As a WordPress site owner, you need to know what is happening on your site all the time: who has made what change when. 

An activity log plugin, as the name suggests, captures every action and event that occurs on your site. It is a great way to keep accountability, and can be an early warning sign for malware on your site. 

In this article, we’ll explore everything you need to know about an activity log and how to create one for your WordPress site. 

TL;DR: MalCare is the best plugin to log your WordPress site activity. It tracks user activity, posts, pages, new comments, and much more. 

What is an activity log?

Imagine having a meticulous bookkeeper who records every interaction within your WordPress website: that’s precisely the role an activity log plays. In the dynamic world of WordPress, where numerous users may have access to various parts of your site, an activity log is an indispensable tool.

An activity log, also known as an audit log or security log, is a comprehensive trail of breadcrumbs, documenting activities that happen on your website. It operates quietly behind the scenes, continuously tracking and logging events that could have implications for your site’s performance, security, and compliance. 

6 plugins to log WordPress activity

By default, WordPress doesn’t log all changes made to the site. You will need to install a plugin that takes care of activity logging for you. We tested the popular activity logs and put together a list of the top 6. In this section, we’ll dive into each plugin and talk about what we liked, what we didn’t like, and most importantly, what it tracks. 

1. MalCare

Recognizing the critical role of activity logging in website security, MalCare includes an activity log within its suite of security features. The plugin also includes a top-notch malware scanner, an excellent firewall, and easy malware removal.

It features an impressive dashboard, where all recorded activities are presented in an organized and accessible manner. Whether it’s a simple content edit or a major plugin update, MalCare’s activity log ensures that you are constantly informed and ready to respond to any potential security threats. 

What does it track?

• Changes to every article
• Comments that are posted
• User logins or updates
• Edits to a page 
• File-level changes 
• WooCommerce orders
• Plugin installs and updates
• Changes to themes

Pros 

• Real-time tracking
• User-friendly interface
• Bundled with security features

Cons 

• Not included in the free tier

Price: Plans start at $149/year

2. WP Activity Log

This is one of the most popular activity log plugins because it monitors a wide range of changes and offers a lot of settings that you can tweak. The free plugin is pretty basic, but with a premium version, you can set up email/SMS notifications, custom log filters, user session management, and reporting. 

It has a comprehensive dashboard. We loved that the plugin determines the level of severity for various changes. For example, installing and activating some plugins were marked as high risk, while logging in was considered low risk.

We recognize that plugin installs can be risky, and potentially crash your site. So, this feature is definitely important. 

What does it track?

• Post and page changes 
• Changes to tags and categories 
• Modifications to widgets or menus
• Changes to user profiles
• All logins, including failed ones
• Changes to WordPress core 
• Site-wide changes like permalinks
• Changes to multisite networks
• Modifications to plugins and themes
• WordPress database changes 
• WooCommerce orders and product changes
• Site file changes

Pros

• Marks different severities for each logged item
• Extensive customizability
• Email and SMS notifications

Cons

• Most settings are behind a paywall
• Limited information about changes

Price: Free plugin with licenses that start at $99/year

3. Simple History

Simple History offers an uncomplicated approach to tracking changes within your WordPress site, ensuring that every significant action is recorded and easily accessible. 

It has an intuitive dashboard, located within the Dashboard section of your admin panel, that gives an overview of recent activities like changes to posts or plugin installs. You can customize the view in the dashboard as well. For example, you can only show changes containing a specific word. 

You can further customize it by selecting Simple History from the Settings menu in the sidebar. Here, you can clear the log, debug, or export the log. It’s a pretty basic plugin but we found it very easy to set up.

What does it track?

• Updates to pages and posts
• Attachments that have been uploaded
• Edits to tags and categories 
• Comments that have been posted
• Edits to widgets
• Changes to plugins
• Updates to user profiles
• User logins, both successful and failed
• Changes to menus
• Exports to any data

Pros

• Simple setup
• Customizable logs

Cons

• Limited customizability

Price: Free

4. Activity Log

Activity Log features a remarkably straightforward dashboard interface, providing administrators with an at-a-glance understanding of site interactions. This plugin systematically documents each event, ensuring that users can effortlessly track and review site changes, user activities, and other pertinent actions.

Administrators have the flexibility to tailor the plugin to their specific requirements through its configuration settings. One can define the retention period, setting precisely how many days of activity history should be preserved. You can also purge obsolete entries to maintain a relevant log and reduce the load on your database. 

