WP Admin Audit

WP Admin Audit monitors the security relevant activities on your site, keeps an event log…

Author:brandtoss (profile at wordpress.org)
WordPress version required:5.5
WordPress version tested:6.4.3
Plugin version:1.2.9
Added to WordPress repository:01-02-2022
Last updated:20-02-2024
Rating, %:100
Rated by:4
Plugin URI:https://wpadminaudit.com/
Total downloads:3 950
Active installs:500+
plugin download
Click to start download

The modern activity log solution for WordPress

WP Admin Audit is the powerful monitoring log plugin for WordPress.
Site owners and administrators can sleep better at night knowing the plugin keeps track of all site changes, security events, and admin activities.

Ever wondered

  • who unpublished that blog post?
  • when the new media files were uploaded?
  • how that weird user account was created?

The WordPress activity log in WP Admin Audit answers this questions.

Keep track of everything that happens on your WordPress sites to:

  • Have a modern log of the changes done
  • Know about security-relevant activities
  • Find out who did what and at which time
  • Analyze the steps that led to a technical problem
  • Identify and mitigate automated login attempts by bots

What is being logged?

The short answer: almost all changes on your WordPress site, but you can decide what is kept in the audit log.

The longer answer: WP Admin Audit has sensors that monitor the changes in your WordPress site and record what actions were performed by which user at which time on which item. A summary of the types of monitored events is below.

  • Content: Page and Post changes (e.g. post created/updated/published/unpublished/deleted)
  • Taxonomy: Changes to Categories and Tags (e.g. tag is created, updated, or deleted)
  • User: User registration, user profile updates, password resets, user deletions, login, and logout
  • WordPress: Updates of the WordPress core version, settings updates (general/writing/reading/discussion/media/permalink/privacy settings)
  • Plugin: Installation, activation, updates, deactivation, and deletion of plugins
  • Theme: Installation, activation (theme switch), update, and deletion of themes
  • Media: Media file and data creations, updates, and deletions
  • Menu: Creation, updates, and, deletions of menus
  • Comment: Comment creations, updates, deletions, and status changes (approved, unapproved, spammed, etc.)
  • File: File changes via the plugin file editor and theme file editor

See the complete list of sensors, i.e. the event types that are stored in the WordPress activity log.

For every event WP Admin Audit records:

  • Event type
  • Date and time
  • IP address (the action/event originated from)
  • Acting user (the user who did the change)
  • Subject (the item e.g. a post the action is done with/to)

Features (free)

Besides the WordPress event log, WP Admin Audit also features:

  • Powerful search & filtering: Powerful free-text search as well as filtering by all sorts of categories makes it easy to find the data you are interested in.
  • Administrator & user audit: Find inactive administrator accounts and review the users’ last login dates. Check on their individual activity log.
  • Login attempts audit: Monitor logins to be aware of automated (brute-force) attacks and to identify IP addresses for blocking.

Features (premium editions)

Upgrade to the premium editions for the following features:

  • Third-party plugin support: Optional extensions help you capture events happening in other WordPress plugins. See our extension directory for more details.
  • Notifications: Select event types or event severity levels (e.g. critical and high) for instant notification via email. You can choose whole user groups (e.g. administrators), individual WordPress users, or selected email addresses.
  • Offsite archive / Replication: To increase security and for backup purposes, you can forward the events for storage to an external logging provider.
  • Enforce password changes: You can enable a policy that requires users (with specific user roles) to change their passwords regularly. For example, administrator accounts can be required to change their passwords at least every 90 days.
  • CSV export: Export events, users, and login attempts to CSV files.

Click here for more details and for a complete feature list


Screenshots
FAQ
ChangeLog