you need to do to resolve the issue fast.

You’ll Identify service abuse, suspicious behavior & attacks before they become reality

There are several events that an activity log can report which may indicate that someone is trying to hack into your WordPress website or abusing your service. For instance:

  • a large volume of failed login attempts from the same IP address within a short period of time,
  • simultaneous sessions from a single user,
  • large numbers of requests to non-existent pages,
  • users logins from strange locations at unusual times

All these can be an indication that an attack is underway or subscribers are sharing and abusing the service. By enabling you to spot these activities early, your activity log gives you the chance to thwart any possible malicious attacks and stop those abusing your service.

You streamline the forensic & post-attack recovery process

If a hacker hacks your website, an activity log helps you throughout the recovery and clean-up process. With a detailed log of everything your attacker did you can easily spot the changes and infections. Once you know about them, it is easy to clean things up.

In addition, your activity log will provide clues as to how the hacker gained entry to your website. This allows you to harden your preventative security measures to avoid another breach.

How to keep a comprehensive WordPress activity log

WordPress does not have activity logs out of the box. This means that in order to keep a log and monitor the events taking place on your site, you’ll need an activity log plugin.

Refer to how to evaluate WordPress activity log plugins to inform yourself on the criteria you should consider when choosing a WordPress activity log plugin. In short, it is important to choose a plugin that offers extensive coverage and reports a high level of detail.

As this guide showcases, WP Activity Log offers those very qualities and much more. It stands apart from its competitors by giving you a wealth of information with which to manage and maintain your site, users and business. The free activity logs plugin  includes everything you need to get started with a WordPress activity log.

Build a rock solid activity log solution that works for your WordPress & business

With the WP Activity Log plugin you can build a complete WordPress activity log solutions with:

  • Instant email and SMS notifications for critical site changes
  • Automated user reports sent to your inbox on a daily, weekly, monthly, or quarterly basis
  • Search and filter functionality, to help you quickly find relevant events
  • Manage where the logs are stored, for example in an external database, for increased security and regulation compliance
  • Mirror the logs to third-party platforms, including Slack and Syslog for easy real-time monitoring

These activity log plugin features help you stay up-to-date on all your site’s happenings and sleep well at night. Improve user management & accountability, ease troubleshooting, and harden the security of your site with WP Activity Log.