What does it track?

• WordPress core changes
• Edits to posts or pages
• Tags that have been created, edited, or deleted
• New comments that have been added
• Changes to categories
• Media files that have been uploaded or modified
• Logins, logouts, and changes to user profiles
• Modifications to plugins and themes
• Changes to widgets or menus
• All WooCommerce shop changes

Pros

• Intuitive logs
• Comprehensive monitoring
• Comprehensive logs

Cons

• Limited customizability

Price: Free

5. Sucuri

Sucuri is widely recognized in the realm of WordPress security. It comes with a suite of great security features, one of which is the audit log or activity log. It monitors things like plugin installations and the impact the plugin has on your website. 

You can find the activity log in the audit logs section of Sucuri’s dashboard. Unfortunately, the logs aren’t very easy to understand. There is very little information provided: IP address, username, and the date that an event happened. It also logged some plugin installs but didn’t name the plugin. This wasn’t helpful at all.

What does it track?

• Failed and successful login attempts
• Changes to plugins, themes, and core updates
• Edits to posts, pages, and custom post types
• Modifications to users, including roles and permissions
• Website file changes, additions, and deletions
• Menu and widget adjustments
• Changes in site settings and options
• Security alerts and actions taken by Sucuri’s features

Pros

• Additional security features

Cons

• Difficult to understand logs
• No customizability
• Doesn’t log every change

Price: Free plugin with pro licenses that start at $199/year

6. Stream

Last on our list is Stream, a popular name in the world of WordPress activity logs. It is designed for debugging and proactively preparing for security breaches. The logs can be easily filtered and you can set up custom alerts for different triggers. 

Stream keeps a detailed log of site activities, but these logs can be quite complicated to read. The information is there, but it can be tough for users to sift through and understand all the technical details.

What does it track?

• User logins and logouts
• Unsuccessful login attempts
• Modifications of posts, pages, and custom post types
• Plugin and theme installs or activations
• Changes to user profiles
• Modifications to widgets and menus
• Site-wide setting changes

Pros

• Easy install
• Quick setup
• Great alerts system

Cons

• Complicated logs
• Not enough information in the logs

Price: Free

What should you track with an activity log?

When maintaining a WordPress website, it’s vital to keep a close watch on specific activities to ensure the smooth and secure operation of your site. By tracking the following key events, you can be proactive in managing your website’s health, user activity, and security.

1. User login/logout events: By monitoring when users access your site, you can ensure authorized use and identify patterns that may signal security breaches. MalCare, and every other plugin on this list, does this really well. 
2. Failed login attempts: Tracking failed login attempts helps you recognize possible hacking attempts and strengthen your website’s defenses against intrusions. MalCare is the best for this. It has a limit logins feature as well that locks out users who have had a lot of failed logins. They just need to pass a reCAPTCHA test to try to log back in. 
3. New user creation/deletion: Observing user account changes safeguards your website against unauthorized access and ensures only trusted individuals have entry. MalCare and WP Activity Log are examples of plugins that help you track every new account that is created. 
4. User role/permission changes: Watching for alterations in roles and permissions protects against internal data breaches and maintains proper access levels. WP Activity Log helps you do track such changes on your admin dashboard. 
5. WordPress core updates: Keeping a log of updates provides insights into potential site changes or issues following these updates, ensuring your website remains current and secure. WP Activity Log makes note of every change made to WordPress core.
6. Theme installations/updates: Monitoring theme changes is crucial to diagnose any compatibility issues quickly and to maintain a cohesive user experience. We recommend installing MalCare to help you track such updates and installs. 
7. Plugin activations/updates/deactivations: Plugins affect website functionality and security; tracking them helps in troubleshooting and secures your platform from potential threats. Every plugin on this list tracks changes to plugins and themes, including MalCare. We recommend you use the MalCare dashboard to safely update your plugins. 
8. Content changes (posts/pages): Understanding when and what content changes occur on your site can help in overseeing editorial content and preventing unauthorized edits. MalCare is a great way to track such changes and monitor the content on your site.
9. Menu adjustments: Changes to site navigation must be tracked to preserve a functional and intuitive user experience. The best plugin to track menu changes is WP Activity Log. 
10. Widget modifications: Widgets have a direct impact on how site visitors interact with your website, making it important to record any changes. WP Activity Log can log all changes to widgets.
11. Changes to settings: Modifications to settings like permalinks and privacy can affect user interface and search engine rankings, making tracking them key to a well-functioning site. WP Activity Log is a great way to track such changes that are made by users. 
12. File uploads and deletions: Keeping tabs on media files helps manage storage and prevents potential copyright issues or unauthorized uses of your bandwidth. MalCare keeps track of all changes made to site files.
13. Backup completion or failures: Monitoring whether backups succeed or fail is essential for data integrity and quick recovery in the event of data loss. We recommend that you use a great backup plugin like BlogVault to take these backups and it will let you know if anything fails. BlogVault takes complete backups of your files and database, without affecting the speed of your website too. 
14. Security incidents: Timely awareness and documentation of security incidents allow for rapid response and are instrumental in preventing future attacks. MalCare is a security plugin that can help you track potential risks and protect your site from them with a great firewall. 
15. Multisite network changes (if applicable): For those managing multiple sites, it’s critical to track changes across the network to ensure uniformity and collective security compliance. MalCare is a comprehensive security solution that is also designed to help with multisite networks. 

