On this page, you’ll find a highlight of what is new and improved with every update release of the WP Activity Log plugin. Entries are listed in chronological order, starting from the most recent at the top. For a complete and detailed list of all changes, including bug fixes, please refer to the [WP Activity Log plugin change log].
Here are some of the biggest changes to look forward to in this update:
Core code refactoring
The developers have been hard at work refactoring the plugin’s code – increasing speed and efficiency inside and out. While this does not necessarily equate to any visible changes, it improves stability and ensures the plugin can continue to receive updates well into the future.
The code refactoring update is quite large, and as such, has been split over a number of updates. This is the first such update, with two more in the pipeline.
We have also added a number of small updates to improve the overall stability and compatibility of the plugin within different environments. One notable update in this regard is better compatibility with PHP version 8.
UI and UX improvements
We have also made a number of UI (user interface) and UX (user experience) improvements to the reports module. While there are no big changes, the look and feel of the reports module is now much smoother.
Speaking of reports, we have also added a link in report emails to the Saved Reports tab, allowing for easy access to all generated reports.
Other notable improvements
This update includes more improvements than you can shake a stick at, making for an essential update that all customers will surely benefit from. Here are some of the more notable ones to keep an eye open for:
- Event ID 2002 is now reported when a user changes something in a post for which the plugin does not have a specific event ID
- Improved the way database table changes are detected by the plugin, with all event IDs used for database changes now being enabled by default
- Improved support for RTL setups in the activity log viewer
- The Filters and Save Changes buttons in the top bar always float at the top when enabling/disabling events
This version also includes a number of bug fixes, including edge-case issues with certain event IDs, an intermittent error when logging in from custom login pages, and a number of others.
We’ve worked long and hard on this release, which comes packed with tons of new functionality, improvements, and fixes. Additionally, we recently released a brand-new WP Activity Log extension for MemberPress – so do check it out if you’re using this plugin.
We now turn our attention to the new features of 4.4.3.
One of the plugin’s most appreciated features is the ability to write the activity log to an external system. With several options supported, this feature can help you ensure better resource management and continuity. You can now configure Syslog connections to use TLS while writing to a log file can now be done directly without going through the Action Scheduler.
The Users Session Management module also received some TLC and now includes some productivity-enhancing improvements that can help you get more done faster.
Individual user sessions can now be selected and terminated. This latest version also allows administrators to set session policies for super admins in a multi-site environment. This, coupled with several UI and UX improvements, will surely make session management a breeze.
We have also added a new event ID, which allows you to track whenever an event has been enabled or disabled. An activity log for the activity log if you will. Nice!
This version also includes several improvements to increase efficiency, security, and user experience.
We have made improvements to the logic of the login sensor for better custom login page support. In addition, we have improved the internal logging class and system, resulting in better efficiency and performance.
Of course, these are only some of the improvements we have made. This release also includes several bug fixes and many new features, all of which are listed in the WP Activity Log change log.
This version includes many UX and functional improvements for better stability and operation in a wide range of environments. We have also added a host of new features, including additional reports, white labeling options, and mirroring tags, which we discuss in further detail down below:
Some of the most significant changes in this release are related to the Reports module. We have improved the format and added a number of new statistic reports, and added new white labeling options for more control over the look and feel of reports generated through WP Activity Log.
New & improved statistics reports
Statistics reports are different from activity reports. Activity reports work as a partial/filtered export from the activity log, listing all activities chosen through the filter. On the other hand, statistics reports automatically work out how many changes of a specific nature happened on your website, making it that much easier to identify any abnormal activity.
For example, you can see how many user profile changes were performed during a specific week or month. You can also generate a statistics report to see how many new users have registered during a specific period on your website, among others.
Below are some of the new statistics reports being made available:
- Number of user profile changes
- Number of new user registrations and users with specific user role
- List of different IP addresses used by a user
- Number of page views per post
- Number of password resets
Reports white labeling
We have added more Reports white labeling options, including custom titles, headers, and the ability to add business name, contact details, and comments to every individual report. You can also add your business logo to the report’s header page and link the logo to a specific URL to improve the branding on reports.
With this update, the reports’ white labeling options have also been moved to a dedicated page in the Reports section, making them easier to find and manage.
