Have you ever wondered who is logged in to your WordPress site or what they do when logged in? For some of you, this curiosity may only concern members, customers and other users connected to the frontend of your site. For others, you may need a more in-depth look at what users are doing on your WordPress dashboard.
Currently, WordPress has no native functionality to track sessions or user activities or to help you exercise control over those sessions. So, whatever type of user session you want to monitor and manage, you will need a user session control plugin to help you do that. Let's take a look at what options are available and how you can use them for enhanced session control in WordPress.
User session control: what you need to know
When you think of live monitoring user sessions on WordPress, your mind may first turn to Google Analytics Real-Time Traffic Monitor.
While this tool gives you insight into what's happening with users on your site's frontend, it comes in the standard Google Analytics data format. Granted, this data is valuable, but we're talking about exercising control over user sessions, which means you need more details beyond the referrer source and location. You also need a way to revoke, grant, or adjust access when monitoring these sessions in real time.
If you are wondering why you would need user session control in WordPress, it boils down to this:
You want to make sure that users are doing exactly what they should be doing on your WordPress site. Sometimes that means you are studying their behaviors as customers or users. Sometimes that means you are monitoring the users who are contributing content to your site from the dashboard. And sometimes it's about taking a more active approach to monitoring fraudulent activity that could put your WordPress site at risk.
User session control on the dashboard
There are two ways that users can influence your WordPress site: from the main admin and from the front-end gateway you have opened to them. Let's focus first on how to manage user session control on the dashboard.
Basically, this type of WordPress user session control will be useful for the admin who needs to oversee a growing list of contributors. These could be:
- WordPress developers or designers
- Contributing Bloggers
- Content Editors and Quality Assurance
- Professionals of SEO
- Multisite Administrators
- General users on the client side
As the list of users grows, it's important to have a way to track who is logging in, how often they log in, and what they are doing while on WordPress. By automating it with a WordPress Plugin or another third-party extension, you can take control and quickly adjust or block access if you believe access privileges are being abused. You will also be able to quickly identify the party responsible for any changes that have affected the site (intentionally or not).
It's also a good way to keep an eye on who is contributing to the site. Let's say you've paid someone to work on SEO improvements on the site, but find that there is no recent login activity. You will have an official file that you can bring to them while discussing the matter.
When it comes to the types of tools you can use for this, there are a number of options you have depending on how much control you need to exercise and how much information you want to collect about your users:
Defender security plugin
If you are probably already familiar with the audit logging capabilities of this plugin. If not, here's how it works: Defender will provide you with audit logs regarding user activity on WordPress. Even better, you can create automated reports that deliver these logs right to your inbox.
This user session tracking tool can provide you with information about:
- Who logged into WordPress
- What did they do on WordPress in regards to content, media etc.
- What did they do on the backend regarding systems and settings
Not only is this a great way to keep an eye out for hackers, it also lets you create a record of what other users (like freelancers, employees, or customers) have been doing. This way when something goes wrong you will be able to attack quickly and fix the situation.
User Session Control
- USERNAME
- first name
- E-mail address
- Role
- When the last session was created
- When the session has expired
- IP address
If you have determined that there is a reason for banning a user from WordPress (e.g. if you believe the account was hacked, you recently fired the employee, etc.), you can immediately revoke access with a “Destroy session” option.
Ban Users
Do you have a problem with security breaches or users violating the terms of service on your WordPress site? If yes then you can use this WordPress Plugin. It works quite simply. You set the rules for what happens when you ban a user, including sending them a specific notification and changing their role after the violation. Once you ban a user, their status changes in the Users menu.
There are a few premium features available that may be of interest to you as well. Most of these relate to providing information about IP addresses and geographic locations, but most of these can be managed and controlled if you are using a WordPress security plugin or a geoblocking plugin.
WP security audit log plugin
The Audit Log Viewer tells you when an alert has been generated regarding user activity. This is good because it will help you track security issues in real time. You can also create alerts for any type of changes made to, roughly, any on your site, including:
- Updates
- WordPress system settings
- Updates
- Plugins and themes
- Multisite users, websites and themes
- User profiles
- User connections / disconnections
- Page and message content
- Comments
- Menus
- Widgets
- BbPress Forums
- Products WooCommerce
However, to see which users are logging in, logging out, updating content, adding new themes, changing settings, etc., you need to switch to premium version of WP Security Audit Log plugin.
