WP Security Audit Log plugin is the most comprehensive activity log/audit trail plugin with the broadest coverage. It is a record of plugins, themes, and WordPress core changes, users activity (such as content changes), site settings changes, break-in attempts, WooCommerce store, and product changes, and everything else that happens on your website. WordPress does not have any built-in logging mechanisms, so the best way to keep a security audit log is to install the WP Security audit log plugin.
Source: https://thehackernews.com/2019/08/wordpress-activity-logs.html