Ultimate Website Security Tools

Scan your website for Malware
activity logs

Logs are perhaps one of the most valuable tools available to troubleshoot issues with systems and applications. Logs are hardly new or controversial; in fact, both developers and administrators have been using them for a very long time to understand why things break down and how to fix them.

Logs come in all shapes and sizes, from security and performance logs to activity logs – different systems and processes collect different records. Regardless of the type, logs include a list of events that happen within the application’s or system’s confines, listed in chronological order. In particular, activity logs record activities occurring within a system or application, such as WordPress.

WordPress does not log activities straight out of the box. However, by using an activity log plugin, every administrator can get access to this excellent troubleshooting and site & user monitoring tool, helping them keep their WordPress website running in optimal order while remaining secure.

What kind of WordPress activities are logged?

Different plugins can track different things. Some plugins are pretty specialized and will only log a specific set or subset of activities. Others, such as WP Activity Log, log a wide range of activities providing a broad yet detailed view of everything that goes on your website.

What are activity logs? - Virusdie

WordPress activity log plugins, in particular, can generally track two kinds of activities – user-generated activity and system-generated activity.

User-generated activity

User-generated activity is, as the name suggests, activities that users generate. These activities can include: logging in and logging out, user session-related activities such as publishing posts, editing posts, uploading or deleting media, changes in settings, and many others.

Benefits of tracking user activity

As you might imagine, there are many benefits to tracking user activity. If you have many users on your WordPress, it can allow you to enforce accountability as each user’s action will be tracked and noted. If a user account is ever compromised, activity logs will also tell you what changes were carried out by that user account.

System-generated activity

Users are not the only ones that are active on your website. Some plugins can also carry out changes to your website, with some plugins having the rights, for example, to create and delete posts and make database entries. WordPress itself can also receive and install updates – something most administrators would like to know to ensure theme and plugin compatibility with the new version.

Benefits of tracking system activity

While you might trust plugins, a system breach can end up in compromised plugins which someone with malicious intent can exploit to make changes to your website. Furthermore, if something breaks due to a system change, being able to tell what happened and when can help you fix the issue that much faster.

The plugin features to look out for

Not only do different plugins track different things, but they also come with different features and capabilities. Before deciding on which activity log plugin to install, first take the time to understand how you use your website, your goals, and which features can help you make the most out of it.

Log scope

As discussed earlier, different plugins can track different things. If you are looking to track a specific type of activity, a niche activity tracker might meet your requirements. If you are looking to track different activities, a tracker capable of monitoring a wide range of activities might be a better fit. To assess the main differences between activity log plugins follow these tips on how to evaluate activity log plugins for WordPress.

Level of detail

Log entries can have varying levels of detail, from simple entries to ones that include the IP address, precisely what was modified, and a host of other information. If you’re including activity logs in your troubleshooting arsenal, more detail is usually better. Additional information will allow you to drill down into the change to understand better what could have potentially gone wrong.

Filtering data

It is universally better to have data and not need it than to need data and not have it. Even if you feel that the data goes beyond what is helpful to you, a developer or your WordPress support team might derive value and insight from it in the case of an emergency. Sorting through reams of data can be very time-consuming. As such, filtering can be a valuable feature in your plugin.

Retention and storage policies

Hard-disk space comes at a premium, especially on a server with high availability. Here, retention policies can come in handy, as is the ability to save log files on an external database. External storage, archiving, and mirroring features can help you make sure you not only meet compliance requirements but can do so without adding extra strain to your WordPress server.

How to make the most out of activity logs

While activity logs are an essential part of any WordPress administrator’s toolbox, they are more useful when used as part of an overall maintenance and WordPress security strategy. To best protect your website, you should aim to have a comprehensive 360 strategy. From ensuring passwords meet an adequate level of complexity to having a team ready to assist you with issues, managing a WordPress website, no matter how big or small, has never been easier.


The guest post above written by WP Activity Log CEO Robert Abela, for Virusdie.

Moderated by Article by Ivica Delic
founder of FreelancersTools,
exclusively for Virusdie.

Join our private Facebook group to get help from other security experts, and share your own web security experiences and expertise. Group members receive exclusive news and offers. They can also communicate directly with the Virusdie team. Join us on Facebook.