Can I get email alerts for specific actions?

Yes. Configure in the WP Ghost Dashboard. Alerts for login from different IP, too many failed logins, plugin deleted, and post deleted. Requires cloud storage enabled.

What's the difference between Events Log and Security Threats Log?

Events Log tracks internal user activity (edits, logins, settings). Security Threats Log tracks external attacks (blocked injections, firewall hits, brute force). They're complementary.

Can I See All User Edits and Changes with WP Ghost Logs?

Q: What user actions does the Events Log track?

Login activity (successful and failed, with IPs), content changes (post/page deletions, attachments), plugin and theme activity (activations, deactivations, updates), and settings changes. Every entry shows who, when, from where, and exactly what changed.

Q: How do I activate the User Events Log?

Go to WP Ghost > Logs > Settings. Enable Log Users Events. Optionally enable Cloud Storage. Select user roles to monitor or leave empty for all roles. Click Save.

Q: Is this a free or Premium feature?

Premium. The free version includes path security, firewall, brute force, and 2FA, but not event logging. The free version does show the last 20 entries in the Security Threats Log for external attacks.

Q: Who is this feature best for?

Sites with multiple users: agencies tracking freelancers, multi-author blogs monitoring content changes, WooCommerce stores auditing admin actions. Any site giving dashboard access to more than one person.

Q: Does WP Ghost modify WordPress core files?

No. Events Log uses WordPress hooks and a dedicated database table. Cloud logs via API. No files modified. Disabling stops logging instantly.

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Yes. WP Ghost’s User Events Log tracks every security-relevant action performed by logged-in users on your site: logins, post deletions, plugin changes, settings modifications, and more. Every entry records who did it, when, from which IP, and exactly what changed. You can filter by event type, search by username or IP, choose which user roles to monitor, and get email alerts for critical actions. Here’s what it tracks and how to set it up.

What User Actions Does the Events Log Track?

The Events Log records dashboard actions that could affect your site’s security or content. For every recorded action, WP Ghost shows the location (IP address and country), the user who triggered the action, the details (path, username, role, plugin or theme name), and the date and time. Here’s what gets tracked:

Login activity: Successful logins, failed login attempts, which IP address attempted the login, and which IP is targeting your login page. You can see exactly who logged in, when, and from where.

Content changes: Post and page deletions (who deleted what and when), attachment uploads and deletions. You’ll know if a freelancer accidentally deletes a post or if a compromised account starts removing content.

Plugin and theme activity: Plugin activations, deactivations, and deletions. Theme and plugin updates. WordPress core updates. You can trace exactly who activated a questionable plugin or who deactivated your security tools.

Settings changes: Dashboard settings modifications that could impact security. If someone changes a critical setting, the log records it.

The Events Log does not track everyday frontend actions like visitors clicking menus or browsing pages. It focuses exclusively on dashboard activity by logged-in users.

How Do I Activate the User Events Log?

Go to WP Ghost > Logs > Settings. Switch on Log Users Events. Optionally enable Enable Cloud Storage for Events Log to sync a copy to your WP Ghost Dashboard (retained for 30 days, accessible from any device). Select which user roles to monitor under Log User Roles, or leave it empty to monitor all roles. Click Save.

You can choose to monitor specific roles only. For example, track Subscribers and Contributors but skip Administrators. Or monitor everyone. Multiple roles can be selected.

How Do I Find and Filter Log Entries?

View the log at WP Ghost > Logs > User Events. Use the Filter button to narrow results by event type (login, incorrect password, update plugin, delete plugin, delete post, and more). Use the Search form to find entries by keyword, username, path, or IP address. For best results, make sure no filter is applied when using Search.

If you enabled cloud storage, the same log is accessible from the WP Ghost Dashboard. Cloud logs survive even if someone deletes the plugin from your site, which makes them valuable for investigating security incidents after the fact.

For the complete Events Log guide including email alerts, GDPR details, and cloud storage, see the Events Log tutorial.

Who Is This Feature Best For?

The Events Log is most valuable for sites with multiple users. Agencies can track freelancer and developer activity across client sites. Multi-author blogs can monitor who publishes, edits, and deletes content. WooCommerce stores can track admin actions like product changes and order modifications. Any site that gives dashboard access to more than one person benefits from the accountability and auditability the Events Log provides.

Frequently Asked Questions

Is this a free or Premium feature?

The User Events Log is a WP Ghost Premium feature. The free version includes path security, firewall, brute force protection, and 2FA, but not event logging. The free version does include the last 20 entries in the Security Threats Log (which tracks external attacks, not internal user activity).

Can I get email alerts when specific actions happen?

Yes. Configure email alerts in the WP Ghost Dashboard. Available alert types include login from a different IP (possible account compromise), too many failed login attempts, plugin deleted, and post deleted. Alerts require cloud storage to be enabled. Each alert is set up individually and can use a different notification email per site.

What’s the difference between the Events Log and the Security Threats Log?

The User Events Log tracks internal activity from your logged-in users (edits, logins, settings changes). The Security Threats Log tracks external threats from bots and attackers (blocked injection attempts, firewall hits, brute force attacks). They serve complementary purposes: one monitors your team, the other monitors your attackers.

Does WP Ghost modify WordPress core files?

No. The Events Log operates through WordPress hooks that listen for user actions. Local logs are stored in a dedicated database table. Cloud logs are sent via API. No core files, theme files, or plugin files are modified. Disabling the feature stops all logging instantly.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.