Help Documentation

VMP™ Security plugin documentation and support

Free Support

Support for users of the free version of the plugin is available on our support forums. The majority of features shown are available in the free version of VMP™ Security which helps protect millions of sites around the world.

Go to support forums

Access Upgraded Support Now

Our support engineers, equipped in Premium tickets within a few hours on weekdays, will be pleased to help you with advanced topics, provide comprehensive answers to your questions, and respond to all others in 24 hours or less.

Premium Support

Audit Log

The VMP Security Audit Log records meaningful events on your WordPress site — user creation, plugin installation, configuration changes, login activity, and similar — so you have a chronological record to consult when you need to understand what happened, who did it, and when. The Audit Log is included in the free version of VMP Security; there is no Premium or paid tier requirement.

In This Article

How the audit log works

The plugin captures events as they happen and stores them locally in a database table (vmpfence_audit_log). The Audit Log page in the WordPress admin lets you browse and filter the captured events; if the site is connected to VMP Security Portal, the same events also flow to the Portal so you can view audit history across multiple sites in one place.

Setting up the audit log

  1. Open VMP Security → Audit Log in the WordPress admin.
  2. Choose a logging mode: Preview or Significant Events (see below).
  3. Save. Events begin recording from this point forward.

Connecting the site to VMP Security Portal is optional but recommended for centralised review across many sites; it does not change what is captured locally.

Logging modes

  • Preview. A lightweight mode that records a small number of high-signal events (logins, plugin activations, settings changes) so the Audit Log page is useful at a glance.
  • Significant Events. The recommended mode. Records user, role, settings, plugin/theme, login, and update events — the events most useful during incident response.

Viewing audit log entries

The Audit Log page shows captured events in reverse-chronological order. Use the filter controls at the top to narrow the view by event type, user, IP, or time range.

Each entry shows who triggered the event (signed-in user or visitor IP), what kind of event it was (user created, plugin activated, setting changed), the affected resource (which user, which plugin, which setting), and a timestamp. A details panel expands to show before/after values for changes and any additional metadata captured for that event type.

Privacy and data handling

Audit Log data is stored on your server in your WordPress database. It does not leave the site unless you explicitly connect to VMP Security Portal. Even with Portal connected, sensitive content (such as message bodies or post content) is not captured — the audit entries record who did what, not the substance of edits.

Troubleshooting

  • Some events never appear. Several events depend on WP-Cron. If WP-Cron is not running, async event capture can stall. Set up a real cron job that calls wp-cron.php on a schedule. The Diagnostics tab tells you whether WP-Cron is healthy.
  • Custom-role creation is not logged. Some plugins create custom roles in non-standard ways that bypass the standard WordPress hooks. If a plugin you use does this, the custom role can appear without an audit-log entry.
  • An event has missing data. Some plugins issue REST API or other requests with incomplete metadata. We log what we can; missing fields show as empty in the entry.
Contents