Creating a WooCommerce Audit Log

 

Large ecommerce shops have many parts needed to keep them running smoothly. Those items could include updating inventory, changing product descriptions, doing order fulfillment, or adding store coupons.  There are plenty of things to get done on any given day. Often shops benefit from hiring people to do work on their site. With more people having access to the shop, it’s important to keep track of changes that are made on the site.

Two issues of accountability arise when multiple people have access to the store:

  1. What people have access to
  2. What changes someone makes in the store

We’ll talk about the first question in the next post. Today we’re going to talk about recording what people change in the ecommerce store by setting up a WooCommerce audit log.

What is a WooCommerce Audit Log

An Audit log is a record of actions taken on a site. This could be as simple as notes on a piece of paper, or it could be as complex as taking database snapshots and recording queries in mySQL. Audit logs are used for recalling what changes were made, when they were made, and by whom.

For this example we’ll be using Stream for the WooCommerce audit log. Stream is a free plugin for WordPress that tracks the changes that users make in the admin. It is free and works with WooCommerce out of the box!

What Stream Does

Stream monitors your WordPress site and records details about every change that happens in the WordPress admin. Whenever a user logs in, a record is created. Whenever a post is updated, a record is created. Whenever a product is created or a WooCommerce setting is modified, a record is created.

The records that Stream creates consists of the following data:

  • Date and time the change occurred
  • Summary of the change, Ex: “Selling Location(s) setting updated”
  • The user that made the change
  • The context of the change, Ex: WooCommerce -> General Settings
  • Action, Ex: Updated
  • IP Address where the change was made from

This information is invaluable when trying to track down a change made on the site. If something was updated by mistake, it is easy to figure out who made the change and when they did it. An audit log like what Stream produces can be valuable in tracking down editorial mistakes or malicious edits on the site.

What Stream does not do

Stream will record that a change was made, but does not record details of the change, such as the before and after text of a post’s content. This data is available with WordPress revisions. Stream’s records and WordPress revisions can be correlated to create a detailed historical picture.

How to install

Installing Stream is very simple. From the WordPress dashboard hover over Plugins, and press Add new.
In the Search Plugins field type ‘Stream.’  The first result should be ‘Stream’ by Stream. Press Install Now.

stream_wordpress

 

After the plugin is installed, press activate the plugin. Go to Stream > Settings to get to the  settings page. On the General tab under the Role Access section, uncheck all roles except Administrator. This will keep the audit log records visible to only store administrators.

Reviewing Data

After Stream has been active on your site for some time, you can go to Stream > Stream to view the audit log records.

auditlog

 

Records can be filtered by time, user, context, or action. There is also a search option available.

Local Database vs. Remote

By default, Stream 3.0 stores data in the local database where WordPress is installed. If your store has few trusted administrators and the audit log visibility is limited to admins only, then it is enough to keep the records away from users with lower privileges.

But how do you keep store audit log records secure from malicious intruders who would alter or delete the WordPress database? This is where a remote repository comes into play. Japh Thomson recently shared a tutorial on how to use Stream with a remote data repository. That way, if the WordPress site is compromised, the remote audit log will remain available.

Adding an audit log to a WooCommerce store is fast and simple using Stream for WordPress!

Get our best WooCommerce advice!

Delivered directly to your inbox

Your email is 100% private. We hate spam too. Powered by ConvertKit