September 29, 2014 by Paul G. | Migrated, Shield Security

Track WordPress Activity With An Audit Trail Log

Shield Image

Update: The Security Audit Log has been completely revamped and rewritten with ShieldPRO 12.

With the Shield, we’ve created a toolkit that lets you lock down your site from intruders and prevent unauthorized access to core components of your site.

Not only that, we give you full control over automated tasks such WordPress Automatic Updates, as well as one of the most powerful Anti-SPAM comment filters available today.

We took it one step further – we let you look back and see what you, and any other users on your system, has done on your site.

With the Shield Security, we give you a WordPress Audit Trail – full insight into all significant actions taken on your websites.

How The WordPress Audit Trail Works

The Audit Trail is designed to be your note-taker. It will watch your WordPress site and for certain specific actions that take place, it will record it in the database for your review, if necessary.

Information that it currently records include:

  • The time of the request to the site
  • The currently logged-in user if applicable
  • The originating IP address of the request
  • The event
  • An optional message for the event.

With all this information it’s easy review the activity on your website.

You may want to review the information for any number of reasons, but for whatever that reason happens to be, the Audit Trail will keep you fully informed.

Organizing Events With Audit Trail Contexts

The Audit Trail monitors key activity on your site and records events as they happen.

Since many things can happen on a site we need a way to group these activities, and to achieve this we created “Contexts”.

Contexts, in relation to the Audit Trail, are large areas of the WordPress system within which certain groups of actions may fall.  There are 7 main contexts as follows:

  • Users / Logins
  • Plugins
  • Themes
  • WordPress Core and Settings
  • Posts and Pages
  • Email
  • Shield

Each of these contexts have 1 or more associated events.  For example, “Plugins” has:

  • plugin activated
  • plugin deactivated

As the Audit Trail feature develops, more events will be added, as well as more Contexts as appropriate.

The Shield context is a special context where the plugin logs and tracks itself. Included in this context are events such as:

  • Firewall blocks
  • Firewall skipping
  • White list notifications
  • Two Factor Login Authentication
  • etc. and with more to come.

One important point to note here is that the Contexts settings are not available in Shield 10.1 and onward. Audit Trail logs everything instead.

Why do you need an Audit Trail?

Often, when a website breaks, it’s helpful to know what immediately preceded it. Problems typically occur after a change and being able to see events leading up to a break can really help to pinpoint the cause of it.

The Audit Trail will let you see exactly what has been happening on your site. It gives you a view on the activity of your users and when this activity happens.

Sure, it can be used to identify and record malicious activity, but the most useful application of an Audit Trail is identifying the cause of sudden problems that can affect a site.

How to enable the Shield Audit Trail

The Audit Trail feature is accessible from within it’s own module and is enabled by default.

Here you can also configure it to

  1. automatically purge Audit log entries older than the set number of days; and
  2. set maximum Audit Trail length to keep.
Audit Trail Options Settings

As information comes into the Audit Trail, you can view it by navigating to the “Audit Trail Viewer” page.

Suggestion, Comments, Feedback?

We hope you like the Audit Trail feature.  We’d like to hear what you think, and any suggestions as to what extra features you’d like to see here.

Please feel free to email us in our support centre, or leave a comment below!

ShieldPRO Testimonials
@goustas's Gravatar @goustas

The best of all

I used a lot of security plugins free and paid. This one is above all. I am super fan and value of money

@pjernigan's Gravatar @pjernigan

Great Security for your website

I have been extremely happy with the ease and functionality of this Plugin. I love all the options you have to secure the site. I highly recommend this plugin.

@techguy56's Gravatar @techguy56

Excellent security!

Excellent security plugin, complete with firewall and spam tools. Keeps you secure and has granular controls so you can tweak as you prefer or need. Does a great job and doesn’t cause problems!

@prysmcat's Gravatar @prysmcat

Simple and comprehensive

Easy to set up, with useful explanations included, and very reliable. After a lot of sporadic attempts by others at logging into my various blogs, and general annoyance, I’m finding the security this offers is a huge relief. I’m okay but not an expert at highly technical stuff, but I…

Hey there handsome! Do you like what you've read here? :)

If this cool feature is something you'd like, but you haven't gone PRO yet, click here to get started today. (no risk, with a 14-day satisfaction guarantee!)

You'll get all PRO features, including Malware Scanning, WP Config Protection, Plugin FileGuard, import/export, customer support, and so much more. Not only that, you'll get that warm, fuzzy feeling that comes from supporting our work and future development.

Get That Warm, Fuzzy Feeling →

Comments (19)

    Keep up the good Work

    Hi, I am activating everything I need. Thank You for all this great information. I finally sat down and read it. Here is to seeing what really is going on, on my site. Thank You also for all the protection. Wendy

    Hey, I got malware files on 12 of my sites: File contains suspected malware URL: /XXXXX/public_html/cabinetrefacingsupplies/wp-content/plugins/wp-simple-firewall/resources/spamblacklist.txt

    Didn’t even get an alert from Firewall. Your input will be greatly appreciated. Thanks

      Hi,

      It’s quite possible this might flag up as malware because it is loaded with lots of text which could be used in comments containing malware links.

      That file is used to try and identify spam within WordPress comments… please take a read here:
      https://www.icontrolwp.com/2014/05/wordpress-security-simple-firewall-plugin-part-5-ultimate-comment-spam-killer/

      Thanks,
      Paul.

    hi there

    I’m running simple firewall on my website

    the other day i had set the number of days before the audit trail was wiped to 10000

    now, logging in to the website this morning, I see that my audit trail has been completely wiped. Question – should I be suspicious or worried?

    Kind regards,

    David

      There may be a bug in the cleaning of the audit trail if this is the case.

      Has it happened again for you?

      Thanks,
      Paul.

    I find the audit trail very informative. Could you please let me know all the category codes, I have seen 1 and 3 so far, and what they stand for.

    Thanks.

    Mike

      Hi Mike,

      The category codes are not used yet… but they are there to indicate the level – notice, warning, critical etc.

      This hasn’t been fully implemented yet, however.
      Thanks,
      Paul.

    Will this plugin block the spam traffic from China and Russia which is giving unwanted referral traffic and slowing down my site?

      Hi,

      No, unfortunately not, as this isn’t a security issue in itself.

      Thanks,
      Paul.

    hi i have enabled the firewall. love how simple it seems! i also enabled audit trail, made sure, and waited a few days but it the trail log it still says no data.
    Any ideas?
    rahul

    Hi, I the audit trail viewer only shows a certain amount of firewall block events. I need them all so I wonder how to setup the viewer so it shows 100 events so I can save them for police investigation.

      Yes, you can change this in the code directly if you like.

      1) Within the plugin folder locate the file: ./src/features/audit_trail.php
      2) On line 54 you will see: $aAuditData = $oAuditTrail->getAuditEntriesForContext( strtolower( $sContext ) );
      3) Change this to $aAuditData = $oAuditTrail->getAuditEntriesForContext( strtolower( $sContext ), 100 );

      This will return 100 entries. You can change the 100 to as many as you like but the more you do it, the longer it will take and you could potentially run out of memory.

      Thanks.
      Paul.

    Nice plugin thanks for developing

      Great, glad you like it! 🙂

    Great plugin just a few points as to make it easier and more friendly
    if it’s possible to have an option to download the logs, have the ability to see each section separately and there if it’s more than a certain number have multiple pages.

      We will probably release this option at a later date…

    so how do I view the audit log????

      There is an Audit Trail viewer section built into the Shield security plugin itself.

Leave a Reply to Paul G. Cancel reply

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese