Audit Trail Plugin


Download: Audit Trail
Other: | SVN
Support: Forum

Audit Trail is a plugin to keep track of what is going on inside your blog. It does this by recording certain actions (such as who logged in and when) and storing this information in the form of a log. Not only that but it records the full contents of posts (and pages) and allows you to restore a post to a previous version at any time.

To summarize:

  • Log of user actions inside your blog – useful for finding out who did what in a multi-user system
  • Extensible, allowing other plugins the ability to add and display items in the Audit Trail
  • Ability to track registered user page visits
  • Fully localized


The plugin is simple to install:

  1. Download Audit Trail
  2. Unzip
  3. Upload audit-trail directory to your /wp-content/plugins directory
  4. Go to the plugin management page and enable the plugin

You can find full details of installing a plugin on the plugin installation page.

NOTE: If you are upgrading from a pre 1.0 version please de-activate and then re-activate the plugin. This will upgrade your database tables (unfortunately any existing Audit Trail data will be lost).

Audit Trail is available in the following languages (included in the plugin):

If you are multi-lingual then I always appreciate any translations that you can provide.


Once the plugin is installed then your actions are already being recorded. You can view the Audit Trail log from the Manage/Audit Trail page.


Note that some entries in the log can be clicked and will expand to show more details.


From the options page you can configure exactly what actions are audited. Any plugins that support Audit Trail will also display themselves here.


Users with the ‘edit_plugins‘ or ‘audit_trail‘ capability can view and administer the Audit Trail plugin. The ‘audit_trail‘ capability can be added with the Role Manager plugin.

Support & Bugs

Support and feature requests should be made through the Audit Trail support forum. You can contact me directly but I spend a very limited amount of time on direct support and you stand a better chance of being answered through the forum.

If you find the plugin useful then please do consider making a donation – it is appreciated and helps towards the maintenance of the plugin.


202 thoughts on “Audit Trail Plugin”

  1. Does this work on pages, too, or just posts? I realize they are in the same DB table, but it seems like few plugins actually work with both…

  2. Congratulate yourself on a very good plugin. Works wonderfull and in terms of functions added to the default WordPress instalation, it has an impact on workload and work management.

    Great job, good idea implementing it. We hugg you :D.

  3. You will get an audit trail for all posts. Remember that you need at least 2 edits for a post to show a history. An existing post will have been edited before Audit Trail, and will only have a post history when you edit it two times after installing Audit Trail

  4. Great plugin ! it’s not the missing versioning feature I hope WP will get soon, but it’s useful anyway.

    Any leads on future developments ?

    I am looking for a tracking WP plugin (log and track actions for registered users), stg like your plugin, but for the front end side 🙂

  5. Hi, many thanks for a crucial plugin! How can I make the Audit Trail page in the admin panel viewable for other users than the admin? In other words, were do I chance the user level for this plugin?

  6. I’m getting the following error when trying to view a posts audit trail:

    Fatal error: Class at_ajax: Cannot inherit from undefined class dh_plugin in /home/turk/domains/ on line 5

  7. In post.css there is mention of:


    These files are not included? Am I missing something?

  8. Really nice plugin.
    Currently does not function.

    Manage/Audit trail/
    –> A “Csv” links appear above the Audit trail title. This link does not work.

    –> The menu is ok. The “view” button does not work.
    Only one comment. I would like that Audit tray use the same box interface as the trakbacks, custom fields… Is nicer and practical to move or closed the box to obtain a cleaner interface… There are a lot of modules that add their own block under the edit area and the rendering is progressively unaesthetic and unpractical.

  9. Fabrice, both those features work fine for me. Can you provide more details about your setup? Is the plugin inside the ‘/wp-content/plugins/audit-trail’ directory? The plugin is already using the same box interface as trackbacks

  10. Sorry to the delay, but I am not a specialist and I have a dsl connection only 2 days per week at work. I have opened the main audit-trail php file. You have addresses that use both /\ slashes. I have modified the slash so that only / are used and then the csv link now work. Supposed to explain all problems ?
    > The plugin is already using the same box interface as trackbacks
    Strange. There is no way to minimize or extend or move the box like the others… All other installed sidebox modules work fine so I do not know.

  11. Thanks for a great plugin!

    After updating Audit trail now monitors a lot of thinks that it didn’t do before. For example everytime I edit och update a post, there is a page view registered for things like:


    Other files used by different plugins are also monitored. How can I exclude these types of page loads from showing up in the trail?

  12. hello again, another question: the version numbers (when editing a post) seems to bee in reverse order, i.e. the oldest post is no longer number 1. Can I change this back to the more conventional way?

  13. Just upgraded from 0.3 to 1.0.1, and thought I’d share a few issues I had.

    In summary, everything worked fine except that all IP’s were being logged as I had to edit models/audit.php, and change $data[‘REMOTE_ADDR’] to $_SERVER[‘REMOTE_ADDR’]. Once this was done, I also had to modify the wp_audit_trail table – the column for IP was signed by default, and thus any address above wouldn’t get logged properly. Changed the IP column to unsigned, and now everything works as expected.