Other release highlights
This release features many improvements and fixes, which we are sure our customers will appreciate. Even so, some of the biggest changes you’ll see in this version include:
Activity log tags for mirrored logs
If you use Loggly or Amazon CloudWatch mirroring, you will now be able to make use of tags. Tags are a metadata entry that effectively allows you to label activity log events for easier organization and filtering within the LMS (Log Management System). This makes it much easier to keep track of which logs are of which site when you have multiple websites writing to the same system.
Refactored import/export settings module
The module used to import and export the WP Activity Log plugin settings has been refactored and now covers more plugin settings. With this update, it is also possible to preview the settings before importing them.
Refactored plugin and database updating module
In update 4.4.0, we introduced a number of changes to the activity log database tables. Even though we thoroughly tested this update before releasing it, a number of technical issues and limitations were reported.
So in this update, we took the opportunity to refactor the update module and addressed some of the limitations. For example, before this update, administrators could only update to version 4.4.x from 4.3.6. Now, this is no longer the case, and updates can be installed from even older versions. However, we still recommend users avoid updating very old plugin installs directly to the latest version. To avoid issues, one should always keep the plugin up to date.
Other noteworthy improvements and fixes
Improved licensing SDK: One update that’s worth mentioning is an improvement to how licensing is handled on large deployments. Previously, some customers experienced time-out issues deploying WP Activity Log Premium on large multisite networks. To this end, improvements have been made to license verification that will ensure everything proceeds as smoothly as possible.
Improved sessions table schema: This update features another database table schema update. This time the update is for the sessions table. Now the plugin keeps a record of the session ID in the sessions table. This data is required to accurately apply the WordPress users’ session policies.
Improved WordPress activity log purging tool: The tool to purge WordPress activity log data now gives you the option to choose which data you want to purge. For example, if you search for a specific username, it gives you the option to choose between deleting the data generated by that user or deleting the data in which the user is mentioned. We have also added external database support, which allows you to purge activity log data saved in an external database.
Over the past few months, the team has been hard at work developing the next update of WP Activity Log. After several weeks of testing and customer feedback, we are proud to release it to the public.
The most significant change in version 4.4.0 is the reports module. Completely rewritten from the ground up, it features performance and usability improvements while introducing several new features to increase report benefits.
Of course, the reports module is not the only thing to look forward to when installing version 4.4.0. Here are some of the release highlights being included in this version:
- New reports for WordPress and features
- New events
- See users’ activity from the user page at the click of a button
- New extension for TablePress
- New database scheme
- See the number of logged-in users per role in the Logged In Users section
What’s included in the new reports module?
Before we take a deeper look into the changes included in this module, we want to take a moment to thank our customers. You have been an invaluable part of the process, providing us with valuable feedback. While we honestly wish we could have taken all feedback onboard, this, unfortunately, is not possible. Either way, we thank you for your support and commitment – you rock!
We have added a plethora of new report selections, giving you even more control over reports while using fewer filters. Reports can now also be generated in JSON format alongside HTML and CSV. On the other hand, statistics reports can be generated as HMTL, CSV, or PDF.
Other new features in the reporting module include a fresh new UI, the ability to set the time at which reports are sent, white labeling options, and many more.
What else is included with the update?
While the new reporting module is the most significant change in the update, it is not the only one. We have added new events, database schema changes, text and layout improvements, code optimizations, and much more.
This update, although not one of the biggest updates we’ve released, is an important update. It paves the way for a major release we have planned that includes, among many other things, a brand-new reports module that will truly be worth the wait.
Even so, update 4.3.4 includes a number of bug fixes and several new features, so updating to this version is strongly recommended.
As previously mentioned, 4.3.4 includes a number of new features and updates, including:
- Easily view users’ latest activity right from the users’ page at the click of a button
- Improved CSV reports with more data options available
- Inclusion of users’ role in logged-in users list
- Improved support for older versions of WordPress, starting from 5.6
The update also includes several other updates and bug fixes, helping you make the most out of WP Activity Log while getting you ready for the upcoming major update.
Settings configuration import and export
This new feature lets you easily import and export WP Activity Log’s configuration settings at the click of a button.
