WPMU Recommends: Your Best WordPress Activity Logging Setup

WPMU Recommends: Your Best WordPress Activity Logging Setup

User Logging-Police lineup of suspectsHave you ever had your WordPress site messed up in a big way by one of your users, but you couldn’t discover who it was? We recently ran an article on how ThreeWP Activity Monitor can log different site activities so you can figure out what happened after the fact. Now let me compare the most popular and recent user logging tools by some (mostly) objective standards.

Why user activity logging?

Logging user activity is not sexy, social, or SEO-relevant–so why should you bother?

When disaster strikes…

WordPress User Log-Security cameras keep a watchful eyeActivity logging helps you understand what actions happened, when, and which logged-in user performed them. When you give users permission to change certain things on your site, their actions can sometimes result in big problems. By logging activity, you can find out which user caused problems and then address the issue directly with that user.

In addition to knowing what users are doing to your site, most activity logging can help you fend off unauthorized access attempts by pointing out logins, failed logins, password reset requests, and other account-specific actions.

Think of user activity logging like installing a security camera in your office. You probably don’t brag to your friends about it, and you certainly hope you don’t need to be combing through video footage every day trying to find out who stole your donuts. When things start getting fishy, though, you’ll be glad you installed that thing.

What activities do we want to log?

Remember, we’re not looking to log pageviews and such here–that’s better left to true analytics solutions. We want to keep track of site-altering activities our logged-in users perform. We’re looking to log the following kinds of activity:

Content actions

User Logging Content Activity-Woman writes in a notebookFor posts, pages, and media on your site, we need to know when they are added, updated, and removed. Other information–such as what specifically was updated–would also be helpful. When a site allows discussion, we’d like to log all management of comments–including approval, spamming / deleting, and so forth.

Organization actions

User Logging Organization-Beads sorted by colorWhen category, tag, and custom taxonomy terms are added, updated, or deleted, we’d like to know about it. The same goes for any changes to the parent / child relationship between hierarchical content types, like pages.

Appearance actions

User Logging Appearance-Sign reading "Design"The appearance of a site can be drastically affected by a number of changes in the “Appearance” section of the dashboard. We hope to log any theme installations, activations, or deletions. We definitely would like to know if anyone uses the backend editor to make changes to theme files. It would also be nice to have a log of changes made to theme settings–though this may be a tall order, since there are so many variables to consider.

Themes aren’t the only Appearance options we’d like to monitor. Logging changes to the “Menu,” “Header,” and “Background” settings could also be important.

Functionality actions

User Logging Plugins-forged tools lying on tableVital functions for a site’s operation may be provided by plugins. We’d like to know when plugins are installed, activated, and updated. Logging the plugin version with these actions would be particularly important. Like with Appearance, we want to know if anyone uses the backend editor to make changes to plugin files. Logging changes made to a plugin’s particular settings would be fantastic.

In addition to plugin functionality, sites rely on a number of WordPress core settings, such as “Reading,” “Permalinks,” and “Privacy” to name a few. Logging any and all changes to these settings would be a blessing.

Security actions

User Logging Security Actions-Padlock on doorLogging is not all about actions taken by authorized users. We’d like to log any activity that might suggest someone is trying to gain unauthorized access to your site. Knowing when user accounts are registered, when profiles are updated, and when lost password requests come in can help paint a picture when suspicious activity surfaces.

In addition to user account activity, we might consider importing and exporting of site content to be a security issue. If a user performs a wholesale export of a site’s posts, it would be nice to know about it–whether they choose to inform us or not.

What other features do we want?

While it’s most important that our logging plugin track as many of our listed activities as possible, we also need the plugin to have a few utility functions to make it useful.

  1. Exporting logs to some spreadsheet format makes data easier to work with.
  2. The ability to log events from custom sources–such as plugins and themes–would help us build a complete logging solution for all desired activity.
  3. Automatically limiting log size or rotating logs out to files would prevent us from overwhelming servers accidentally.
  4. The ability to pick-and-choose which activities to log is important.
  5. The user interface should be easy to use.

