Audit Trail options explained

Shield's Audit Trail is one of the most critical tools we have in our security toolbelt is being able to view and monitor events on our WordPress sites, as they happen or after the fact. If we can see all the events around an incident, we can build a clear picture of exactly what has happened and make smarter, more informed decisions.

A full detailed log of each and every event that happens on a WordPress site is critical to knowing what threats the website is facing and if, and how, they’re being handled.

Every single event in the Shield system has a log “level” or “severity”. By default, Shield will switch on Alert, Warning & Notice events. If you’re seeing any issues and you’d like more information about what’s happening on a site, you can enable extra levels as you require.

What logging levels your audit trail is going to log depends on your settings under the Audit Trail module => Configure. 

Important: Only events with the levels selected will be logged. 

There are 2 types of log destination settings available:

  1. Log To Database

    Shield logs all security events to the database. This has always been the case and is unchanged, (though you have the option to disable this).

    You can specify the logging levels when using the local database.

    Note: Debug and Info logging should only be enabled when investigating specific problems.


  2. File Logging Level

For file-based logs - specify the logging levels when using the local filesystem. You can log events to the file system, and you can select which log levels are sent to that location (separately from the DB log levels).

Under the main menu =>  View Docs => Event Details you can view all event details and their assigned levels:

Auto Clean option

You can use this option to automatically purge Audit Log entries older than the set number of days.

Events older than the number of days specified will be automatically cleaned from the database.

Important: This will default to 7 days for Shield free users. If you want to store more logs, you’ll need to  upgrade to ShieldPRO

For more information on these audit trail options, read the blog article here