This useful feature, which has been designed with ease of use in mind, can be used to back up your plugin’s configuration settings. It can also be used by agencies and businesses who want to standardize their WP Activity Log’s configuration across a number of websites easily.
Delete specific data from the activity log
This feature allows site admins to delete log data that originates from a specific user, IP address, or other criteria from the log.
This feature can be used to comply with users’ requests to delete all data about them in compliance with acts such as GDPR in Europe and CCPA in California, US. It can also come in handy in other situations, such as the deletion of noise created by a particular event or change.
Coverage for REST API requests
WP Activity Log now keeps a log of changes done via REST API by authenticated users.
With REST (REpresentational State Transfer) API continuing to gain popularity in automating and integrating software applications, there is no doubt that many will find this feature useful as we continue to expand the plugin’s coverage to make sure it meets the demands of today’s WordPress websites.
Other noteworthy improvements in this update
On top of the above, we have also included the following improvements in this version update or our activity log plugin for WordPress:
- A number of new event IDs to keep a log of settings, integrations, and notifications changes in the WP Activity log plugin
- The ability to terminate the users’ sessions that match a particular search criteria
- The hover-over prompt for users in the activity log viewer now displays more information about the users
- Improved coverage of changes done via the Members plugin (plugin by MemberPress)
- New hook (wsal_event_data_before_mirror) that allows you to filter what activity log data is sent before it is mirrored
Following our previous update, which was released back in May, we have sought to address bugs and issues while elevating your experience working with WP Activity Log. To this end, we are introducing valuable features to make your life easier and your WordPress website more robust.
Updates worth shouting about
While all updates and fixes bring something to the table, here are some of the updates that are truly worth shouting about.
A brand new external database module
The external database module is something many WordPress administrators use to store activity logs in another database. The previous module had some issues when migrating activity log events from the WordPress database to the new external database. This mainly happened during setup after upgrading to WP Activity Log’s premium plan. While workarounds were possible, the new database module included in this release makes data migration a breeze, including scenarios where an external database is used.
The new module offers better performance and reliability and also includes explicit support for Microsoft Azure MySQL databases. It also has a new UI, which translates to a superior user experience.
WP Activity Log logging
One of the most requested features has been for WP Activity Log to log its own activity. We have now included this functionality in the new release.
You can easily access events from the Enable/Disable Events menu under the WordPress & System > Activity Log plugin tab. Below is a list of the new event IDs:
- ID 6046: enabled/disabled the Login Page Notification
- ID 6047: changed the text of the Login Page Notification
- ID 6048: changed the status of the Reverse proxy/firewall option
- ID 6049: changed the Restriction Access setting
- ID 6050: changed the list of users that can view the activity log
- ID 6051: enabled/disabled the Hide plugin in plugins page setting
- ID 6052: changed the activity log retention policies
- ID 6053: excluded/included back a user in the activity log
- ID 6054: excluded/included back a user role in the activity log
- ID 6055: excluded/included back an IP address in the activity log
- ID 6056: excluded/included back a post type in the activity log
- ID 6057: excluded/included back a custom field in the activity log
- ID 6058: excluded/included back a user profile custom field in the activity log
For a complete list of all the changes the plugin can keep a log of, kindly refer to the WordPress activity log event IDs.
Other noteworthy updates
Here are some other noteworthy highlights you can look forward to when installing the latest version of WP Activity Log.
Full support for PHP 8: The plugin now enjoys full support for PHP version 8.
New report filtering criteria: Previously, reports had the option of either including all or specifying what to include. We have now added a third option to include all but – which works similarly to exclude.
Better vendor support: An issue with reports where they failed to download correctly from WordPress sites hosted at particular vendors has been ironed out and will now work as expected.
Code optimization: Obsolete code that was no longer in use was removed from the free edition of the plugin.
Announcing new pricing model and plans for WP Activity Log
Today (May 20, 2021), we are adding a new Enterprise subscription plan and adapting the current plans, to best accommodate users’ growing needs. These changes will only apply to new purchases, so if you’re on an existing active subscription plan, nothing will change for you.
Introducing the new plugin plans
The introduction of the new plans aims to give more options and make it easier for users to choose the right plan that meets their requirements. With more options available, new users will be able to select the right plan without paying for something that they might not use.
