Last updated on October 4th, 2023 at 12:03 pm
The WP Activity Log plugin by WP White Security provides WordPress-level logging so you know can keep track of what's happening on your site.
This post may contain affiliate links. We may earn a commission if you purchase an item through our links. It costs you nothing and helps us to fund this blog. Please see our Affiliate Disclosure & Notification for details.
In a recent article, we talked about the importance of being able to audit your WordPress website and the changes taking place on it. We mentioned the use of a plugin called WP Activity Log, which used to be known as WP Security Audit Log and is developed by WP White Security. This plugin allows you to track changes to your website in WordPress-specific terms. We use it on all of our websites and this is our review of the plugin.
The WP Activity Log plugin comes in both a free and paid version. While the free version is awesome, the paid version includes options for real-time email & SMS alerts for critical changes to your website and includes a nice search & reporting function you can use to provide reports to clients about the activity on their site.
Why You Need the WP Activity Log Plugin
There are a lot of great reasons you might need the history of activity that happens on your WordPress website. Perhaps you just need to perform an audit or maybe something is broken and you need to identify what changes happened immediately preceding the break. The WP Activity Log can help find this information.
What it Does
The WP Activity Log plugin can capture just about everything a logged in user does on your site along with some system-initiated tasks that don’t necessarily associate with a logged-in user (a guest purchase in your WooCommerce store for instance).
You can track common events such as:
- User logins
- Post publications & modifications
- Plugin installations, activations, & deactivations
- Theme installations, activations, & deactivations
- File uploads such as media files and file deletions (when done via the WordPress CMS)
- Modifications of custom field values
- See the full list here
Even more useful is that these types of events not only capture when the changes happened but which user made the change and what IP address they were logged in from when the change was made. This can help you identify if a user’s account has been compromised (for instance a user who lives in Texas is suddenly making changes from an IP address in China).
Logging the who, what, where, & when, of an action is a fundamental cybersecurity concept that transcends WordPress and exists all over the technology world. WP Activity Log does it beautifully.
When I first tried the WP Activity Log plugin a couple of years ago, I was really expecting a heavy hit to my website performance considering that it’s recording things happening in real-time. But, as it turns out, that’s not the case.
Because WP Activity Log is primarily concerned with tracking changes to your website, typical anonymous visitors don’t trigger any data collection – and this represents the vast majority of users. For users who are logged in, data collection occurs as they view pages & edit the site, but any change in performance isn’t even noticeable.
In my opinion, personal and professional, the support provided by the development team is one of the best you’ll find in the WordPress ecosystem. The support I received with the free version of the plugin rivaled that of almost every paid plugin I’ve ever bought.
The team is hyper responsive and regularly goes above and beyond scope of support to help users and make their product better.
One thing that has really struck me about the support at WP White Security was they really take the time to listen to issues and provide meaningful responses rather than respond with canned answers. This not only goes a long way to establish trust but also to show how much they care about having a quality product.
The WP Activity Log plugin works in the context of WordPress so it won’t report on direct modifications of files via FTP or SSH and it can’t tell you if someone has modified your database via external calls or directly in your CPanel using a tool like phpMyAdmin.
WP White Security also has a Website File Changes Monitor plugin that integrates with WP Activity Log and can help you find changes to files. You can use other scanning tools such as Wordfence for that as well, but if you use a different security plugin or none at all, then this extension will make WP Activity Log even more valuable to you.
The WP Activity Log plugin by WP White Security brings value to just about any WordPress site out there. From troubleshooting to security to accountability, you can’t go wrong with this level of logging on your websites.