2.4 Monitor User Activity

Hello everyone, I am Reggie Dawson. Welcome to the WordPress security tips course for Tuts+. Another one of the useful plugins that we can use to help manage our security is an activity log viewer. We can use this to determine exactly what actions individual accounts are performing. The first plugin we will look at is the WP Security Audit Log. Once we install it we will get an audit log menu. If we go to the settings in that menu, we can configure the plugin. The email and display name is used by the premium version of the plugin. The alerts dashboard widget determines whether a widget that displays the last five alerts appears in the dashboard. Next, we have some settings that we can use if our site is running behind a proxy or firewall. Now by default, any administrator can manage this plugin, but we can also assign any role or users specifically that can manage this plugin. If we check the restrict access check box, only the currently logged in admin and those listed in can manage plugin will be able to manage this plugin. If we check this, that means administrators will no longer be able to manage this plugin by default. We can also disable logging from here, and remove all data if we uninstall this plugin. Then in the enable/disable alerts menu, we can control what events are logged. And then finally, the audit log viewer is where we will see the events that are logged. Now, this plugin is good, but many of the features are just available to premium. Now, the activity log plugin calls itself the number one activity log plugin. Once we install this plugin, we get another menu option for activity log. Unlike the last plugin, this one has much less options, but still gets the job done. In the settings, we can decide how long to keep log activity. We also have the option of deleting all the activities from the database. Then in notifications, we can set up custom notifications events based on user, action type, or action performed. We can also configure email alerts, which in the last plugin was a premium feature. If you look at the activity log, it is very simple to read and can be sorted in a variety of ways. Now, the final plugin we will look at is the simple history plugin. This, to me, is the best choice for an activity log plugin, but again, this is based on personal preference. After we install this plugin, we will have a menu in the settings that says simple history. First, we can choose how our history is displayed, as either a widget on the dashboard, or a page under the dashboard. Then we can configure the number of items of the log page, as well as the number of items on the dashboard. Then we have a button that allows us to clear the log, along with a message letting us know the items are removed from the log after 60 days. Then we also have the option to receive our log updates through an RSS feed. In the export settings we have the option of exporting the history log to the format formatter of our choice. Then if we go to the dashboard, we can see our simple history. We can decide what timeframe to view, as well as search events. Under the dashboard, we also have a page dedicated to the simple history. This page has the same search options, as well as the stats widget. Overall, this is an easy plugin to configure, but perfect to track the activity on your site. As I mentioned before, these are all choices of personal preference. Your best bet is to try out some of these plugins, and see what works for you. In the next video, we will look at some ways that we can secure our themes and plugins.