The new Enterprise plan is designed for bigger businesses and enterprises which require priority support ($199 / year for a single site license).
Other big changes in terms of included features in specific plans are the Activity logs in an external database, Integration with third-party services such as Slack and Amazon CloudWatch, and the Users sessions management features, which are now included in our updated Business plan.
For a complete overview of our new pricing plans and a detailed list of features, head to our updated pricing page.
These changes help us to continue offering you the best product, no matter the size of your business while ensuring that the level of service matches. We have lots of exciting things in store for WP Activity Log this year, including a new revamped Reports tool and much more.
Why are we changing the prices?
The last time we made changes to our prices was in 2018. Since then, the quality of our plugin improved drastically, and a number of new features have been introduced since then. Also, the coverage of the activity log plugin improved a lot; we enhanced support for third-party plugins and developed many other improvements. All of this allowed us to transform WP Activity Log from a simple activity log solution to a feature-complete WordPress monitoring & security activity log solution with the broadest coverage.
As we mentioned before, current customers will stay on the old pricing plans as long as they keep renewing.
With the latest WP Activity log update 4.3, we have introduced more features that allow for integrations with third-party services. We have received many requests for this feature from businesses and enterprises. Consequently, these new prices reflect the more technically challenging features.
The highlight of this update is the much-improved mirroring feature that allows you to mirror the WordPress activity log to a centralized logging solution and services such as Amazon Cloudwatch and Slack.
We’ve also updated the format, text, and severity of the events following the RFC standards. So without wasting any more time, let’s dive right in to see what is new and improved in this exciting update.
The upgraded activity log mirroring module
With the WP Activity Log plugin, you can mirror the activity log to a number of third-party services, thus allowing you to have the websites’ logs in your central logging solution, and also ensuring that when something happens to the main activity log server, no data is lost, and it is still accessible.
Here’s the updated list of supported logging solutions:
It sounds impossible for admins to individually check every log on every website in their environment. By improving the mirroring module and the support for more third-party integrations, admins can easily monitor their environments and track key website changes. Log centralization can also help enable quicker anomaly detection, even as your infrastructure grows.
With centralized log management tools, WP Activity Log can help admins catch potential errors and suspicious traffic patterns by providing real-time visibility.
For more information on mirroring activity logs and benefits, refer to Mirroring the Activity Log – Everything you need to know.
Updated format, text, and severity of activity log events following the RFC standards
We have also updated the format, text, and severity of the events. Now we are following the RFC standards, which makes it very easy to parse and read the data with third-party solutions. For example, directly importing the logs to Splunk.
Improved activity log coverage
We aim to improve activity log coverage with every plugin update. In this update, we have included these two new events:
- ID 6045: User changed the site language
- ID 4029: Admin initiated a user password reset
Refer to the complete list of activity log event IDs for more information on what changes can WP Activity Log keep a log of.
Preparing for update 126.96.36.199
The most important improvements in this update are how the event IDs are defined in the plugin and how each event and metadata are processed.
This preliminary work was needed, so the plugin has better support for Syslog, PaperTrail, Slack, and many other integrations with third-party services that will be featured in the upcoming release 4.3 of the WP Activity Log.
As expected, version 4.3 will introduce lots of new features and additional improvements, so make sure to stay tuned.
With this update, the plugin and all its modules have been updated to support any type of date and time format that WordPress supports. We’ve also introduced a couple of new features, and of course, improved the coverage of the activity logs.
So, let’s dive right in for a highlight of what’s new & improved in this update.
Support for any type of date and time format
Previously, if you have used the WP Activity Log plugin on a website that has non-western time and date formats, such as Japanese formats, you might have noticed that the date and time were displayed incorrectly. Most probably, you have also encountered problems when trying to generate reports or adding date filters.
Starting today, this will no longer be a problem. With this update, WP Activity Log supports any type of date and time format that’s supported on WordPress. Therefore, if you can configure it in WordPress, WP Activity Log can read and understand that format.
