5 Best Ways to Monitor WordPress Activity via the Dashboard

Posted on March 7, 2017 by in Tips & Tricks | 12 comments

5 Best Ways to Monitor WordPress Activity via the Dashboard

How much do you know about what happens on your WordPress site? If someone was trying to brute force your password, would you know? If one of your contributors edited an old post, could you tell? Unfortunately, there’s no way to monitor WordPress activity out of the box.

So if you want to monitor what’s happening on your WordPress site, you’ll need a little help. And that’s what this post is going to do. I’ll tell you why it can be beneficial to track activity on your site and then show you exactly how to do it using a free plugin.

Why Would You Want to Monitor WordPress Activity?

You aren’t some machiavellian super spy for wanting to know what’s going on with your WordPress site. Some people might feel a little sneaky monitoring what users are doing. But, there are some very real, very legitimate, reasons to monitor activity. And as long as you’re open with your users about tracking activity, I don’t think there’s anything morally wrong with it.

Here are a few reasons tracking WordPress activity can help your site:

  • Improved security. If someone repeatedly tries to log in to your site, you can track every failed login attempt so that you can take steps to harden your login security.
  • Better debugging. Tracking activity lets you pinpoint which change caused an issue. For example, you could quickly go back and see which plugin was activated by you or other users.
  • Content integrity. If you still allow edit access to published posts, monitoring activity can help you ensure no one goes back and edits it at a later date.
  • Informed support. If you run a membership site or something similar, tracking activity can help you better support your members and find out what exactly is causing them problems.

Have I convinced you that it’s not a bad thing to track WordPress events? I hope so. Because now I’m going to show you exactly how to do it.

How to Monitor WordPress Activity With Activity Log

After this tutorial, I’ll give you a few other plugins that can help you track what’s happening on your site.

But for this guide, I’m going to use a plugin called Activity Log. It’s free, regularly updated, and comes from Pojo, who is the same company behind the Elementor page builder.

Activity Log lets you track a huge range of activities. Everything from marking comments as spam to publishing posts to entering an incorrect password. Activity Log handles it all. You can even track WooCommerce edits and bbPress activities.

And what I love is that you can set up email notifications to be quickly notified when something especially important happens.

Here’s how to use it:

Step 1: Install and Activate Activity Log

As with any plugin, your first step is going to be to install and activate Activity Log. It’s free and listed at the WordPress.org directory, so you should be able to do it directly from your WordPress dashboard:

install activity log

Step 2: Configure Activity Log

Once you’ve activated the plugin, you’ll get a new Activity Log tab in your dashboard sidebar. You can configure the plugin by going to Activity Log → Settings.

configure activity log

There’s not too much to configure. In the General tab, all you can configure is how many days to store your log for. While it may be tempting to store tons of data, that’s not a good idea. You’re going to massively increase your database doing that. And while Activity Log does use a separate database table to improve performance, you still don’t want to store unlimited logs.

If you have a site with just a few users, you can probably leave it as the default of 30 days. If you have a site with tons of users, you should consider shortening the duration.

You can also manually delete your log in this area.

If you head over to the Notifications tab, you can set up email notifications for when specific events occur.

For example, to get notified when someone tries to log in with an incorrect password, you’d configure it like this:

notification events

You can chain conditions together using AND logic. All that means is you can require two or more things to happen at the same time in order to trigger an email notification.

And that’s it as far as configuration goes!

Step 3: View Your Activity Log

You’re pretty much done now. To view your activity log, you just need to head to Activity Log → Activity Log:

view activity log

If you need to filter the activity log, you can use the dropdowns at the top to quickly drill down to specific actions.

Overall, very easy to use and setup.

Other Plugins to Help Monitor WordPress Activity

I think Activity Log is plenty powerful and user friendly, but if you’re looking for some other quality options, these plugins also get good reviews.

audit log viewer

WP Security Audit Log

As the name suggests, WP Security Audit Log is a bit more focused on the security aspect of activity monitoring. In the free version, there’s not much to differentiate it from Activity Log. But if you purchase some of the pro add-ons, you’ll get access to features like:

  • User Session Management – see who’s logged in to your site and remotely terminate a user’s session.
  • Search – perform text searches on your activity log.
  • External databases – store all data in an external database to avoid slowing down your WordPress install.
  • Reports – generate detailed reports.

Additionally, WP Security Audit Log supports WordPress Multisite installations.

Price: Free. Add-ons ~$59 each or save in a bundle | More Information

Simple History

Simple History is another option with a nice clean interface. I’d say the three major things that differentiate Simple History are:

  • Post Quick Diff – quickly see specific differences between two versions of a post.
  • Support for third-party plugins – Simple History logs activities for some specific plugins like User Switching, Limit Login Attempts, Redirection, and a couple others.
  • RSS feed – you can download an RSS feed of all changes to your site.