What else should you do to maintain your WordPress site?

Alongside monitoring activities through WordPress logs, there are several other crucial measures to undertake to ensure the longevity and security of your website:

1. Update regularly: Keeping your WordPress core, plugins, and themes up to date is vital for security and functionality. Updates often include patches for vulnerabilities and enhancements that keep your site running smoothly.
2. Backup website data: Regularly backing up your website ensures that you have a recent copy of all your data, which you can restore in the event of data loss, hacking, or other unforeseen issues. We recommend using BlogVault for its reliable, automated and  complete backups.
3. Use good login security: Protect your site with strong passwords, limit login attempts, and consider implementing two-factor authentication to prevent unauthorized access.
4. Implement user roles: Utilize WordPress’s built-in user role management to grant permissions based on the user’s necessity. This minimizes the risk of accidental or intentional misuse of the site.
5. Implement file permissions: Properly setting file and directory permissions is key to protecting the site at the server level. This prevents unauthorized users from modifying or accessing sensitive files.
6. Install a performance plugin: Incorporate performance-enhancing plugins like Airlift to boost your website’s speed and efficiency. Airlift optimizes your site’s performance by streamlining various aspects, potentially improving user experience and SEO rankings.

Final thoughts

Keeping your website safe and running smoothly is super important, and keeping track of everything that happens on your site is a big part of that. That’s where MalCare comes in: it’s like your website’s security guard. MalCare is really good at logging all the little and big things that happen on your site. From the moment someone logs in, to every time someone updates something or changes a setting, MalCare keeps track of it all. It’s a really important tool for anyone who wants to keep their website in tip-top shape and safe from trouble.

FAQs

Can a WordPress activity log slow down my site?

Usually, a well-designed WordPress activity log plugin should not slow down your site. These plugins are optimized to run efficiently and only capture log data when activities occur, thereby having minimal impact on site performance. However, if a site is on limited hosting resources or if the plugin is poorly coded, it might have some performance impact.

Can I export WordPress activity logs for external analysis?

Yes, most comprehensive WordPress activity log plugins provide the option to export logs. This allows you to perform more in-depth analysis outside of your website, using tools like spreadsheets or specialized log analysis software.

How do WordPress activity logs differ from server logs?

WordPress activity logs focus on changes within the WordPress dashboard and track user actions like post edits, theme changes, and plugin management. Server logs, on the other hand, record all server requests, such as page requests and server errors, and they operate at a lower level, providing insights into the web server’s operations, independent of WordPress.

How often should I check my WordPress activity logs?

The frequency with which you should check your WordPress activity logs depends on the size of your website and the volume of activity it sees. For small to medium-sized sites, a weekly check might suffice. For larger, more active sites, or sites with e-commerce or membership platforms, checking daily might be more appropriate.

How can I manage activity logs across multiple WordPress sites?

There are several plugins and management tools that support multiple sites, like MalCare, allowing you to centralize and manage activity logs for multiple WordPress sites from a single dashboard. This simplifies monitoring and makes it more efficient to gain insights from your websites.

Can activity logs track changes made directly in the database?

Most WordPress activity log plugins are designed to track changes made within the WordPress dashboard. Some plug