Keep a log of date & time format changes
To complement the new feature above, we’ve added a number of new event IDs that can keep a log of changes to the date and time formats and the timezone settings as well. Here is the list of the new event IDs:
- ID 6040: Changed the Timezone in the WordPress settings
- ID 6041: Changed the Date format in the WordPress settings
- ID 6042: Changed the Time format in the WordPress settings
Improved activity log coverage of WordPress settings, multisite network settings & more
In addition to all the above, we’ve also drastically improved the coverage of the activity logs sensors with a number of new event IDs, focusing on WordPress settings, the application passwords, and several other areas. Here’s the list of new event IDs:
New event IDs for changes in posts
- ID 2129: User added / changed / removed a post’s excerpt
- ID 2130: User added / changed / removed a post’s featured image
New event IDs for application passwords
- ID 4025: User added / removed application password from own profile
- ID 4026: User added / removed application password from another user’s profile
- ID 4027: User revoked all application passwords from own profile
- ID 4028: User revoked all application passwords from another user’s profile
New event IDs for changes in WordPress settings
- ID 6035: Changed the Your homepage displays WordPress setting
- ID 6036: Changed the homepage in the WordPress setting
- ID 6037: Changed the posts page in the WordPress settings
- ID 6044: User changed the WordPress automatic update settings
New event IDs for multisite network settings
- ID 7007: Changed the setting Allow site administrators to add new users to their site
- ID 7008: The value of the Site upload space setting was changed
- ID 7009: The value of the file size allowed in the site upload space setting was changed
- ID 7010: Changed the list of allowed file types on the network
- ID 7011: Changed the value of the maximum upload file size network setting
Other new event IDs
- ID 1010: User requested a password reset.
Refer to the complete list of activity log event IDs for more details about each event ID and what change it represents.
Standardized all activity log messages
In this update, we’ve also standardized the text, format, and metadata formatting of all the activity log events.
With this change, we aimed to optimize ease of use by further improving the readability of the WordPress activity log, thus making it neater and easier to understand when scrolling through the Activity Log Viewer.
As you can see in the screenshot below, from now on, the formatting and order in which the metadata is reported is always the same.
BREAKING CHANGE: mu-plugin method for custom event IDs no longer supported
Up until this update, users had two different methods available that they could use to add custom event IDs, via a mu-plugin or by developing their own extension. However, from this update onward, we will only support one method; adding custom activity log event IDs via an extension.
By dropping the old method, we were able to reduce the plugin’s code base, improve the plugin’s performance, have more manageable code, and, most importantly of all, can now focus on this method and further develop it to give the users more options.
Other noteworthy improvements
Like with every other update, we have also included a number of other improvements that are worth mentioning. Below is a highlight:
- Improved coverage of users’ login/logout / failed login activity on custom login pages.
- Consolidated the code that generates the activity log messages.
- Improved several database queries for much better plugin performance.
- Users who hide the plugin from the plugins page now get a notification when a plugin update is available.
- Support for URL rewrites and page names (correct page title reported even if the page is a URL rewrite).
- Added support for CloudFlare HTTP headers – plugin reports correct IP when website is behind CloudFlare CDN or firewall.
We are excited to announce the release of three plugin updates:
We have to release these three updates at the same time because of a number of new features and changes that we have done in all plugins. So to use the features mentioned in this post, you have to use the latest version of each plugin. If you do not update the plugins, they will still work, but you can’t use the latest features.
Let’s dive right in for a highlight of what is new, improved, and changed in this update of the most comprehensive WordPress activity log plugin.
Support for configuration of activity log settings on child sites from the MainWP dashboard
The main highlight of this update is support for the new MainWP extension feature that allows MainWP users to configure the child sites’ activity log plugin settings from one central location, the MainWP dashboard.
With this new feature, agencies and other MainWP users can easily standardize the environments and setups, thus saving ample time and money. Basically, users now have the ability to change various settings on the activity log plugins installed on the MainWP child sites with a single click.
To learn more about the new features, head to our latest Activity Log for MainWP announcement.
Activity logs and 404 errors
Also, in this update, we have a sort of breaking change. The WP Activity Log plugin will no longer keep a log of requests to non-existing resources or, as they are better known, 404 errors.
We stopped logging these requests for two reasons:
- Performance: by not having to hook in early into WordPress to keep a log of 404 errors, the plugin is now much faster and simpler to maintain. Also, it has an almost negligible effect on the front end of a website.