Price: Free | More Information

Stream

Stream supports normal WordPress installs as well as Multisite. It also lets you query your activity logs using WP-CLI, which is a nice touch. And it further differentiates itself by offering activity tracking for a number of popular plugins like:

  • Advanced Custom Fields
  • bbPress
  • BuddyPress
  • Easy Digital Downloads
  • Gravity Forms
  • Jetpack
  • User Switching
  • WooCommerce
  • WordPress SEO by Yoast

I think Stream definitely has the best third-party plugin support. And the WP-CLI option is great for developers managing lots of sites.

Price: Free | More Information

User Activity Log

User Activity Log is the last plugin I’ll discuss. As far as I can tell, the free version only really has one notable feature: the ability to get a notification email when a specific user or user role logs in.

But if you’re willing to pay for the Pro version, you’ll get a bunch of cool features like:

  • Custom Event Log – add tracking support for your own theme or plugin.
  • Third-party plugin support – currently bbPress, WooCommerce, Contact Form 7
  • Export logs – export your logs as CSV files

Price: Free. Pro version costs $24 at Code Canyon | More Information

Wrapping Up

Installing a plugin to monitor WordPress activity gives you tons of helpful information about your WordPress site.

If you’re the only one with access to your site, that information won’t be quite as helpful. But you’ll still be able to track failed logins and use it to debug your site.

On the other, if you’re running a site with contributors or members, you’ll be able to track what happens on your site much more accurately.

If I had to recommend one free solution, I’d say go with Activity Log. But if you’re willing to crack open your wallet, the premium add-on bundle of WP Security Audit Log is another good option.

Now over to you – do you think it’s too “Big Brother” to monitor WordPress activity? Or would you happily start tracking your users?

Article thumbnail image by Den2 / shutterstock.com 

12 Comments

  1. The plugin you propose is not compatible with the latest version of wordpress
    Would you use Activity Log ? Are you sure ?

    I think i have written about ten times mentioning NOT to propose outdated plugin and NOT compatible with the latest version of wordpress and you keep doing the same thing again and again !!
    Pretty disappointed !!

    • Nathan B. Weller

      Hey Linus,

      Yes, you have written several times about this and your concern is duly noted. As the blog editor, I’d like to be clear: we are not knowingly recommending dangerous or outdated plugins. As I’m sure you know, there is a big difference between a plugin that is truly out of date and a plugin that has not needed to be updated for a while or one that has not had compatibility data officially reported yet. In fact, this describes what I am sure is the vast majority of plugins in the WordPress repository.

      In this post there is no plugin listed that doesn’t work, is a known security risk, has under a four star rating, or that is over 6 months since its last update. Again, this is extremely common in the WordPress repository. I apologize if this does not line up with your personal standards but we will continue to publish posts about and promote plugins with these or similar standards.

      Best,

      Nathan

      • We agree that we disagree !!! So i will have to keep posting about the security risks.So if a plugin officially states that it is incompatible with the latest version of wordpress but it works fine according to your judgement then it is ok to propose it.Speechless by your answer !!

    • Activity Log is fully compatible with WP 4.7.3

      Please check it again.

      • Yes it got updated 3 hours ago but this does not change what i try to pinpoint here as for security issues

        @Danny
        Thanks for the update

  2. Great article Colin! I think more people should take these extra security steps on WordPress. I would like the WordPress community to be known for it’s security one day. I recommend anyone reading to try some of the tips found in this post.

  3. Great work, many times we take lightly the issue of security. A good article and interesting plugins, to make a good tracking of the site.

    Thank you

  4. I agree good article we use Wordfence and user activity. I also agree with Linus that all our clients sites that use WordPress are updated themes and plugins etc with the 24 hrs of vulnerabilities known. Treble security is a must also via htaccess and moving admin pages even then like in last few days WordPress core had another major security update which is automatic great but plugins not so.

    It does make me think sometimes if the pros and cons or WordPress out way the standard css,php and html sites with little vulnerabilities.

    But good article for those not aware of whats going on.

  5. Hello Colin,

    Good article. I am glad to see that more people are recognising the importance of audit logs / trails. And thank you for mentioning my plugin; WP Security Audit Log.

    I’d like to point out something about what you said in the article about WP Security Audit Log “In the free version, there’s not much to differentiate it from Activity Log”.

    I disagree with this because the audit trail of WP Security Audit Log is way more comprehensive. You can test it out for yourself. For example change the date or the content of a post.

    Activity Log will only keep a record that a post has been updated. WP Security Audit Log will tell you exactly what changed, i.e. the date and the content. If you change the content it will also highlight what in the content has changed.

    My 2c.

  6. Wow! this is very detailed, thanks

Leave a Reply

Comments are reviewed and must adhere to our comments policy.

401,632 Customers Are Already Building Amazing Websites With Divi. Join The Most Empowered WordPress Community On The Web

We offer a 30 Day Money Back Guarantee, so joining is Risk-Free!

Sign Up Today

Pin It on Pinterest