WPMU Recommends: Your Best WordPress Activity Logging Setup
Have you ever had your WordPress site messed up in a big way by one of your users, but you couldn’t discover who it was? We recently ran an article on how ThreeWP Activity Monitor can log different site activities so you can figure out what happened after the fact. Now let me compare the most popular and recent user logging tools by some (mostly) objective standards.
Why user activity logging?
Logging user activity is not sexy, social, or SEO-relevant–so why should you bother?
When disaster strikes…
Activity logging helps you understand what actions happened, when, and which logged-in user performed them. When you give users permission to change certain things on your site, their actions can sometimes result in big problems. By logging activity, you can find out which user caused problems and then address the issue directly with that user.
In addition to knowing what users are doing to your site, most activity logging can help you fend off unauthorized access attempts by pointing out logins, failed logins, password reset requests, and other account-specific actions.
Think of user activity logging like installing a security camera in your office. You probably don’t brag to your friends about it, and you certainly hope you don’t need to be combing through video footage every day trying to find out who stole your donuts. When things start getting fishy, though, you’ll be glad you installed that thing.
What activities do we want to log?
Remember, we’re not looking to log pageviews and such here–that’s better left to true analytics solutions. We want to keep track of site-altering activities our logged-in users perform. We’re looking to log the following kinds of activity:
For posts, pages, and media on your site, we need to know when they are added, updated, and removed. Other information–such as what specifically was updated–would also be helpful. When a site allows discussion, we’d like to log all management of comments–including approval, spamming / deleting, and so forth.
When category, tag, and custom taxonomy terms are added, updated, or deleted, we’d like to know about it. The same goes for any changes to the parent / child relationship between hierarchical content types, like pages.
The appearance of a site can be drastically affected by a number of changes in the “Appearance” section of the dashboard. We hope to log any theme installations, activations, or deletions. We definitely would like to know if anyone uses the backend editor to make changes to theme files. It would also be nice to have a log of changes made to theme settings–though this may be a tall order, since there are so many variables to consider.
Themes aren’t the only Appearance options we’d like to monitor. Logging changes to the “Menu,” “Header,” and “Background” settings could also be important.
Vital functions for a site’s operation may be provided by plugins. We’d like to know when plugins are installed, activated, and updated. Logging the plugin version with these actions would be particularly important. Like with Appearance, we want to know if anyone uses the backend editor to make changes to plugin files. Logging changes made to a plugin’s particular settings would be fantastic.
In addition to plugin functionality, sites rely on a number of WordPress core settings, such as “Reading,” “Permalinks,” and “Privacy” to name a few. Logging any and all changes to these settings would be a blessing.
Logging is not all about actions taken by authorized users. We’d like to log any activity that might suggest someone is trying to gain unauthorized access to your site. Knowing when user accounts are registered, when profiles are updated, and when lost password requests come in can help paint a picture when suspicious activity surfaces.
In addition to user account activity, we might consider importing and exporting of site content to be a security issue. If a user performs a wholesale export of a site’s posts, it would be nice to know about it–whether they choose to inform us or not.
What other features do we want?
While it’s most important that our logging plugin track as many of our listed activities as possible, we also need the plugin to have a few utility functions to make it useful.
- Exporting logs to some spreadsheet format makes data easier to work with.
- The ability to log events from custom sources–such as plugins and themes–would help us build a complete logging solution for all desired activity.
- Automatically limiting log size or rotating logs out to files would prevent us from overwhelming servers accidentally.
- The ability to pick-and-choose which activities to log is important.
- The user interface should be easy to use.
Introducing the players
I’ve chosen the following 5 plugins as contenders in this battle. Note these are all available from the WordPress Plugin Directory–there are no premium plugins included in this evaluation. If you know of premium plugins that might rise to the top of this comparison, please let me know in the comments.
Recommendations for a complete user logging solution
ThreeWP Activity Monitor comes out on top in this comparison. Just adding or improving a few features would push this plugin far out of the others’ reach.
Plugin, Appearance, and Settings activity logs
None of the 4 solutions in the comparison table logged important theme, plugin, and other settings changes. This functionality is provided fairly well by the 5th player on our list, “WP Changes Tracker.” I left this plugin out of the comparison table after I realized it met different–however important–logging needs. I recommend activating both “ThreeWP Activity Monitor” and “WP Changes Tracker” for sites needing the most comprehensive activity logging.
Room for improvement
No solution is perfect, and “ThreeWP Activity Monitor” left me scratching my head regarding a few missing functions. I hope the author can add the following features in the future:
- Logging posts when saved as draft or scheduled–not just when they publish live
- Exporting a filterable log to CSV
- Logging new user registrations
- Logging taxonomy and term operations
- Logging attachment operations
The following feature comparison and rating table summarizes how each solution meets the requirements we set forth above, on a scale of 1 to 5, 5 being best.
|ThreeWP Activity Monitor||WordPress Audit Trail||Simple History||WP Activity|
|Content updated (what changed?)||3||4||3||2|
|Content moved in / out of trash||5||1||1||1|
|Content revision changed||1||1||1||1|
|Comment held back||4||1||1||1|
|Taxonomy updated (what changed?)||1||1||1||1|
|Page Parent changed (to and from?)||1||1||1||1|
|Theme install / uninstall||1||1||1||1|
|Theme activate / deactivate||1||4||1||1|
|Theme settings change||1||1||1||1|
|Theme editor use||1||1||1||1|
|Appearance > Menu changes||1||1||2||1|
|Appearance > Widget changes||1||1||1||1|
|Appearance > Header changes||1||1||1||1|
|Appearance > Background changes||1||1||1||1|
|Plugin install / uninstall||1||1||1||1|
|Plugin activate / deactivate||1||1||4||1|
|Plugin settings change||1||1||1||1|
|Plugin editor use||1||1||1||1|
|Login / Logout||5||5||3||3|
|User info change||2||3||2||2|
|Export log to CSV||1||3||1||4|
|Automatic log management||3||2||1||3|
|Control over which actions are logged||5||5||1||5|
|Log events from custom sources||3||2||4||1|
|Requirements||3.3 or higher||3.1 or higher||2.9.2 or higher||3.1 or higher|
|Compatible up to||3.4.1||3.4.1||3.3.2||3.3.2|
What are your experiences?
Do you have any user stories where activity logging helped or would have helped? Are you using activity logging currently on your site? Please let me know in the comments–I’d love to hear your take!