- Efficiency: there are many other more efficient ways of keeping a log of these errors. For example, the web server already keeps a record of such errors in the log files. Also, there are a number of plugins that are designed to specifically keep a log of 404 errors. Thus they have much more features that you might need for such a task.
If you would like to still keep a log of 404 errors, please read the article on how to keep a log of 404 errors on your WordPress site.
Other noteworthy updates
Like with every other update, we have also included a number of other updates and bug fixes that are worth mentioning:
- We fixed two SQL injections responsibly reported by WP Deeply (we have an interview with Slavco from WP Deeply coming out soon)
- Plugin now keeps a log of changes to multisite network registration settings with event ID 7012
- Improved the activity log coverage in general, especially in the logins and logouts sensor
This update includes a lot of improvements and is particularly important for Yoast SEO plugin users. From now on, the activity log for Yoast SEO functionality will be available through an extension.
With this change, we are now able to further improve the plugin’s coverage. In fact, this update also means a faster plugin, and, most importantly of all, a comprehensive activity log for Yoast SEO plugin users.
The new Yoast SEO activity log extension
We have made the activity log for Yoast SEO available as a standalone activity log extension because not everyone who uses the WP Activity Log plugin uses Yoast SEO. Also, by transferring the Yoast SEO sensor from the main plugin to an extension, the code works more efficiently, and it will also be easier to improve the log’s coverage and troubleshoot technical problems.
Yoast SEO plugin users who want to keep a log of the changes in the Yoast SEO meta box or in the Yoast SEO plugin have to install the new Activity Log for Yoast SEO extension alongside the WP Activity Log plugin.
In this update, we have also increased the coverage of the changes that the activity log can keep track of. This means that the plugin now keeps a log of many other changes that previously it did not. Here is the list of the new activity log IDs the plugin is using:
- ID 8826: user has enabled/disabled the Redirect Attachment URLs in the Yoast SEO plugin.
- ID 8827: Usage tracking has been enabled/disabled.
- ID 8828: The REST API: head endpoint setting was enabled / disabled.
- ID 8829: The social profile URL was added/modified/deleted.
- ID 8830: User changed the taxonomies settings to show in search results.
- ID 8831: Changed the SEO title template for a taxonomy type.
- ID 8832: Changed the meta description template for a taxonomy type.
- ID 8833: Enabled or disabled the display of Author or Date archives.
- ID 8834: Configured the plugin to show the Author or Date archived in the search results.
- ID 8835: Changed the SEO title template for the Author or Date archive pages.
- ID 8836: Changed the Meta description template for the Author or Date archive pages.
- ID 8837: Enabled / disabled the setting to show SEO settings for specific taxonomy types.
Refer to the complete list of activity log event IDs for more information on which WordPress and Yoast SEO plugin changes can WP Activity Log keep a log of. For more information on the activity log for third-party plugins, check out our activity log extensions page.
Other noteworthy plugin updates & improvements
- Detection of plugin updates via zip file uploads.
- Better activity log & plugin privileges on multisite networks.
- Improver the users sessions’ database connector.
- Migrated all the bbPress code to the activity log extension.
- Fixed a validation security issue in nonces. Issue responsibly reported by Lenon Leite.
BREAKING CHANGES: this update contains a number of breaking changes. Please upgrade to WP Activity Log 4.1.2 before upgrading to version 4.1.3.
We are happy to announce the launch of WP Activity Log 4.1.3. This update is particularly important for WooCommerce users. From this update onward, the activity log for WooCommerce functionality will be available through an extension and won’t be included in the main plugin.
Also, in this update, we have moved the plugin’s settings from a custom table to the WordPress settings table, and we have refactored the plugin’s privileges settings. Let’s dive right in to see everything that is new and improved in this update of the number one activity log plugin for WordPress.
The new WooCommerce activity log extension
WP Activity Log is a WooCommerce users’ favorite. It keeps a detailed log of the changes shop managers and other team members make in the WooCommerce store settings, orders, products, and much more! Up until version 4.1.2, the WooCommerce sensor was included in the plugin.
However, not everyone who uses the WP Activity Log plugin uses WooCommerce. So many plugin users are forced to have extra features without ever using them. To remediate this issue, we have created a WP Activity Log extension for WooCommerce. So to keep a log of the changes that happen on your WooCommerce store with WP Activity Log, you have to add the extension for WooCommerce.
