Join Jeff Starr for an in-depth discussion in this video Monitor admin users, part of WordPress: Developing Secure Sites .
- [Tutor] For sites with multiple users, it can be helpful to have a detailed record of what they're doing in the admin area. Being able to look at a history log of user activity, makes it easier to correct errors and resolve issues. In this video, we'll see how to keep an eye on user activity with a plugin called Activity Log, which does a great job of logging user actions with a simple, easy to use interface. Let's go to the add new plugin screen and take a look. Here it is. Checking the details, everything looks good.
It's current with the latest version of WordPress, it's recently updated, it's popular with a lot of active installs, and it has excellent ratings. Reading the description, we see that this plugin enables you to monitor user activity. It covers just about all of the major actions that a user can make while logged into the WordPress admin area. So let's check it out and see how it works. The Activity Log plugin already is installed on this demo site, so let's go ahead and activate.
And then we can get started by clicking the Activity Log link here in the dashboard menu. The first thing we see is the activity log itself, where all user activity will be logged and available for inspection. We've just activated the plugin, so currently there's only one entry, showing when the plugin was activated, who activated it, and so forth. As more activities are logged, each of them will display the date, the user, the IP address, the type of activity, an optional label, an action, and a brief description.
Basically, everything we need to keep an eye on what's happening in the admin area. Next, we have the settings screen, where the default settings are kept simple and work great. You can control the frequency at which logs should be deleted, and there's an option to delete all log activities on demand. Then under the notifications tab, we can set up custom notifications to receive email alerts for specific actions. For example, if we want to receive an alert anytime a plugin is activated or deactivated, we can set the action type equal to plugin, and then configure the email settings accordingly.
We check to enable the email alerts and we enter our email address, and we can customize the alert message as desired. Once everything is ready, we click save changes to make it so. And that's all there is to it. It's very straightforward. The plugin is now monitoring all important user activity in the admin area. And thanks to the notification settings, we'll receive an email any time someone activates or deactivates a plugin. So with everything configured, let's see Activity Log in action.
Here's what we want to do. First, we want to log out as the administrator. Then we want to log in as an author. While logged in, we'll publish a post, delete a post, and then log back out as author. Then we'll log in as the administrator, and activate and deactivate a plugin. So let's go ahead and perform those tasks. We log out, and then log back in as one of the authors. Now let's publish a post, and then delete a post, and log out as author.
Now we can complete the process by logging in as admin, and activating a plugin, and deactivating a plugin. Okay that should be enough to demonstrate how well the plugin works. Let's click on activity log, and we observe the sheer awesomeness of this plugin. Here we have a complete log of each major event, including plenty of details for further investigation. It's really a great way to keep an eye on what's going on in the admin area.
In this tutorial, we've seen how to use the Activity Log plugin to keep an eye on user activity in the admin area. This provides valuable information that will help, if and when something goes wrong. This provides valuable information that will help, if and when something goes wrong, making it easier to backtrack steps and return everything to normal.
- Backing up and restoring your site
- Setting up strong passwords
- Understanding users and roles
- Choosing trusted plugins and themes
- Changing and recovering passwords
- Configuring authentication keys
- Securing the login page
- Fighting spam in the comments
- Blocking access and detecting hacks
- Building a firewall for WordPress
- Detecting and blocking bots
- Auditing your WordPress security