WP Security Audit Log



Keep an activity log of everything that happens on your WordPress and WordPress multisite with the WP Security Audit Log plugin to:

  • Ensure user productivity
  • Ease troubleshooting
  • Know exactly what all your users are doing
  • Better manage & organize your WordPress site
  • Easily spot suspicious behavior before there are security problems.

WP Security Audit Log is the most comprehensive real time user activity and monitoring log plugin. It helps thousands of WordPress administrators and security professionals keep an eye on what is happening on their websites. It is also the most highly rated WordPress activity log plugin and have been featured on popular sites such as GoDaddy, ManageWP, Pagely, Shout Me Loud and WPKube.

Note: All WrodPress logging functionality is FREE. Features such as reports, email notifications & search are available in the Premium Edition.

WordPress Changes & Details the Plugin Keeps a Log Of

As a comprehensive & complete WordPress activity log solution WP Security Audit Log does not just tell you that a post, a user profile, or an object was updated. It keeps a log of what was changed within the post, profile or object.

Below is a summary of the changes that the plugin can keep a record of:

  • Post, Page and Custom Post Type changes such as status, content changes, title, URL, date and custom field changes

  • Tags and Categories changes such as creating, modifying or deleting them, and adding or removing them from posts

  • Widgets and Menus changes such as creating, modifying or deleting them

  • User changes such as user created or registered, deleted or added to a site on multisite network

  • User profile changes such as password, email, display name and role changes

  • User activity such as login, logout, failed logins and terminating other sessions

  • WordPress core and settings changes such as installed updates, permalinks, default role, URL and other site-wide changes

  • WordPress multisite network changes such as adding, deleting or archiving sites, adding or removing users from sites etc (activity logs for multisite networks).

  • Plugins and Themes changes such as installing, activating, deactivating, uninstalling and updating them

  • WordPress database changes such as when a plugin adds or removes a table

  • Changes on WooCommerce Stores & Products, Yoast SEO, Advanced Custom Fields (ACF), MainWP and other popular WordPress plugins.

  • WordPress site file changes such as new files are added, or existing ones are modified or deleted.

For every event that the plugin keeps a log of it also reports the:

  • Date & time (and milliseconds) of when it happened,
  • User & role of the user who did the change,
  • Source IP address from where the change happened.

Refer to WordPress Activity Log Events for a complete list of all the changes the WP Security Audit Log can keep a record of.

Extend the Functionality of the WP Security Audit Log Plugin

Upgrade to WP Security Audit Log Premium to:

  • See who is logged,
  • See what everyone is doing in real time,
  • Log off any user with just a click,
  • Generate HTML and CSV reports,
  • Export the activity log in CSV (ideal for integrations),
  • Get notified via email of important changes,
  • Get instant SMS message notifications of critical site changes,
  • Search the activity log using text-based searches,
  • Use built-in filters to fine tune the searches,
  • Store activity log in an external database to improve security,
  • Mirror the WordPress activity logs to Slack, Papertrail, Syslog and other central log management and collaboration solutions,
  • Configure archiving and mirroring of logs.

See our premium features page for more detailed information.

Free and Premium Support

Support for the WP Security Audit Log plugin on the WordPress forums is free.

Premium world-class support is available via email to all WP Security Audit Log Premium customers.

Note: paid customers support is always given priority over free support. Paid customers support is provided via one-to-one email and over the phone. Upgrade to Premium to benefit from priority support.

Other Noteworthy Features

WP Security Audit Log plugin also has a number of features that make WordPress and WordPress multisite monitoring and auditing easier, such as:

  • Built-in support for reverse proxies and web application firewalls
  • Full WordPress multisite support
  • Easily create your custom alerts to monitor additional functionality
  • Developer tools including the logging of all HTTP GET and POST requests
  • Integration with WhatIsMyIpAddress.com so you can get all information about an IP address with just a mouse click
  • Limit who can view the WordPress activity log by either users or roles
  • Limit who can manage the plugin by either users or roles
  • Configurable WordPress dashboard widget highlighting the most recent critical activity
  • Configurable WordPress security audit trail data retention
  • User avatar is shown in the alerts for better recognizability
  • Enable or disable any security alerts
  • and much more…

Refer to the WordPress activity log plugin datasheet for a complete list of features.

As Featured On:

WordPress Security Audit Log in your Language!

We need help translating the plugin and the WordPress Security Alerts. Please visit the WordPress Translate Project to translate the plugin and drop us an email on support@wpwhitesecurity.com to get mentioned in the list of translators below.

Activity Log Extensions

  • Activity Log for MainWP: This extension allows you to keep a log of MainWP network changes and to view the activity logs of all child sites from one central location – the MainWP dashboard.