As a result of this change, we will be able to further improve the plugin’s coverage of WooCommerce changes. This change also means a faster plugin, and, most importantly of all, a more detailed activity log for WooCommerce.
The launch of the activity log extension for WooCommerce
With the release of the new WP Activity Log for WooCommerce plugin extension, we have also included a number of new features and improvements:
- Added a number of new events to keep a log of product tag changes in WooCommerce. These are the new event IDs:
- 9101: Created new product tag
- 9102: Deleted a product tag
- 9103: Renamed a product tag
- 9104: Changed the slug of a product tag
- Fixed a number of issues for more detailed and accurate activity logs for WooCommerce.
Refer to activity logs for WooCommerce for more details on how you can keep a detailed log of all the changes you and your teammates do on your WooCommerce-powered eCommerce solution.
Moved the plugin settings to the WordPress options table
As part of our maintenance and improving the performance of the WP Activity Log plugin, we have also moved all the plugin settings to the WordPress options table. Up until version 4.1.2, the plugin settings were stored in a custom table.
This change allowed us to simplify the code base of the plugin. For you, this means that the plugin is now operating quicker on your site.
New plugin & activity log privileges
BREAKING CHANGES: we have improved the way the plugin and activity log privileges work. However, in some edge cases, this can be a breaking change. Please check your privileges settings after upgrading to version 4.1.3.
With the new privileges settings, super administrators can now specify if the administrators on child sites can see the logs of their own sites, and can also specify if super administrators on the multisite network can manage the plugin settings or view the logs only.
For more detailed information on this subject, refer to configuring the plugin and activity log privileges.
The all-new user sessions management module
Up until version 4.0.4, WP Activity Log relied on WordPress to show you who is logged in to your website.
However, this method was slow and had a lot of limitations. WordPress saves the session data in the wp_usermeta table, alongside other user information. So for the plugin to show who is logged in, it had to parse too much data, most of which it did not use. This made the process very slow, and on big websites, it was impossible to retrieve the complete list of logged-in users.
So in this update, we have built an all-new users sessions management feature that uses its own data and does not rely on WordPress data. Even better, the new module maintains the WordPress session data and keeps the database cleaner.
New configurable users sessions policies per role
Since the new users sessions module is much faster, now it is possible to configure users sessions policies per role. You can limit and block multiple users sessions based on their roles.
You can also configure a policy in the plugin to terminate idle users sessions after a certain time based on role.
Breaking change: with the introduction of the new policies, which can be configured differently for different roles, the old configured policies cannot be migrated. So if you are upgrading from an earlier version of the plugin, the previously configured policies will be lost. Please reconfigure them.
Other major improvements in update 4.1
In this update, we have also:
- Added a new setting to configure the log files folder (by default, the plugin saves log files in /wp-uploads/wp-security-audit-log/ ),
- We moved more of the plugin’s settings to the wp_options table, so it can load the settings much faster,
- Removed more obsolete code, which was used for when updating from versions prior to 3.2.3.
Today’s announcement is very different from all the previous ones. We are renaming WP Security Audit Log to WP Activity Log. The plugin’s name change reflects the vision we have for the plugin, as explained in this post.
A bit of history
When we started WP White Security and released the first version of WP Security Audit Log back in 2013, we did not anticipate that our plugin would have such an impact in the WordPress community.
Within a short period of time our plugin became the #1 user-rated WordPress activity log plugin. This positive response is what encouraged us to continue developing the plugin.
Just two years ago, we also started developing other WordPress plugins, all of which are designed to better help you to manage your WordPress sites and users, and keep them secure.
We are always very happy to hear from our customers on how useful our plugins are to them. However, even though we have several different plugins, we have a soft spot for WP Security Audit Log, because it’s our very first plugin.
And today, we are excited to announce that we have renamed it as WP Activity Log. Read more below about why we have decided to rename it.
Why have we renamed the plugin to WP Activity Log?
As the #1 rated activity log plugin in the WordPress repository, we have gradually outgrown the label as being just a security plugin.
Sure, security is still a big element of what the plugin covers and we still focus on it. But it’s not 100% accurate, as the words ‘security plugin’ tend to be focused on defensive security solutions, such as malware detection, fixing vulnerabilities and firewalls.
