Running a multi-author blog is quite challenging when it comes to WordPress security. Every time users make changes, publish new content, change settings of your site, moderate comments etc.
How can you know the behavior of your users? By default, WordPress doesn’t come up with a function that allows you to monitor user activities and file changes. But, you can easily enable this function by installing a plugin.
In this tutorial, we will show you how to monitor user activity in WordPress.
Why Should You Monitor User Activity in WordPress?
There are many reasons why you should monitor user activity and file changes. For example, there are many users who login to your site, create posts, change settings, moderate comments etc.
But, how can you be sure that no one is doing any suspicious work or trying to brute force attack your site?
Apart from security benefits, there are many advantages to using a WordPress security audit log plugin.
Let’s say, you have an editor who can publish, edit, and delete posts. If the author mistakenly deletes an important article or something else, you may not know about it. But, if you use a security audit log plugin, you can easily check what the changes were and easily revert them back.
Similarly, if you have a secondary admin of your site and they have the ability to change your site settings, update themes and plugins, they may create a problem while changing something. If you have the audit log of your site, then you can easily check when the problem actually occurred and how. You can also instruct them how to properly use the function.
In short, monitoring user activity is a good security practice as you can track all the users and their activities in real-time.
There are many WordPress security plugins available which monitor user activity as well as file changes, but most of them are paid. So, in this tutorial, we will use a completely free plugin that works great.
How to Monitor User Activity Using Simple History
Monitoring WordPress activity is very simple. All you need to do is install the Simple History plugin.
Simple History is one of the best WordPress audit log plugins that shows all the recent changes made within WordPress. With Simple History, you can:
- See who added, edited, or deleted a page or post
- See who uploaded, edited, or deleted an attachment
- Who edited or approved a comment
- Who activated or deactivated a plugin
- Who updated their profile photo or change password
- When a user logged in or logged out
- When a user tried to log in but failed
- And many more.
First, from the WordPress plugin gallery, install and activate Simple History Plugin.
Upon installation, go to Settings> Simple History. From there you can change the plugin settings.
Show History: Check both options “on the dashboard” and “as a page under the dashboard menu”. By doing this, you can check all the tracking logs directly on your WordPress dashboard.
RSS feed: we suggest disabling this option as it contains sensitive information.
Clear Log: By default, this plugin automatically deletes all the data after 60 days. In case, you want to remove the data manually, click the Clear Log button.
Once that’s done, click on the Save Changes button to store the new settings.
Next, go to the Export tab. From here, you can export all the logs.
Checking Simple History Logs
Now, install/deactivate a plugin or re-login to your site to check whether the plugin is working or not.
For the purpose of this article, I have installed a plugin and changed the profile picture. Now go to Dashboard> Simple History to check the logs. Here’s a screenshot below.
From here, you can view history from a specific time by using the drop-down menu.
That’s it. This is how you can monitor user activity in your WordPress site.
Monitoring user activity is a good idea if you are running a multi-author WordPress site. It allows you to keep an eye to your users and their activities. So, if something bad happens, you can fix it immediately. If you are aware of your website security, you should use it.
Do you run a multi-author WordPress blog? Are you using any of security audit plugin, what are your experiences so far? Do share with us in the comment section.