If you have several admin accounts, it is usual to see some options, settings changes where there is no any trace to see who has done that any change.
Of course it is not about Post, Page updates, they have some information about who updated the given post object.
But for the rest wp-admin pages there is no such trace collector.
Such kind of data can be useful if you have suspicion that someone you don’t have stolen admin password and logs in to your wp-admin as a wordpress ghost admin. So this snippet might be helpful when you want to stop/prevent wordpress admin panel hack too.
So, let’s write small snippet which will collect, who and when did any activity inside wp-admin.
This code below can be added to functions.php file of your theme.
//temporary admin logger
add_action('init',function(){
if(!current_user_can( 'manage_options' ) )return;
$fname='admin_common';
$country_code=!empty($_SERVER["HTTP_CF_IPCOUNTRY"])?$_SERVER["HTTP_CF_IPCOUNTRY"]:'';
if(strpos($_SERVER["REQUEST_URI"],'admin-ajax')!==false)$fname='admin_ajax_activity';
elseif(strpos($_SERVER["REQUEST_URI"],'wp-admin')!==false)$fname='admin_ui_activity';
file_put_contents(WP_CONTENT_DIR.'/logs/index.php','');//directory should have an index
file_put_contents(WP_CONTENT_DIR.'/logs/'.$fname.'.log',date('Y-m-d H:i:s').'_'.$_SERVER["HTTP_CF_IPCOUNTRY"].'_'.get_current_user_id( ).'_'.$_SERVER["REQUEST_URI"].'_'.$_SERVER["REMOTE_ADDR"].'_'.implode(array_keys($_POST)).PHP_EOL,FILE_APPEND);
});
For sure you can improve this code and add any useful activity data you need to collect.
In my example we collect data such as
- Country code if the website is using Cloudflare
- Current URL
- Admin user ID
- If it is a POST request, then the list of POST variable names
- Admin use IP address
- Data of the activity
This data may help you to improve wp-admin security, to find if there is some ghost admin login to your system, to solve disputes between admin users on who has done the given wrong action etc.
Or you can just see at what time and which user did some specific activity – for any other reason you are interested in.
Collected data will be in your website’s wp-content/logs directory. And you can achieve those files via cpanel or FTP.
If any questions, leave a comment.