WP Security Audit Log



Keep an audit log of everything that happens on your WordPress and WordPress multisite with the WP Security Audit Log plugin to ensure user productivity, easily spot suspicious behavior before it becomes a WordPress security problem and have an organized website.

WP Security Audit Log is WordPress’ most comprehensive real time user activity and monitoring log plugin. It helps thousands of WordPress administrators and security professionals keep an eye on what is happening on their websites. It is also the most highly rated WordPress activity log plugin and have been featured on popular WordPress blogs such as GoDaddy, ManageWP, Pagely, WP Mayor and WPKube.

Note: All logging functionality is and will always remain FREE. Additional features such as reports, instant email alerts and search are available in the Premium Edition.

WordPress Changes & Details the Plugin Keeps a Log Of

If you are looking for a comprehensive & complete WordPress activity log solution you are in the right place. The WP Security Audit Log plugin does not just tell you that a post, a user profile or an object was updated. It reports what was changed within the post, profile or object in real time.

Below is a summary of the changes that the plugin can keep a record of:

  • Post, Page and Custom Post Type changes such as status, content, title, URL, date and custom field changes

  • Tags and Categories changes such as creating, modifying or deleting them, and adding or removing them from posts

  • Widgets and Menus changes such as creating, modifying or deleting them

  • User changes such as user created or registered, deleted or added to a site on multisite network

  • User profile changes such as password, email, display name and role changes

  • User activity such as login, logout, failed logins and terminating other sessions

  • WordPress core and settings changes such as installed updates, permalinks, default role, URL and other site-wide changes

  • WordPress multisite network changes such as adding, deleting or archiving sites, adding or removing users from sites etc

  • Plugins and Themes changes such as installing, activating, deactivating, uninstalling and updating them

  • WordPress database changes such as when a plugin adds or removes a table

  • Changes on BBPress forums, WooCommerce Stores and Products and other popular WordPress plugins.

For every change the plugin keeps record of it also reports the:

  • Date & time (and milliseconds) of when it happened,
  • User & role of the user who did the change,
  • Source IP address from where the change happened.

Refer to WordPress Audit Log Alerts for a complete list of all the changes the WP Security Audit Log can keep a record of.

Extend the Functionality of the WP Security Audit Log Plugin

Upgrade to WP Security Audit Log Premium to:

  • See who is logged,
  • See what everyone is doing in real time,
  • Log off any user with just a click,
  • Generate HTML and CSV reports,
  • Export the audit log in CSV (ideal for integrations),
  • Get instantly notified via email of important changes,
  • Search the audit log using text-based searches
  • Use built-in filters to fine tune the searches,
  • Store audit log in an external database to improve security,
  • Integrate & centralize the WordPress audit log in syslog, Paperlog and other third party log management solutions,
  • Configure archiving and mirroring of logs.

See our premium features page for more detailed information.

Free and Premium Support

Support for the WP Security Audit Log plugin on the WordPress forums is free.

Premium world-class support is available via email to all WP Security Audit Log Premium customers.

Note: paid customers support is always given priority over free support. Paid customers support is provided via one-to-one email and over the phone. Upgrade to Premium to benefit from priority support.

Other Noteworthy Features

WP Security Audit Log plugin also has a number of features that make WordPress and WordPress multisite monitoring and auditing easier, such as:

  • Built-in support for reverse proxies and web application firewalls
  • Full WordPress multisite support
  • Easily create your custom alerts to monitor additional functionality
  • Developer tools including the logging of all HTTP GET and POST requests
  • Integration with WhatIsMyIpAddress.com so you can get all information about an IP address with just a mouse click
  • Limit who can view the WordPress audit trail by either users or roles
  • Limit who can manage the plugin by either users or roles
  • Configurable WordPress dashboard widget highlighting the most recent critical activity
  • Configurable WordPress security audit trail data retention
  • User avatar is shown in the alerts for better recognizability
  • Enable or disable any security alerts
  • and much more…

As Featured On:

WordPress Security Audit Log in your Language!

We need help translating the plugin and the WordPress Security Alerts. Please visit the WordPress Translate Project to translate the plugin and drop us an email on support@wpwhitesecurity.com to get mentioned in the list of translators below.

