For those running a multi-user website, not being able to see which users are online can present problems. Multiple authors, ecommerce managers, and editors all making simultaneous alterations make it difficult to pinpoint when adverse actions on your WordPress site took place. Fortunately, webmasters have a solution in the form of a WordPress plugin that shows online users and tracks their activity.
While WordPress doesn’t let administrators see online users and their events out of the box, by installing a straightforward plugin, you can have every user’s data at your fingertips.
By the end of this article, you’ll walk away knowing how to:
- Identify which WordPress users are online.
- Track changes they’re making to your website.
- Terminate sessions of users that are making harmful changes.
- Configure sessions based on user roles.
- Search for a specific activity to find out who was responsible for it.
The best part? You’ll be able to achieve all of that (and more) in four steps. So without wasting any further time, let’s make a start.
How WP Activity Log works
WP Activity Log is the number one user-rated activity log plugins for WordPress. This comprehensive solution provides an extensive feature set that allows you to monitor your WordPress users’ activity.
First and foremost, it allows website owners to track activity right across a WordPress multisite network (if required). The plugin creates an activity log of all user changes so that webmasters can quickly track down specific events, or monitor the work undertaken by users.
Why track WordPress user activity?
Tracking WordPress user activity helps to spot suspicious behaviour, troubleshoot problems, and avoid bad actors from making malicious changes to your website. For instance, if an author approves a comment that doesn’t meet your multi-author blog website’s guidelines, you can quickly act to moderate it.
In an ecommerce setting, you can make sure third-party web developers don’t make wrong changes to your payment infrastructure by monitoring their activity and receiving alerts when changes are made to sensitive settings.
How does WP Activity Log gather user data?
WP Activity Log manages to deliver detailed user activity data by installing a sensor that detects logins (even those made through custom login pages). That same sensor then tracks when users log out.
In between, WP Activity Log records a thorough activity log of user activities. You also can view what the last changes were before a user logged out (the most likely time to make malicious alterations).
How to show which users are online with a WordPress plugin
To set up activity monitoring for your WordPress users, all you have to do is follow the four simple steps below.
Step #1: Install WP Activity Log
The first stage is to download and install the WP Activity Log plugin.
Once you’ve signed up and downloaded the plugin, you will need to go through the installation process, which is very simple:
- Once you’ve downloaded the plugin, login to your WordPress dashboard.
- Navigate to the Plugins page and click the Add New button in the top right-hand corner.
- Next, click the Upload Plugin button in the top right-hand corner.
- Click the Choose File button and navigate to the plugin zip file which you downloaded. (For reference – the zip file of the free edition is called wp-security-audit-log.zip, and the zip file of the premium edition is called wp-security-audit-log-premium.zip).
- Click Install Now to install the plugin.
- Click Activate Plugin, once the plugin is installed.
When you’ve activated the plugin, you will then be taken through the startup wizard. This program will help you run through the basic configuration of the plugin, including:
- Configuring the coverage of the activity log.
- Setting up activity log retention policies.
- Setting up activity log privileges.
- Choosing which objects to exclude from the activity log.
Once you’ve completed the wizard setup, the plugin will automatically start keeping a record of all the user activity and changes made on your website.
Step #2: Monitor users in real-time
You can use this tool to:
- See who is logged in to your WordPress website and their latest change in real-time.
- Limit and/or block simultaneous WordPress user sessions.
- Automatically terminate idle users’ session.
- Terminate all logged-in sessions.
To terminate a specific user’s session, you can click on the ‘Terminate Session’ button next to each user. In the event of a suspected hack, you may want to terminate all user sessions. To achieve this particular outcome, navigate to the ‘Logged In Users’ entry in the plugin menu and click ‘Terminate All Sessions.’
Step #3: Set user sessions policies
If you’re after a WordPress plugin that does more than merely show online users, you’re in luck. You can also use activity logs for WordPress to set user policies. There are several reasons why you might want to do this on your WordPress site.
For instance, if you operate a membership or subscription-based website, credential-sharing may be hurting your profits. By limiting the number of sessions one user can have, you can prevent multiple individuals from abusing one paid account. These controls will also safeguard your users in case a WordPress user is hacked.
When it comes to ecommerce, you might want to ensure that only Super Administrators and Administrators have access to payment infrastructure and critical data. With WP Activity Log, you can configure sessions based on user roles to ensure that no more than one session is underway for the most vital user roles.
This feature prevents so-called ‘hung’ sessions, which provide a way for hackers to access your website with the most sensitive privileges.
Configuring user session policies
Once again, this feature is accessed under the WordPress User Session and Management tool within the WP Activity Log plugin. Simply click on the ‘Settings’ tab to configure the session rules of each specific user role. This ability also extends to custom WordPress user roles.
Step #4: Search for specific activities undertaken by users
Sometimes as a website administrator, you’re already aware of a problem and how to fix it. However, you need to undertake inquiries to work out who was responsible for those harmful changes.
Within the ‘Activity Log Viewer’ menu, there is a search box on the top left-hand corner. Simply type in the area of the website that you’re looking for activity related to and then hit enter.
For instance, if you wanted to find out about changes made to the gallery, you would type ‘gallery’ into the search box. There may be dozens of changes made to the gallery each day, in which case you can use the filters to narrow down what you’re looking for.
Show which users are active online with a WordPress plugin
That’s it! In those four short steps, you’ve learned how to achieve the tasks laid out at the beginning of this article.
Whether you need to keep a watchful eye on contributors to your blog to make sure they don’t change affiliate links. Or, monitor web developers working on sensitive areas of your website, WP Activity Log can help to protect your site.
WP Activity Log is a WordPress plugin that shows online users as well as their latest activities.
In conclusion, by downloading and installing WP Activity Log, you can:
- Get instantly notified of changes via SMS or email.
- Generate any type of user and site activity report.
- Schedule daily, weekly, and monthly email reports.
- See who is logged in and their latest event in real-time.
- Terminate user sessions guilty of suspicious activity immediately.
- Use text search to find specific actions, with the ability to filter search results.
- Store the activity log in an external database for added security.
To start viewing what your online WordPress users are getting up to, make sure to sign up for the 14-day free trial of WP Activity Log today.