If you are running a multi-user WordPress site, you are probably finding a way to monitor user activity in your WordPress site. This helps to understand what’s happening on your site, for example when a user logged in, what are their activities after entering your site, if an Editor made any changes to your post or page and most importantly if a user is trying to brute force attack on your site etc.
By default, there is no way to track user activity in WordPress. Fortunately, there are several plugins available that will help you to monitor user activity in WordPress.
In this article, I will share 5 best WordPress plugins to track user activity in your WordPress site.
Why Would You Need to Monitor User Activity in WordPress?
Running a multi-user WordPress site is easy but keeping an eye on users isn’t. You trust your users and give them access to your site to do certain things. But who knows, a user can try to exploit your site.
However, apart from the security benefits, there are also many other advantages of using a security audit log plugin.
If you allow other users to modify your site settings or update plugins and themes, they may create a problem while changing something, then you can see what did they change and you can teach them how to use the function properly.
If an editor made any changes to a post without your permission, you can see what was the changes made by the editor and you can revert it back.
Another great thing about a security audit log plugin that it immediately sends you an email notification on certain events.
Best User Activity Monitoring Plugins for WordPress
There are many user activity tracking plugins available. But for this article, I will use WP Security Audit Log plugin and also show you other alternatives.
1. WP Security Audit Log
WP Security Audit Log is the most comprehensive WordPress activity log plugin that monitors everything that happens on your WordPress site.
It lets you know all the users’ actions they are making through your site and easily spots any suspicious activity of a user and instantly sends you an email about the issue. Then you can log in to your WordPress admin dashboard and check what went wrong.
Unlike other security audit log plugins, it doesn’t only tell you that a post, a profile, or an object was updated but also tells you the post URL, date, category, content, status, custom fields etc changed. The same for user profiles, it will tell you if the email, password, first name, display name, role or anything else was changed.
The best thing about this plugin is that you can check who is logged in to your site and what they are doing in real time. If you find anything suspicious, you can force log off any user with just a click.
This plugin is freemium. However, the premium version plugin comes with more functionalities that will help you to keep an eye on your users’ activities. Here are some key features of WP Security Audit Log:
- Comprehensive audit log
- See who is logged in and what are they doing in real time
- Get instantly notified via email of any changes
- Log off any user with just one click
- Generate HTML and CSV reports
- and much more…
Setting Up the WP Security Audit Log
First, install and activate the WP Security Audit Log plugin. After activating this plugin, it will ask you to run the setup wizard to configure the plugin. I recommend you to configure the plugin through the setup wizard.
-
Log Details
In the first step, you need to select which level of activity log details you want to receive. If you don’t want activity logs in detail, you can select Basic or select the Geek option if you want all activity logs in detail.
Click on the Next button for the next option.
-
Log Retention
Here, you can choose how long do you want to keep the data for the activity log plugin. I recommend you to select 6 months as the plugin stores data in your WordPress database, so your database size will grow and take more disk space.
Don’t panic. After finishing the setup wizard, you can change the Audit Log Retention time to 1 month by going to Audit Log> Settings> Activity Log. Now, let’s move on to the next step.
-
Access
By default users with the Administrator role can access the plugin. From here, you can allow other users to access the plugin log.
If you don’t want any other user to access the plugin, then you can skip the option by clicking on the next button.
-
Exclude Objects
If you would like to exclude a particular user(s), role or an IP address from the log, you can specify them by entering their details below. I recommend you to skip the option.
Once you finished setting up the plugin, you can also change the existing settings that you have made before.
Simply go to Audit Log> Settings and you can configure options such as how long you want to keep the log data, add user notification on the WordPress login page, can view logged in user’s activity in real time etc.
You can also hide the plugin from the list of installed plugins. This is a very convenient option when you don’t want to reveal to your users that you are using this kind of plugin.
There are more other options you can configure on your way.
Audit Log Viewer
Once you have finished configuring the plugin, click on Audit Log Viewer to see users’ activities.
For testing purpose, you can create or edit your post or make any changes in your site to check whether the plugin is working on not. Here’s an example below.
As you can see from the screenshot above, the plugin tracks everything happening on your site. If you are running a multi-user WordPress site, then I highly recommend you this plugin.
Price: Free | Premium: $89
2. Simple History
Simple History is another great plugin to track WordPress user activity. This plugin monitors all recent changes that are made on your website and shows directly on your WordPress dashboard. It shows who added, updated or deleted a post or page, who edited comments, when a user login and log out, see when a user has tried to log in but failed and much more.
After installing Simple History, go to Settings> Simple History and configure the plugin.
From the setting page, you can enable or disable show history on the dashboard as well as in a page under the dashboard menu. This is where you can see all the users’ activities.
You can also enable RSS feed to monitor the history. This will allow you to hide the history page from other users.
By default, the plugin automatically stores data for 60 days, but you can also delete the history anytime by clicking on the clear log now.
After setting up this plugin, go back to your WordPress dashboard. From there, you can view user activity.. You can also search for a particular user to see his activity throughout your website.
Price: Free
Download Simple History Plugin
3. Activity Log by Pojo
Activity Log by Pojo is a completely free WordPress plugin for tracking your site activity. You can see who is logged in, if someone s trying to hack your site, when a post was published, and other things that are happening in your website.
The good thing about this plugin is that it doesn’t require any setup process. It works out of the box.
By default, the plugin keeps logs for 30 days, but you can change the time from plugin settings. You can also delete log activities by clicking on the reset database.
From the notifications settings, you can also create custom notification events, so that notifications will be sent upon a successful match with certain conditions. Here you can also enable or disable email notification and set a custom message.
Price: Free
4. User Activity Log
User Activity Log is another great plugin for monitoring site activities. The free version plugin has many useful features that will show you all users’ activities such as WordPress core updates, post and page updates, tag changes, plugin activated and deactivated, theme activated and deactivated, user’s activity throughout your site and much more. You will also get email notification when a particular user logged in to your site.
However, the free version plugin has limited features but you can unlock them by upgrading to the premium version.
With the premium version plugin, you can track your multiple blog author’s activities, track who has logged in and when with IP address, view successful/ unsuccessful login/logout attempts, track which IP addresses are targeting your login page etc.
Like Activity Log by Pojo plugin, it doesn’t require any additional setup. You can just set the maximum number of days to store the activity log and you are good to go.
Price: Free | Premium: $69
Download User Activity Log Free Version | Get User Activity Log Pro
5. Stream
Stream is a very lightweight WordPress user activity tracking plugin. This plugin displays all users’ activities in the Stream option and you can filter the history log by user, role, context, action or IP addresses.
Stream supports normal WordPress installs and if you are an advanced user, you can use it on a WordPress multisite network to view all user activity records.
It also has built-in tracking integrations for popular plugins like:
- Advanced custom fields
- bbPress
- Jetpack
- Gravity Forms
- WooCommerce
- WordPress SEO by Yoast
- BuddyPress
- User Switching
- Easy Digital Downloads
You can export your activity stream as CSV or JSON file. It also allows you to query your activity logs via WP-CLI command.
Price: Free
Wrapping Up
Installing a security audit log plugin will give you useful information about what’s happening on your site.
If you are a sole author in your blog, you may not need this, but if you are running a multi-user WordPress site, you need to track all users’ activities to see if a user is trying to hack your site, who and when made a change to your site. This way you can harden your WordPress security.
In this article, I have discussed both free and premium user activity tracking plugins for WordPress.
If you run a small blog with a few users, then you can start with a free plugin like simple history or activity log, but if you have a bigger or business website, you can buy premium version like WP Security Audit Log Pro where you will get more advanced features and you can even see users activities in real time.
Related Articles,
- Beginner’s Guide to WordPress User Roles and Capabilities
- How to Password Protect Your WordPress Login (wp-login.php) Page
- How to Login Limit Attempts in WordPress