It would be one thing if I was the only person using a site, but most of my retainer/maintenance sites have more users than me.
I’m considering whether to put in a very detailed audit log, mainly because I’m not the only person in there, and don’t want to be blamed when other people mess up things. “Did you remove Facebook Pixel?” Um no, I know how websites work, I wouldn’t just remove a customer’s analytics/ad tools randomly without communicating or being told to.
Anyway, it may help in some cases it could be a WP setting was changed, or a post/page deleted, or a plugin removed or new one added, or user account change, or Woo product edited/deleted etc.
I don’t even necessarily want the client to know the auditor is in there, nor add anything to MainWP reports. I just want an archive of events for a month or so just in case I really do need to see when the last time someone adjusted settings or why a post disappeared, etc.
So does anybody store audit logs? Do you put info in the reports? What tool do you use?
What security software do you use? Are the logs detailed enough to really know who does what for the most common situations?
I was afraid about performance but didn’t mention it. MainWP Child Reports itself is also collecting logs of activity, so it’s kind of redundant, or doubling up on audit logging. Still, I have weird things happen. Like recently the content of an important page completely switched its content to something from a different page. Really weird, like the two pages swapped URLs or maybe renamed or someone copy/pasted the content back and forth, totally out of the normal. But of course I have no idea about the last time the page was edited, since there aren’t revisions on it for some reason. Page builder content.
So MainWP has some logging. On a few sites I have Sucuri which has some logging. And most other sites have iThemes, and I don’t think they really do any logging. Therefore I’m trying to find a solid logging tool that covers the basics without trashing site performance.
I’m using Patchstack. It’s detailed enough. It will tell you the user, IP address, and what they did (activate plugin, edit post, etc.)
I had high hopes for WP Activity Monitor and upon googling I don’t see others having the same problem that I seemingly had. Hopefully someone else chimes in here.
I have been using WP Activity Logs (Premium) but it had some hickups and also slowing down sites. Though I had a good deal with White Security I switched to a different setup.
Currently I’m using Decalog which is free and is fast. I use it to push logs to New Relic (Free tier has 100GB per month!).
It can even monitor the server load and frontend rendering of webpages with an extra JavaScript snippet in the header. Also as a bonus I see Wordfence events in the logs and have an alert trigger. Might be overkill for some but I’ve been happy so far.