Related Links and Documentation

Install WP Security Audit Log from within WordPress

  1. Visit ‘Plugins > Add New’
  2. Search for ‘WP Security Audit Log’
  3. Install and activate the WP Security Audit Log plugin
  4. Allow or skip diagnostic tracking

Install WP Security Audit Log manually

  1. Upload the wp-security-audit-log directory to the /wp-content/plugins/ directory
  2. Activate the WP Security Audit Log plugin from the ‘Plugins’ menu in WordPress
  3. Allow or skip diagnostic tracking


  • The Audit Log Viewer from where the WordPress administrator can see all the security events generated by WP Security Audit Log WordPress plugin.
  • See who is logged in to your WordPress and manage users sessions with the Users Sessions Management Add-On
  • The WP Security Audit Log plugin settings from where WordPress administrator can configure generic plugin settings such as reverse proxy support, who can manage the plugin etc.
  • The WordPress audit trail settings from where you can configure automatic pruning of alerts, which timestamp should be used, how many 404 requests should be logged and more.
  • Configuring WordPress email alerts with the Email Notifications Add-On
  • Search and filters functionality to automatically search through the WordPress security audit log with the Search Extension
  • The Enable/Disable Alerts settings node from where Administrators can disable or enable WordPress security alerts.
  • The Audit Log Viewer of a Super Admin in a WordPress multisite network installation with the Site selection drop down menu.
  • If there are more than 15 sites in a multisite, an auto complete site search shows up instead of the drop down menu (see screenshots for reference)
  • WP Security Audit Log is integrated with the built-in revision system of WordPress, thus allowing you to see what content changes users make on your WordPress posts, pages and custom post types. For more information read Keep Record of All WordPress Content Changes with WP Security Audit Log Plugin
  • Mirror the WordPress activity log to an external solution such as Syslog or Papertrail to centralize logging, ensure logs are always available and cannot be tampered with in the unfortunate case of a hack attack.


Support and Documentation

Please refer to our Support & Documentation pages for all the technical information and support documentation on the WP Security Audit Log plugin.


Perfect way to see what your VAs and Team are or are not doing!

Having had years of experience hiring outsourced teams [mostly in Asia] and having used systems to TRY and control if outsourced workers actually work for the time paid them or play games, watch YT videos and porn, chat all day on FB, or work for others while I pay [many do!], I soon realized this is a total waste of time. You need to hire a trusted person full time just to look at all the captures and mouse usage data to see patterns and try and figure out if they are working or cheating. They use multiple devices, smartphones and learned to cheat these screen-capture tools. Plus, when enforcing via Upwork or SaaS some screen spying app - they hate you for it and make it their mission to find creative ways to screw you and outsmart these tools. And yes, it is very annoying using such things. Makes a person feel untrusted, offended, controlled, jailed, unhappy to work for you and totally hostile. Then of course there's also the issue of hiring some cheap outsourced developers for an existing eCom / money site you may have. You wanna know what they do, what they upload and install, what they fiddle with and be able to tell why something may go wrong suddenly - if it does. So how to monitor effectively without annoying and offending people? By not letting them see and realize they are monitored. This plugin is the perfect solution. However, for maximum effect and control, IMHO it needs to be used along with the Menu Editor Pro plugin. The latter will give you control options on what to show or hide from which specific user account or role. So you can make an admin account and limit it in many ways as you need, as an example. Even as far as which plugins are visible to that user, what settings they can alter, which users they don't get to see and are unable to delete. And much more. Damage control, so to say. WP Security Audit Log Pro gave me a very excellent EASY and time-saving way to have a clear overview and assessment of the situation with a developer I tested out for a few days. I generated a daily email report on all login and periods of activity and actions my employee did [didn't want to keep checking in to see live what's going on - just wanted a neat summary of the workday]. Thus I could see I paid for 8h while he only bothered logging in and doing some stuff for 3h. And I could see what posts and pages and Elementor templates he worked on, plugins and files he decided to upload. Pages he made instead of editing existing ones as per project specs. His erratic and time-wasting pattern of work, indicating he is no pro as claimed. Etc. Highly recommended! Great plugin when you hire writers, eCom shop assistants, etc. You never want bad surprises with your eCom - you want to KNOW if they change pricing, ruin something in your funnel or whatever. This plugin will tell you!

Great Plugin and Service!

It's perfect to WordPress/Woocommerce audits! I'm very much satisfied with the plugin. The author and support is great too!
Lees alle 235 beoordelingen

Bijdragers & ontwikkelaars

“WP Security Audit Log” is open source software. De volgende personen hebben bijgedragen aan deze plugin.


“WP Security Audit Log” is vertaald in 2 talen. Dank voor de vertalers voor hun bijdragen.

Vertaal “WP Security Audit Log” naar jouw taal.

Interesse in ontwikkeling?

Bekijk de code, haal de SVN repository op, of abonneer je op het ontwikkellog via RSS.


3.4.1 (2019-05-16)

Release notes: New plugin settings import/export tool & hooks for theme developers

  • New Features

    • Tool to export and import plugin configuration & settings.
    • Exclude range of IP addresses from the activity log.
    • New hooks for theme developers to display the custom login messages the plugin shows when multiple user sessions are blocked.
    • New hook to add a list of hidden meta keys the plugin should keep a log of.
  • Plugin Improvements

    • First time plugin use texts is now easier to read and much shorter.
    • Added support for more time & date formats in the activity log reports for WordPress.
    • Improved content sensor – previously reporting events not neccessarily needed (background processes)
    • Removed hardcoded paths from the WordPress file integrity scanner.
    • Removed Sites filter from audit log viewer – made redundant by the site selector drop down menu.
  • Bug Fixes

    • Multiple events reporting the same thing generated when user changes WooCommerce shipping / billing address.
    • Updated incorrect tags used in test SMS message.
    • Event 2002 (modified post) reported even when there is a specific change event ID.
    • Event 2016 (plugin modified post) reported whenever a post is updated by user.
    • External database connection cannot be deleted because it is marked in use even when not.
    • Plugin generating error when set_user_role is set to NUL in request.
    • Infinite scroll stops working on Firefox (intermittent issue).

Earlier versions

Please refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Security Audit Log plugin.