WP Activity Log is one of the most important security plugins. You must use this plugin to keep track of everything happening on your WordPress site. Imagine you have a few users in your WP (WP is a short form of WordPress) for example (Administrator, Editor, and Author) and you need to keep track of everything or someone hacked/entered your site and made changes to posts, pages, plugins or other place, by using this plugin you will solve that issue and boost your security. But this is not enough for your security here are my best-picked Free plugins
Best-picked plugins
- All In One WP Security
- WP Activity Log
- UpdraftPlus
This is my video about the WP Activity Log plugin.
You need to check my other posts about the best WordPress security plugins. This post is about the WP Activity Log plugin.
Table of Contents
- WP Activity Log plugin installation
- 1. Log viewer
- 2. Settings
- 3. Enable/Disable Events
- Summary:
- F.A.Q.
WP Activity Log plugin installation
Log in to your WordPress dashboard and click on Plugins > Add New Plugin > Search Plugins and search for “WP Activity Log”, click “Install Now” and “Active”, here is the logo.
After installing the plugin you will see the plugin`s logo at the top left side of the dashboard.
1. Log viewer
Click on the plugin`s logo at the top left side and you will see the Log Viewer page
here you will see all the wp logs about what happened, when, and who made it, for example, Date, User, IP, Event Type, Message, etc.
2. Settings
let’s configure all options step by step.
2.1 General
For “Dashboard Widget” I select “no” It is asking for access to show logs in the WP Dashboard ( do not mix it with the WP Activity Log`s dashboard, it is about the WP dashboard).
We can not change anything in “Admin Bar Notification” and “Admin Bar Notification Updates” it is selected by default.
“Login Page Notification” you can select “Yes” and write a message that will appear on your login page, I selected “No” for my WP site.
“Reverse Proxy / Firewall Options” If you check my post about the All In One WP Security plugin we use some firewall rules but it is not enough to select “Yes” here select “No”.
“Who can change the plugin settings” This is an important function here you need to select “Only me” if you are the owner of the WP site or a solid developer and you are using the right account because after saving no one can do any changes, this is important because no one will be able to turn this off, so you will see every log without any excludes.
“Allow other users to view the activity log” When you select yourself as the only user who has access, other users will not be able to see or review logs for that you need to allow them, you can specify the username or roles from here.
“Which email address should the plugin use as a from address?” By default, it is WordPress general email but you can change it from here.
“Do you want to hide the plugin from the list of installed plugins?” This will hide the WP Activity Log plugin from the Installed Plugins section and no one will know that you use this plugin.
2.2 Activity log viewer
“For how long do you want to keep the activity log events” By default it is 3 months which is enough.
“What timestamp you would like to see in the WordPress activity log?” let this by default if you do not need to change the timezone.
“What user information should be displayed in the WordPress activity log?” for this, I choose the “Configured public display name”.
“Do you want to keep a log of WordPress background activity?” WordPress does a lot of things in the background that we do not need to know, but I choose”Yes” for more information.
2.3 File changes
We’ll use the Melapress File Monitor plugin to enhance your website’s security. This powerful tool tracks and logs all file changes on your site. If a security breach occurs, such as a hacker gaining access or injecting malicious code, the plugin will detect it. It identifies what changes were made and where they happened. This allows us to quickly detect and address any unauthorized activity, ensuring your site remains secure.
2.4 Exclude objects
I did not exclude users, roles, or IP addresses and I recommend the same to you.
2.5 Advanced settings
I choose ‘Yes’ for ‘Remove Data on Uninstall.’ This ensures no additional logs are kept in the database if I remove the plugin.
3. Enable/Disable Events
Enable or disable alerts here. Use the drop-down menu to select one of the preset log levels. I chose “Custom” and selected all types of logs.
Summary:
So if you checked and activated all necessary functions, now you can be sure that you will know every action on your site this is important to control and track all logs. Of course, this is not enough to have a secure site you need to use a few things too, rocket.net for the server, the All In One WP Security plugin, and UpdraftPlus for backups.
If you have any questions, feel free to drop a comment I’m here to help! Or, if you’d like more support, you can check out my services.
F.A.Q.
If you do not use security plugins hackers can crack your site easily.
No, WP Activity Log is enough to track all actions on your site. However, for full security, you should use additional plugins as well.
Yes, it is free but there is a Pro version too but free version is enough for tracking everything.
Yes, but it is a Pro version so you need to activate pro version.
