Improving User Accountability with WordPress Audit Logs
April 16, 2019
This is the first article in a 3 part series on the use of activity logs in WordPress.
WordPress started as a simple blogging platform. However nowadays it has become a fully fledged Content Management System (CMS). The tens of thousands of plugins available on the WordPress repository and its multi user capabilities allows WordPress to power any type of modern multi user website.
As a matter of fact, WordPress is used to power some of the most popular news and eCommerce websites, customer and user portals, data sharing websites, and much more. The latest statistics from W3Tech show that WordPress powers 39% of the websites on the internet.
The Need for the WordPress Audit Trail
When you have a WordPress site with multiple users contributing to it, you need to keep a record of everything that happens on your WordPress site in a WordPress audit trail (activity log).
There are several benefits to keeping a record of all user changes in an audit trail. In this three article series we will highlight these benefits, starting with user accountability and meeting compliance.
Improve User Accountability on Your WordPress Site
When running a multi-user WordPress site, user accountability should be at the top of your agenda. Everyone makes mistakes and that is fine, however, successful employees and businesses learn from their own mistakes and try their best not to repeat them.
By keeping a record of all the user changes, you can find out when someone makes a mistake and take the necessary action to remediate the issue and inform the user. Do not use the site activity logs for reprimanding users. That is counter productive.
Use it to help your users grow and improve. Users who are held individually accountable for their own actions are less likely to make mistakes or do anything that disrupts the operations of the business in the future.
Ensure User Accountability on WooCommerce Stores
WooCommerce is one of the most popular eCommerce plugin solutions for WordPress. It is also one of the most advanced, thus it can have hundreds of settings per product.
What would the impact be on your business if a shop manager changes the price of a product or the stock quantity by mistake? How can you keep tabs of how the orders are being processed and who is processing them without having any logs?
By having a WooCommerce activity log plugin that can keep a comprehensive log of the changes that happen on your WooCommerce store you ensure all operations run smoothly. Plus, you can spot a user mistake as early as possible.
Keeping Tabs on Members’ Behaviour
Activity logs are not only useful for the administrators of WordPress sites. They can also be useful to the users on a membership website.
Have you ever regretted reacting or commenting on a Facebook or LinkedIn post? If you did, like most of us you have surely found Facebook’s activity log very useful! By keeping a log of all user changes on your WordPress site, you do not only keep a watchful eye on what is happening on your membership site, but also allow the users themselves to view their past actions.
Achieving Compliance with WordPress Audit Logs
If you are thinking that your WordPress site does not have to adhere to any compliance regulations, most probably you are wrong.
If some of your website visitors are from Europe and you use Google Analytics or ask them to join your newsletter, your website has to be compliant with GDPR. Running an e-commerce store, even if you use a third party payment gateway, means that your website has to be compliant with the PCI DSS regulations.
There are many different compliance bodies. For example HIPAA, which applies to businesses operating in the healthcare industry, FISMA, NIST, ISO, Sarbanes-Oxley Act are just a few. All of them have one thing in common – they require business owners to keep a log of changes that happen on their systems, including their WordPress sites.
By installing a solution such as WP Activity Log on your WordPress site to keep a record of what is happening, then you are one step closer to having a compliant website.
GDPR and Audit Logs
GDPR is the latest set of compliance regulations developed by the European Union. It focuses mainly on website user/visitor privacy. When it was released, many thought they wouldn’t be able to keep a log of what visitors are doing on their website or how logged in users are using their website.
This is just a misconception. GDPR requires website owners to tell their users what information they are keeping about them, but it does not deny them from keeping the information, as long as the users are advised about it. To learn more about this you can refer to this article on WordPress activity logs and GDPR compliance.
PCI DSS and Audit Logs
Requirement 10 of the PCI DSS compliance states that you have to keep a log of every change that happens on your systems, such as the WordPress website, the payment gateway and the newsletter service that you use.