Before explaining what the Audit Trail Viewer is, you have to know what the Audit Trail is and how it works.
When a problem with your website occurs, the first thing you want to know is "What could have caused it?". By identifying the cause, it is much easier to find the solution. That's where the Audit Trail steps in. It tracks and records all the activities and reports what is happening and what went wrong with your WordPress website. It will help you to identify the problem cause.
The Audit Trail is composed of the several contexts and every context has 1 or more related events.
Note: Audit Trail also identifies the actual PHP file used to send emails (so you can track it better) and also identifies Post types when posts are updated.
The Audit Trail Viewer settings
The Audit Trail Viewer is providing the report on all activities on your site and when these activities happen.
What activities the Audit Trail Viewer will report depends on the Audit Trail contexts settings. For instance, if you want to get the report on your users' activities, you'll need to ensure that the Users and Logins context is enabled.
So, to show you how the Audit Trail Viewer is reporting we'll use the "Users and Logins" context example.
You have to ensure that the Users and Logins context is enabled first:
Once enabled, the Audit Trail will start tracking all the activities relating to the users and logins. The activities report will be provided with the Audit Trail Viewer.
For logs reviewing, simply go to the Shield Security Dashboard and select the Audit Trail tab.
Information that it currently displays include:
- Time/date - The time*date of the request to the site
- The event
- Message - An optional message for the event
- IP Address - The originating IP address of the request
Note: You may also filter logs if you want. For example, user sessions (logged out users):
For further information about the power of the Audit Trail and its features, read our blog article here.
For examples of the Firewall entries in the Audit Trail, how to interpret them and whitelist parameters, read the article here.