Introducing the players

I’ve chosen the following 5 plugins as contenders in this battle. Note these are all available from the WordPress Plugin Directory–there are no premium plugins included in this evaluation. If you know of premium plugins that might rise to the top of this comparison, please let me know in the comments.

Recommendations for a complete user logging solution

ThreeWP Activity Monitor comes out on top in this comparison. Just adding or improving a few features would push this plugin far out of the others’ reach.

Plugin, Appearance, and Settings activity logs

None of the 4 solutions in the comparison table logged important theme, plugin, and other settings changes. This functionality is provided fairly well by the 5th player on our list, “WP Changes Tracker.” I left this plugin out of the comparison table after I realized it met different–however important–logging needs. I recommend activating both “ThreeWP Activity Monitor” and “WP Changes Tracker” for sites needing the most comprehensive activity logging.

Room for improvement

No solution is perfect, and “ThreeWP Activity Monitor” left me scratching my head regarding a few missing functions. I hope the author can add the following features in the future:

  1. Logging posts when saved as draft or scheduled–not just when they publish live
  2. Exporting a filterable log to CSV
  3. Logging new user registrations
  4. Logging taxonomy and term operations
  5. Logging attachment operations

Ratings chart

The following feature comparison and rating table summarizes how each solution meets the requirements we set forth above, on a scale of 1 to 5, 5 being best.

ThreeWP Activity Monitor WordPress Audit Trail Simple History WP Activity
Content Actions
Content created 4 4 3 4
Attachment added 1 4 3 1
Attachment deleted 1 4 3 1
Content updated (what changed?) 3 4 3 2
Content moved in / out of trash 5 1 1 1
Content deleted 5 3 3 3
Content revision changed 1 1 1 1
Comment reset 4 1 1 1
Comment reapproved 4 1 3 1
Comment approved 4 1 3 1
Comment edited 3 3 3 3
Comment deleted 4 4 3 3
Comment held back 4 1 1 1
Comment spammed 4 1 4 1
Comment trashed 4 1 4 1
Organization Actions
Taxonomy added 1 1 1 1
Taxonomy updated (what changed?) 1 1 1 1
Taxonomy deleted 1 1 1 1
Page Parent changed (to and from?) 1 1 1 1
Appearance Actions
Theme install / uninstall 1 1 1 1
Theme activate / deactivate 1 4 1 1
Theme settings change 1 1 1 1
Theme editor use 1 1 1 1
Appearance > Menu changes 1 1 2 1
Appearance > Widget changes 1 1 1 1
Appearance > Header changes 1 1 1 1
Appearance > Background changes 1 1 1 1
Functionality Actions
Plugin install / uninstall 1 1 1 1
Plugin activate / deactivate 1 1 4 1
Plugin settings change 1 1 1 1
Plugin editor use 1 1 1 1
Security Actions
User registration 1 3 3 1
Login / Logout 5 5 3 3
Password reset 3 3 1 1
Password retrieval 3 3 1 1
Password change 2 2 1 1
User info change 2 3 2 2
User deletion 3 3 3 1
Utility Functions
Export log to CSV 1 3 1 4
Automatic log management 3 2 1 3
Control over which actions are logged 5 5 1 5
Log events from custom sources 3 2 4 1
User interface 3 2 4 4
Plugin stats
Requirements 3.3 or higher 3.1 or higher 2.9.2 or higher 3.1 or higher
Compatible up to 3.4.1 3.4.1 3.3.2 3.3.2
Last updated 2012-7-18 2012-5-8 2011-6-22 2012-5-4
Downloads 18,572 37,086 7,255 13,137
Average Rating 4.5 4 5 4
Total Ratings 25 18 12 14
Point Totals 101 89 84 68

What are your experiences?

Do you have any user stories where activity logging helped or would have helped? Are you using activity logging currently on your site? Please let me know in the comments–I’d love to hear your take!