The modern activity log solution for WordPress
WP Admin Audit is a powerful, modern monitoring log plugin for WordPress.
Site owners and administrators can sleep better at night knowing the plugin keeps track of all site changes, security events, and admin activities.
- who unpublished that blog post?
- when the new media files were uploaded?
- how that weird user account was created?
The WordPress activity log in WP Admin Audit is your central hub to answer your questions.
Keep track of everything that happens on your WordPress sites to:
- Have a modern log of the changes done
- Know about security-relevant activities
- Find out who did what and at which time
- Analyze the steps that led to a technical problem
- Identify and mitigate automated login attempts by bots
What is being logged?
The short answer: almost all changes on your WordPress site, but you can decide what is kept in the audit log.
The longer answer: WP Admin Audit has sensors that monitor the changes in your WordPress site and record what actions were performed by which user at which time on which item. A summary of the types of monitored events is below.
- Content: Page and Post changes (e.g. post created/updated/published/unpublished/deleted)
- Taxonomy: Changes to Categories and Tags (e.g. tag is created, updated, or deleted)
- User: User registration, user profile updates, password resets, user deletions, login, and logout
- WordPress: Updates of the WordPress core version, settings updates (general/writing/reading/discussion/media/permalink/privacy settings)
- Plugin: Installation, activation, updates, deactivation, and deletion of plugins
- Theme: Installation, activation (theme switch), update, and deletion of themes
- Media: Media file and data creations, updates, and deletions
- Menu: Creation, updates, and, deletions of menus
- Comment: Comment creations, updates, deletions, and status changes (approved, unapproved, spammed, etc.)
See the complete list of sensors, i.e. the event types that are stored in the WordPress activity log.
For every event WP Admin Audit records:
* Event type
* Date and time
* IP address (the action/event originated from)
* Acting user (the user who did the change)
* Subject (the item e.g. a post the action is done with/to)
Besides the WordPress event log functionality, WP Admin Audit also features:
- Powerful search & filtering: Powerful free-text search as well as filtering by all sorts of categories makes it easy to find the data you are interested in.
- Administrator & user audit: Find inactive administrator accounts and review the users’ last login dates. Check on their individual activity log.
- Login attempts audit: Monitor logins to be aware of automated (brute-force) attacks and to identify IP addresses for blocking.
Features (pro editions)
Upgrade to the premium editions for the following features:
- Third-party plugin support: Optional extensions help you capture events happening in other WordPress plugins. See our extension directory for more details.
- Notifications: Select event types or event severity levels (e.g. critical and high) for instant notification via email. You can choose whole user groups (e.g. administrators), individual WordPress users, or selected email addresses.
- Offsite archive / Replication: To increase security and for backup purposes, you can forward the events for storage to an external logging provider.
- Enforce password changes: You can enable a policy that requires users (with specific user roles) to change their passwords regularly. For example, administrator accounts can be required to change their passwords at least every 90 days.
- CSV export: Export events, users, and login attempts to CSV files.
Where is the documentation?
Please see the documentation on our site.
Will you add event x?
Most probably yes!
We know there are still some WP core events missing. This applies even more to 3rd party plugins where we want to release more extensions.
The good news is that we very actively developing the plugin and look for the feedback of the users to know which events first to add. You can share your feedback directly within the plugin, there is a link in the Settings » Sensor menu item.
Can the plugin track the pages my visitors are browsing?
No, and we do not have any intention to add that kind of functionality.
WP Admin Audit focuses on actions done by administrators and actions done by users which could be security relevant (e.g. user account creation, user role changes, …).
Is WP Admin Audit translation ready?
Yes, WP Admin Audit has full translation and localization support via the wp-admin-audit textdomain.
Based on your site language, required .mo and .po translation files will be downloaded and placed into the default WordPress languages directory.
Contributors & Developers
“WP Admin Audit” is open source software. The following people have contributed to this plugin.Contributors
“WP Admin Audit” has been translated into 2 locales. Thank you to the translators for their contributions.
Translate “WP Admin Audit” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Release Date – April 8th, 2023
- Add “Login Attempts” widget
- Fix: avoid database errors on installation
- Fix: avoid PHP warnings
Release Date – April 2nd, 2023
- Add support for new extension for the third-party plugin WPForms
- Compatible with WordPress 6.2
- Fix: check for available extensions working
- Fix: avoid PHP warnings
Release Date – February 17th, 2023
- Four new sensors: Option create / update (core) / update (other) / delete
- Improvement: login audit view gets filter (to filter to IP addresses that once/never had a successful login attempt), show percentage of successful logins, show percentage of existing usernames used in login attempts
- Improvement: for failed login attempts that tried to login into an existing username, show the user account in the Event log list view, too
- Improvement: In diagnosis view add event log stats (e.g. top five event types)
- Fixing issues when WADA table collation is different from core (user / usermeta) table
- Fix: password resets (through frontend/user) are recorded
- Fix: enforce password change only when enabled
Release Date – November 2nd, 2022
- Fix potential infinite loop (in logging functionality)
- User interface improvements in settings (quicker load times)
- Prepare database to support extensions that record events of third-party plugins
Release Date – August 26th, 2022
- Total of additional 19 new sensors for WP core events (categories, tags, comments, menus)
- Plugin now keeps track of last user activity, and allows to for example identify inactive admins
- Plugin now monitors login attempts, and allows to find the source (IP addresses) of automated / brute-force login attempts
- New admin dashboard widget: “Last Activities” (can be disabled in settings)
- User interface improvement: add severity filter to events list
- Bug fix: post meta data changes are recorded as well on post update
Release Date – July 3rd, 2022
- Fix installation issue
Release Date – July 2nd, 2022
- Fix issue where new sensors were not installed by default
- Fix “join beta tester” button
- UI improvement: add loading indicators for admin tables when sorting/filtering/etc.
- UI improvement: change pagination “items per page” setting from screen option to dropdown
Release Date – June 27th, 2022
- New sensors: WP general/writing/reading/discussion/media/permalink/privacy settings
- New feature: discover & install (missed) sensors via diagnostics view
- Fix for diagnostics view: download and delete log file buttons now work
- Fix for statistics on dashboard
Release Date – April 20th, 2022
- Fix the sorting functionality on the sensor list view
- Improve rendering for deleted posts
- Various other small UI improvements
Release Date – February 18th, 2022
- Fixes issue saving the event log retention period
- Introducing German translation
- Adding description (icons) in settings view
Release Date – February 1st, 2022
- Fixes installation problem
Release Date – January 24th, 2022
- Initial release