    This was with WP2.2, Mysql 5.0.23 and PHP 5.2.0.

  14. Fabrice: Are you using Windows?

    Manne: The order of posts is intentionally reversed. This makes your most recent edit appear first, and the older ones appearing further down the list. This seems to reflect what would be the most likely usage. As for the other issue, Audit Trail has an option to log ‘registered page views’. When you are editing a page the preview area will cause a page view to be registered. If you don’t want this then disable the page view option from the Audit Trail options.

    Moogle: Thanks for the note. You are correct in both instances and the typos have been fixed in 1.0.2

  15. Thanks for your reply John. The order of the edits is no biggie but I still would have preferred it the other way.

    If I turn off the “register page views” option then no post views will be audited I guess? All I want is to block file views that are not actually page views but rather files used by plugins (like javascript etc). Any way to do that?

  16. Manne, I can’t reproduce the problem you are seeing with external files. Audit Trail should not be able to log access to these files as they happen outside of WordPress. If they are appearing in Audit Trail then it means that something on your site (whether a plugin or theme) is forcing them to go through WordPress, and so be picked up by Audit Trail. Does the problem only occur on the xinha plugin?

    I’ve added an option to reverse the order of edits.

  17. thanks for the great plugin!!! I have a small problem: the search on top of the page does not seem to work. I am typing a user name, which is listed and got ‘no results’, same with the IP. Am I missing something?
    Also, are you thinking to implement the ability to filter the results (like excluding the actions of the admin for example)

  18. Hi Pret,

    The search does work, it just doesn’t search user names! Doing so isn’t going to be a small change so I’ll put that and your suggestion for filters onto the list for the next version.

  19. Ouch… I am working elsewhere!
    I test wordpress using easyphp… I am not a real wordpress user (yet?).

  20. Hello John

    No it’s not just xinha, also pictures, javascript files etc used by the theme and by plugins are being logged, for example:


    All these came from one single post view.

  21. I keep getting the following error when I activate the plugin:

    Fatal error: Call to undefined function: wp_enqueue_script() in /home/grapethi/public_html/wp-content/plugins/audittrail/audit-trail.php on line 50

  22. Manne, I’m at a loss. Something on your site is causing all requests to be routed through WP, resulting in Audit Trail to pick them up and also being a performance slowdown (hits to static files, like images and CSS, should not touch WP). Maybe it has something to do with your .htaccess file?

  23. ok, I guess that has to be it… this is my .htaccess :

    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

  24. your were right John, I deleted the htaccess-file and now Audit Trail works as aspected! I wonder what plugin created the file in the first place..

  25. The file should be created by WordPress itself, and the file you posted above shouldn’t cause a problem. I’m actually surprised that your site is still working afterwards!

  26. Strange…

    one thing still doesn’t seem to be right though, the page views that are now monitored are diplayed as “/?p=40” instead of “Title for post nr 40”. Page edits are showed with the right title

  27. I like this very much, but I find that when I use the admin-ssl plugin with the audit-trail plugin the “view” feature for previous versions does not work (shows the animated progress icon but nothing happens). When I go and deactivate the admin-ssl plugin everything works again. I’d like to have both secure logins and the audit trail working.

  28. When displaying versions in ascending date order, only the first 10 versions are shown which means that any version after nr 10 can not be viewed.

  29. hi

    thanks for the nice plugin, very useful and so far not using up any resources.

    i was wondering if i can disable the tracking of certain users or ips, like my account (admin) i don’t need to see my own movements, is it possible to filter that?

    thanks agin

  30. John: 10 versions are enough, the problem is that when you reverse the order you’d like to see the 10 most recent versions/edits, not just the 10 first ones

  31. Hi, I’m not getting any results from the plugin even when I make repeated changes to posts and pages. I think it might have to do with the "change options" settings; when I check the appropriate boxes and hit "save options", it erases all my checks but adds one to "check for new updates"…I thought maybe it had to do with permissions, but I’m the admin, would I still need Role Manager? I’m a beginner so I do apologize if this is a silly question!

  32. Dialoin, fixed in 1.0.5

    Pysc, you don’t need the Role Manager plugin. No one else has reported this problem so its likely to be specific to your installation. Try the latest version and if you still can’t save options then send me details of your host

  33. My plugin installation appears to be broken at a basic level. I installed on a site with existing posts, then edited a post a few separate times. When I go to view one of the previous versions, I select it from the dropdown menu and when the view button is pushed, nothing happens. Using Firefox, error console shows audit_view not defined.

  34. I figured out my problem. The ssl capability check that was recently added does not work in my environment. Apache was installed to be used with Plesk (server administration) only, which uses ssl. The blog is installed on the main web server which is using IIS (http only). In this scenerio, the .js was trying to load from the https site (which was wrong one). I commented out the check, which fixed the issue.

  35. This is a wonderfull tool for our multi-user blog.
    Thanks for sharing it.

    I would be happy happy happy if Audit Trail also would
    – log failed login attempts
    – log password resets
    – alert me by email or run a script when there are too many login failures or pwd resets
    (I’m thinking of time limited dynamic IP blocking here…)

  36. John: Great!

    I just noticed that the date/time recorded by Audit Trail are two hours off, I guess it has to do with GMT since I’m at GMT+2. How could I fix it?

