Did you know that you can track and monitor changes that occur within your WordPress’ site database? This post explains how you can do just that, as well as learn more about the benefits of monitoring WordPress databases and the types of alerts you can receive whenever something has changed within your database.
What are the benefits of monitoring WordPress databases closely?
Having access to a WordPress activity monitor can bring so many key benefits to the management of your WordPress website. For example, troubleshooting technical issues becomes easier, you can monitor changes on user profiles, content and website settings, and also identify potential malicious hack attacks.
How to start monitoring the changes?
The first thing you need to do is to install the WP Activity Log plugin. This is the most comprehensive WordPress activity log plugin on the market that, not only keeps a record of user changes but allows you to also closely keep track of changes in the WordPress database.
The database changes the activity log plugin does
WP Activity Log does some database changes itself. Upon installing the plugin it creates three tables where the WordPress activity log and plugin’s settings are stored. You can learn more about this in the activity logs database documentation. Let’s dig in and see what type of WordPress database changes can the plugin alert you of and keep a log of.
What type of WordPress database changes does the plugin keep a log of?
Once you install WP Activity Log onto your WordPress site, it will keep a log of changes that occur on your website and also database. In this post we will focus only on the database changes the plugin can keep a log of. Refer to the list of activity log event IDs for a complete list of all the changes the plugin can keep a log of.
Below are the various event IDs the plugin uses to keep a log of WordPress database changes.
Database changes caused by WordPress plugins
The below is a list of event IDs the plugin uses to keep a log of database changes done by plugins on a WordPress website:
- 5010: A plugin created a number of tables in the database
- 5011: A plugin modified the structure of some tables in the database
- 5012: A plugin deleted a number of tables from the database
Below are screenshots of some of these events in the WordPress activity log.
Database changes caused by WordPress themes
The below is a list of event IDs the plugin uses to keep a log of database changes done by themes on a WordPress website:
- 5013: A theme created a number of tables in the database
- 5014: A theme modified the structure of some tables in the database
- 5015: A theme deleted a number of tables from the database
Database changes caused by other components:
There are cases in which the plugin detects changes in the database but cannot determine the source of the change. In such case, the plugin still keeps a log of the change. However, it does not report the object making the change. Below are the event IDs it uses to keep a log of such changes.
- 5016: An unknown component created a number of tables in the database
- 5017: An unknown component modified the structure of some tables in the database
- 5018: An unknown component deleted a number of tables from the database
How to get notified of WordPress database changes via email and SMS
Database changes are not common on a WordPress website. So when they happen it is very important that you get to know about them at the earliest possible. Sometimes a database change can be a mistake, an unauthorized change, or even worse, a malicious hacker’s action. So the earlier you are notified of a change, the easier it is to reverse it.
To get instantly notified of all the database changes recorded in the activity log, you can configure an email email and / or SMS notification. SMS notifications are better because they are instant. Thankfully, this can be set up with just a few clicks. Here is how:
- Navigate to the Notifications > Custom Notifications in the plugin menu.
- Click Add New to create a new notification trigger.
- Enter a title and click +Add Trigger.
- Add the following trigger: OBJECT IS EQUAL DATABASE. This means that whenever the Object of an event in the activity log is database, this notification is triggered. Refer to the list of activity log objects and event types for more detailed information on this metadata.
- Enter the email address and / or phone number and save the notification.
That is it. Now you will receive an email and SMS notification whenever there is a database change event in the WordPress activity log.
Getting notified of some specific WordPress database changes
If you do not want to be notified of all database changes, but only when some specific event IDs are logged, you can do so by specifying the event IDs in the notification trigger. Here is how:
- Navigate to the Notifications > Custom Notifications in the plugin menu.
- Click Add New to create a new notification trigger.
- Enter a title and click +Add Trigger.
- Configure the following criterion: EVENT ID IS EQUAL 5010.
- Continue to add all the event IDs that you want to be notified about.
- Specify the email address and/or mobile phone number that you would like to receive the notifications on.
- Click on Save Notifications.
For a more in-depth guide refer to getting started with SMS and email notifications.
I’ve recently been using this plugin to monitor some unknown user accounts that have been mysteriously appearing on the site.
What guidance can you provide to help find what’s creating the accounts? I see a system owner and eventually the actual user logging in, but I’m at a loss on how to determine what is generating the accounts.
Thank you for using our plugin Wesley and sorry to hear you are having such issues.
If the plugin is reporting “system” as user it means that a software is creating the users, and not another user. For example a plugin, or a theme, or a cron (set by a plugin). Off hand it is really difficult to tell what is happening, however, I’d start by treating this as a possible hack and:
1) Make a backup of everything
2) Check that all the plugins and files are legit on your website
3) Analyse all the log files for possible information
4) Try to understand when this is happening. For example is a new user created every so often, or when you or someone else does something in particular?
I hope the above helps you get started.
Thank you,White Security, for this tutorial! Downloaded the page for offline reading ( im a bit dumb besides a paranoid about security).
Actually I’m a huge fan of another plugin by your company : Website Flle Changes Monitor” but it doesn’t keep a track of changes in the dB
I
Thank you for your positive comments Dimiter. In regards to database changes monitoring, it is something we are planning to do in the near future. So stay tuned!