WordPress User Monitor Shows Who Did What and When
This morning a client emailed me in a panic, wondering how 64 pages could possibly have ended up in the trash and then deleted from their site. An hour later, another contact for the same client reported missing content from their homepage slider. Both people demanded to know who was responsible for destroying the website.
I didn’t have an answer for them. No logging of such user activity is done by default with WordPress.
I did get quite excited, though, as I realized this was a great opportunity to write another helpful plugin for the WordPress community. That excitement waned in about 45 seconds as I discovered some already-existing plugins.
No Battle Here
I needed a solution with specific features–quickly–and I chose one. This article does not attempt to exhaustively compare WordPress user monitoring plugins and tell you which one to use. I will tell you what I chose, why I chose it, and how I intend to improve it in a few days (with you watching.)
Main Requirements of my user monitoring solution
- When a logged-in user does something, make note of it.
- In the note, include their IP address, timestamp, and login name, along with the activity they performed and — if applicable — the object they performed the activity on (such as a post.)
- Allow me to choose what activities are monitored or ignored.
- Provide exporting of logs to CSV so I can work with them as spreadsheets.
- Automatically keep my logs from overwhelming the server.
Why I chose the ThreeWP Activity Monitor Plugin
Of the few user monitoring plugins I found in the WordPress Plugin Directory, ThreeWP Activity Monitor:
- Had most of the features I immediately needed.
- Was built to be extensible so I could make additional activities monitorable.
- Had a decent rating
- Had recently been updated
- From browsing support forums, appeared to be the most trouble-free (though not perfect.)
What the activity monitor plugin does well
Monitoring pages and posts
Find out when pages / posts / custom post types are:
- Moved to the trash
- Moved back out of the trash
- Deleted forever
Monitoring comment management
If you’re allowing comments, find out when any comment management activities occur, including:
- A few activities that fall in-between
Monitoring user management
Later in the day, I found out most of the problems my client had were self-inflicted, due to an unwitting admin deleting a user and also deleting their posts / pages, instead of assigning them to another user. That makes it apparent to me the user management logging will also come in handy. Logged user management activities include:
- User registration
- Profile updating
- Logins and login failures
- Password retrieval requests
- Users deleted
Sparse but adequate options
All actions that can be logged can easily be included or ignored from logs.
For example, I don’t use post comments on my goodlearning.com site, so there is no need to log comment activities.
Settings let me limit the number of activities logged in the database.
The default setting is 100,000. Anything over this amount causes older entries to be dropped from the logs. This is important to keep your databse from being overwhelmed by log activity in your absence.
You can choose which post types on your system generate post logging events.
As an example of its usefulness, imagine you run a microblogging site and the bulk of your short blog entries are of a custom type. You may not really want to log every addition and comment for these little snippets, choosing only to monitor changes to your site’s static pages.
What no activity monitor plugin appears to do well
Plugin and theme activity logging is missing, such as:
- Install / activate / deactivate plugin or theme
- Settings changes for plugin / theme
- Files changed via the WordPress editors, like Appearance Editor and Plugins Editor
Appearance change activity logging is missing, such as:
- Changes to Appearance > Menus
- Changes to Appearance > Widgets
- Changes to Appearance > Header
- Changes to Appearance > Background
Other important features lacking
- Importing and Exporting posts is not loggable.
- Changes to core Settings are not loggable.
- Adding items to Media Library is not loggable.
- No log export to CSV.
Hopeful for the near future
The above talk of shortcomings is meant as constructive criticism. The great thing is, the plugin is designed to be extended, allowing logging of activies from any other plugin. Any intermediate WordPress plugin developer should be able to log events from their plugin through the ThreeWP Activity Monitor.
Testing out extensibility
I’m making changes to my Content Scheduler plugin in a few days, and am excited to try adding logging for certain events. Content Scheduler can be responsible for some non-trivial changes, like hanging a post’s categories, tags, status, and even trashing the post. That’s all based on what the user wants when the post expires. I’d like to allow logging of these actions, so users of Content Scheduler will know the plugin is responsible for some changes they’re seeing.
Check out the ThreeWP Activity Monitor plugin on your site today, and tune in next week for my tutorial on how to log your own activity through the plugin.
- Psychograph photo by: ninasaurusrex