Large ecommerce shops have many things that need to get done to keep them running smoothly. Those tasks could include updating inventory, changing product descriptions, doing order fulfillment, or adding store coupons there are plenty of things to get done on a given day. Often shops benefit from hiring people to do work on on the site. With more people having access to the shop it’s important to keep track of changes that are made on the site.
Two issues of accountability arise when multiple people have access to the store:
- What do people have access to
- What changes did someone make in the store
We’ll talk about the first question in the next post. Today we’re going to talk about recording what people changed in the ecommerce store by using setting up a WooCommerce audit log.
What is a WooCommerce Audit Log
An Audit log is a record of actions taken on a site. This could be as simple as notes on a piece of paper. Or it could be as complex as taking database snapshots and recording queries in mySQL. Audit logs are used for recalling what changes were made, when they were made, and by whom.
For this example we’ll be using Stream for the WooCommerce audit log. Stream is a free plugin for WordPress that tracks the changes that users make in the admin. It is free and works with WooCommerce out of the box!
What Stream Does
Stream monitors your WordPress site and records details about every change that happens in the WordPress admin. Whenever a user logs in a record is created. Whenever a post is updated a record is created. Whenever a product is created or a WooCommerce setting is modified a record is created.
The records that Stream creates consists of the following data:
- Date and time the change happened
- Summary of the change, Ex: “Selling Location(s) setting updated”
- The user that made the change
- The context of the change, Ex: WooCommerce -> General Settings
- Action, Ex: Updated
- IP Address the change was made from
This information is invaluable when trying to track down a change made on the site. If something was updated by mistake it is easy to figure out who made the change and when they did it. An audit log like what Stream produces can be valuable in tracking down editorial mistakes or malicious edits on the site.
What Stream does not do
Stream will record that a change was made, but does not record details of the change such as the before and after text of a post’s content. This data is available with WordPress revisions. Stream’s records and WordPress revisions can be correlated to create a detailed historical picture.
How to install
Installing Stream is very simple. From the WordPress dashboard hover over Plugins, and press Add new.
In the Search Plugins field type ‘Stream.’ The first result should be ‘Stream’ by Stream. Press Install Now.
After the plugin is installed press activate the plugin. Go to Stream > Settings to get to the settings page. On the General tab under the Role Access section uncheck all roles except Administrator. This will keep the audit log records visible to only store administrators.
After Stream has been active on your site for some time you can go to Stream > Stream to view the audit log records.
Records can be filtered by time, user, context, or action. There is also a search option available.
Local Database vs. Remote
By default Stream 3.0 stores data in the local database where WordPress is installed. If your store has few trusted administrators and the audit log visibility is limited to admins only then it is enough to keep the records away from users with lower privileges.
But, how do you keep store audit log records secure from malicious intruders who would alter or delete the WordPress database? This is where a remote repository comes into play. Japh Thomson recently shared a tutorial on how to use Stream with a remote data repository. That way if the WordPress site is compromised the remote audit log will remain available.
Adding an audit log to a WooCommerce store is fast and simple using Stream for WordPress!