Related Links and Documentation

Install WP Security Audit Log from within WordPress

  1. Visit ‘Plugins > Add New’
  2. Search for ‘WP Security Audit Log’
  3. Install and activate the WP Security Audit Log plugin
  4. Allow or skip diagnostic tracking

Install WP Security Audig Log manually

  1. Upload the wp-security-audit-log directory to the /wp-content/plugins/ directory
  2. Activate the WP Security Audit Log plugin from the ‘Plugins’ menu in WordPress
  3. Allow or skip diagnostic tracking


  • The Audit Log Viewer from where the WordPress administrator can see all the security events generated by WP Security Audit Log WordPress plugin.
  • See who is logged in to your WordPress and manage users sessions with the Users Sessions Management Add-On
  • The WP Security Audit Log plugin settings from where WordPress administrator can configure generic plugin settings such as reverse proxy support, who can manage the plugin etc.
  • The WordPress audit trail settings from where you can configure automatic pruning of alerts, which timestamp should be used, how many 404 requests should be logged and more.
  • Configuring WordPress email alerts with the Email Notifications Add-On
  • Search and filters functionality to automatically search through the WordPress security audit log with the Search Extension
  • The Enable/Disable Alerts settings node from where Administrators can disable or enable WordPress security alerts.
  • The Audit Log Viewer of a Super Admin in a WordPress multisite network installation with the Site selection drop down menu.
  • If there are more than 15 sites in a multisite, an auto complete site search shows up instead of the drop down menu (see screenshots for reference)
  • WP Security Audit Log is integrated with the built-in revision system of WordPress, thus allowing you to see what content changes users make on your WordPress posts, pages and custom post types. For more information read Keep Record of All WordPress Content Changes with WP Security Audit Log Plugin
  • Mirror the WordPress audit trail to an external solution such as Syslog or Papertrail to centralize logging, ensure logs are always available and cannot be tampered with in the unfortunate case of a hack attack.

Vanliga frågor

Support and Documentation

Please refer to our Support & Documentation pages for all the technical information and support documentation on the WP Security Audit Log plugin.


[Resolved]: Admin Spam

Update: The admin area spam was deemed a bug by the developers. Rating revised to reflect the change and the fast developer reply. A huge thank you to their team for keeping the admin area clean!

The pluging works as advertised. I’ve yet to use it long enough to provide a full review, so I am reluctant to just drop 5 stars. Be prepared for a great deal of information to be logged! I’ll continue to monitor the performance of the plugin. While some reviews have stated the plugin’s logs eventually bloat and slow down the site, I have yet to experience that. I’ll update this review as I gain more experience with the plugin.

The plugin works as advertised, HOWEVER unless you like spam showing up in your admin notification areas, don’t install this plugin. The annoying trend of spamming the notification area on all admin pages leads to constantly having to dismiss messages that show up on every stinking page in the admin area, for all users. In only takes a few of these spammers messages to take up 1/3 to 1/2 of your screen area and you get the ”privilege” of having to dismiss every one of them on every admin page you access. Let these developers know this is NOT acceptable by your ratings or by NOT installing this plugin.

Very useful plugin

I have installed this plugin and it worked perfectly

The customer support is really good. They are always interested in resolving your problems


Great plugin

Being able to see exactly what your users are up to can be the best thing when trying to diagnose any issues they are having. Great plugin out of the box.

Valuable Tool For Security & More

Thank you for creating such a great logging tool for the WordPress community.

If you are reading this comment to see if you should try this activity tracking tool then you need to try it. It has a ‘switch’ that cleans up your database if you want to remove it later so you have everything to gain and nothing to lose.

– Steve D.

A must for a wordpress toolbox

This plugin helped me stop a hacker from changing code on my page. I was alerted to suspicious activity on the page and I was able to stop it and undo the malware.

Läs alla 173 betyg

Bidragsgivare och utvecklare

”WP Security Audit Log” är programvara med öppen källkod. Följande personer har bidragit till detta tillägg.

Bidragande personer

”WP Security Audit Log” har översatts till 1 språk. Tack till översättarna för deras bidrag.

Översätt ”WP Security Audit Log” till ditt språk.

Intresserad av programutveckling?

Läs programkoden, kika på SVN-filförvaret eller prenumerera på utvecklarloggen via RSS.

Ändringslogg (2018-08-15)

  • Bug fix
    • Fixed a compatibility problem with Windows server.

3.2.3 (2018-08-13)

Release Notes: click here

  • New Features

  • Improvements

    • Performance improvement: optimized the logic of the plugin sensors to load only required ones during user action.
    • Redesigned all the settings pages and included more help text, making them more user friendly.
    • Added links to plugin knowledge base where possible in the plugin settings.
    • Improved the WordPress activity log pruning setting so now it is possible to configure retention based on a period of time.
    • Database improvement: changed the option_value column in the plugin tables to long text.
    • WordPress website file changes results are now stored in the plugin’s options table.
    • Improved the list of excluded file extensions in the WordPress file changes scanner.
    • Added sorting in the logged in WordPress users view.
    • Added more checks to ensure opt-in and other plugin messages are shown when needed only.
    • Removed affiliate network message in plugin.
  • Bug Fixes

    • Fixed an issue where stored passwords might have been changed because of change from Mcrypt to OpenSSL.
    • Fixed an issue in which retention settings were reset when moved to archiving settings.