  37. I have "Registered user page visits" enabled on Audit trail, but I keep on getting flooded with "View Page – /favicon.ico" views. This is in WordPress 2.3 install. Any way to exclude specific files or just /favicon.ico?

  38. This looks like what I’ve been looking for, but when I try to view the difference between two revisions, part of the page I am looking at is replaced with my site’s 500 server error message.

  39. Designer, favicon.ico shouldn’t appear in the logs. Only pages that are served through WordPress will appear in the log. If favicon.ico is appearing then it means it is being served by WordPress, which is not supposed to happen. A possible cause of this would be a .htaccess file – see comment 38.

    Endolith, what part of the page?

    Manne, times are recorded in the timezone of your server. Does that still make it 2 hours off?

  40. It started working on its own! This looks great.

    What was happening is:

    If I do Manage –> Audit Trail, and click one of the "Save post" links, the area where the edit box would appear opens up, but then it is filled with my site’s custom 500 server error message, including CSS, which screws up the style for the entire page I am viewing.

    If I do Manage –> Posts, and click the "View" button for a revision, it shows the 500 error where it would have shown the diff between revisions.

  41. When I click on the "View" button to the right of the various version listings when editing a post, nothing happens.

  42. I can’t reproduce this problem, Dan. I’ve tried viewing the versions in FireFox, Safari, IE6, IE7, and Opera, and they all work without any errors. Are you using a different browser?

  43. Hi, I tried to install the plugin, but received the following error when trying to activate it: Plugin could not be activated because it triggered a fatal error.

    I am running version 2.2.2. Any ideas before I dig into the code?

  44. This is brilliant. The best. It’s working for me 99%, but for one thing:

    Under the audit trail attached to the post edit view, some of the entries have the following error:

    Warning: assert() [function.assert]: Assertion failed in /home/storyc/public_html/beta/wordpress/wp-content/plugins/audit-trail/lib/Text/Diff/Engine/native.php on line 202

    But then the previous version is still displayed afterward.

    By the way, have you ever heard of Zensor? You guys should get together, you could build the greatest moderation queue plugin ever.


  45. I really have a tremendous appreciation for Audit Trail! One minor enhancement I would love to see is the ability to search IP addresses. Thanks so much for all your efforts!

  46. Dalton, fixed

    Violet, I’ve added the ability to search by username. Searching by IP is more tricky, so I’ve left that out for now.

  47. Great plugin. I am however only able to view the first page of the audit. Any other pages gives a "Cannot load audit-trail.php." error message even when I use the Next link or click on the page # under Manage>Audit Trail. Does anyone know why this is the case?

  48. John, the page says: NOTE: If you are upgrading from a previous version please de-activate and then re-activate the plugin. This will upgrade your database tables (unfortunately any existing Audit Trail data will be lost)

    …so it should be ok to upgrade, contrary to the page’s statement?

  49. Great work!

    I have the same problem describing in posts #28 and #56. I don’t know if .htaccess really cause that problem (not tested), nethertheless I have to use that file. Its content is

    Options FollowSymLinks

    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    I’ve took a look at my database and the entry of the field operation is template_redirect.
    Ok, nice information, but what can I do to avoid logging of favicon.ico?

    THX again for your plugin 😉

  50. JP, I should reword that section, but what it means is that data will be lost if you are upgrading from a pre 1.0 version. After that your data is retained.

  51. Hi, I’m trying to localize AT and have made a file that I’ve put in /locale. I’ve also changed $locale to sv_SE in plugin.php. What else do I have to do to make the translation kick in?

  52. John – looks like time for changes when looking at the audit trail are taken from server time. At least it doesn’t heed my wordpress settings. I’ve seen that with another plugin I’m using (cforms), developer found that the time was pulled from database settings. This something easy to change? So AuditTrail picks update time from blog settings?

  53. Hi John, I would like to know if this plugin is compatible with the WordPress Multi User version of the blogger.
    Thank you.

  54. Hi there,
    I’ve just downloaded version 1.0.8 of your great plugin.

    WordPress’ Plugin Management area still says "There is a new version of Audit Trail available. Download version 1.0.8 here."
    I had a look at audit-trail.php – it says "Version: 1.0.7" in the header.

    Is your site linking to the wrong zip, or has the version line in audit-trail.php not been updated?


  55. Gina, I’ve never used WPMU and don’t know what the differences are to be able to say whether it works or not. Let me know either way!

    Will, you’re right, for some reason the file is 1.0.7. I’ve updated this to 1.0.8

  56. Hi John,

    I installed it for WPMU, and so far its working great, I’ll write later if I encounter any problems.
    Thank you.

  57. Hey John,

    I just wanted to let you know you have a great plugin!
    However, with the time issue, you add the gmt offset to the server time, not local time.

    I fixed it by editing the audit_trails.php file to add the (local time – server time) offset instead of gmt offset.

    Maybe you can address this in the next release.


Leave a Reply

Your email address will not be published. Required fields are marked *