How to track any WordPress user activity

This blog is currently under construction…

User activity tracking is one of the most important aspects of the entire WordPress website integrity and security. No matter how much you trust your users, as the website owner, you should always monitor critical user activities and react accordingly when unwanted event occurs.

Some would think that monitoring your user activities is what they call – “micro-management”, however in reality we forget that majority of security incidents took place when trusted user’s account got compromised. So no matter how much you trust your Bob Dawn power user, you cannot guarantee that his credentials are not going to be stollen, for example, by a hacker from Ukraine (nothing against Ukrainians, I’m Ukrainian myself so I know this is not going to offend anybody).

Please Note! There are several solutions online claiming that tracking user activity secures your website however pause for a moment and just think logically here. Any user activity that is logged is post-factum. Which means that something already happened and the only thing that you can do is to deal with its consequence. That is why user activity monitoring is as effective as reaction to already occurred events. In a different article I will talk about effectively reacting on security incidents or even proactively block and revert changes.

In this article I will show you how to track pretty much any user activity with the help of free AAM User Activity extension. You will learn how it works, how it can be configured and even programmatically extended.

Basics and main concepts

First of all you have to understand that here we are talking about application level monitoring. Which means that things get monitored when some predefined set of code gets executed.

The entire user activity tracking is based on the concept of WordPress Hooks so AAM and User Activity extension can track things as early as plugins_loaded action triggered and as late as the last fired hook (e.g. shutdown).

Note! There is a way to track activities even before any WordPress core functionality is loaded, however that would require changes either to the WordPress core files (e.g. index.php, wp-config.php) or PHP configurations. I’ve consciously made the decision to avoid this type of low level customization to preserve simplicity, avoid exceptions to a company’s code deployment policies, eliminate possibilities of “code leftovers” etc.

Out-of-box User Activity extension tracks only certain evens like plugin installation, user deletion, post creation, tag removal etc., however you are free to extend the list of listening hooks (including WordPress core hooks or any custom hooks). That is something we’ll explore in-depth below and for now let’s look into the main features and how they work.

User Interface

The UI is pretty straight forward. When you first time install extension, it’ll prompt you to create the dedicated database table that stores all the events. The reason it should go to a separate database table is to avoid website performance troubles. We could store everything in any WordPress core table however that would be just a matter of time before website crash.

[TODO: Insert Completed UI]

FYI! You can change the activity logging method to tail events to a file and then use your preferred logs aggregator to read that file. In the end of this article you’ll find more information on that.

The main purpose for the UI is to quickly filter out some critical events or determine what specific user has been doing lately. Some type of events have expanded set of information that you can browse by clicking on “details”.

Get notified about important updates and new features (no more than one email per month).