And we don’t do any of that.
As we add more features and understand what our customers are using them for, we have noticed that they are using the activity logs for:
- Security and forensics
- User productivity
- Users accountability
- Managing ecommerce stores and the team
- Monitoring and managing subscriptions and users’ sessions
- Troubleshooting technical issues
- And much more!
And the core feature that is helping them to do that is naturally the activity log, hence why we wanted to make that clear within our own name too.
Plus, the name ‘security audit log’ is slightly misleading, and it’s a rarely used phrase within the tech and WordPress industry. This makes it difficult for people to understand what is the purpose of the plugin with the original name.
By renaming the plugin, it is now self-explanatory. The renaming will allow us to really focus more on the power of the activity log too. It is not just about security logging, but any type of activity logging, and that’s what we want to emphasize on.
Oh, and our new name is also a lot shorter to say too.
This is just a plugin rename; nothing else was changed.
Apart from changing the name of the plugin, everything is kept the same. The plugin that you are already familiar with (previously known as WP Security Audit Log) still operates in the exact same way, and we are still the most comprehensive activity log plugin available.
And just as important, our core values have not changed. We still strive to provide high-quality plugins, at excellent value and make your job easier when managing WordPress sites and users.
We also didn’t want to make any other changes apart from the name change so that we don’t overwhelm you with multiple changes. Don’t get us wrong, we still have exciting plans for the plugin and new features to add that are designed to make your work even easier.
Support for WooCommerce 4.0
Increased coverage of WooCommerce store & products changes
In this update, we also increased the coverage of the store and product changes store managers do. This means that the plugin now keeps a log of many other changes that previously it did not. Here is the list of the new IDs the plugin is using:
- 9105: The product stock quantity has changed due to an order
- 9085: The WooCommerce setting “Selling location(s)” was changed
- 9086: List of excluded countries to sell to was changed
- 9087: List of countries to sell to was changed
- 9088: The WooCommerce setting “Shipping location(s)” was changed
- 9090: The WooCommerce setting “Default custom location” was changed
- 9091: The “Cart page” in the WooCommerce settings was changed
- 9092: The “Checkout page” in the WooCommerce settings was changed
- 9093: The “My Account page” in the WooCommerce settings was changed
- 9094: The “Terms & conditions page” in the WooCommerce settings was changed
Refer to the WooCommerce activity log event IDs for a complete list of all the WooCommerce store and product changes the plugin can keep a log of.
New bbPress activity logs add-on
Up until WP Activity Log version 4.0.2, the activity logs sensor for bbPress was shipped within the core plugin itself. However, not everyone who uses WP Activity Log also uses bbPress.
So in order to keep the main plugin light, we’ve taken out the bbPress activity log sensor from the main plugin and released it as a bbPress activity log add-on. If you use our WordPress activity log plugin to keep a log of changes on bbPress, upon updating to 4.0.3, install the bbPress activity logs add-on as well.
Note: in future updates of the plugin, we will also remove the WooCommerce and Yoast SEO sensors from the plugin and release them as activity log add-ons. Refer to the page activity logs for third-party plugins for a complete list of which other plugins we support and integrate with.
Breaking change: individual add-ons are no longer supported
In January 2018, we switched from selling multiple individual add-ons to a simpler freemium model; free and premium editions. You can read more about this in our 2018 license change announcement.
We have supported individual add-ons since then, i.e., they still worked with the free version of the plugin. However, we had to stop supporting them in order to continue developing our plugin. The backward compatibility support was holding us back since we had to work with legacy code that is at least 3 years old.
If you are still using the individual add-ons, please contact us so we can assist you with the upgrade.
Other noteworthy highlights in 4.0.3
- Performance enhancement: we started moving the plugin’s settings from our own table to the wp_options table. So far, we moved ten settings.
- The plugin now detects the multiple changes that are done at once (instead of only reporting the latest change).
- We removed the masking on errors in the activity log external database so when there are connection problems, you are notified of the actual error, thus easing troubleshooting.
- Plugin is reported instead of a username in the WordPress activity log when a change is done automatically by a plugin.
Activity logs for WPForms
In my opinion, WPForms is the easiest to use WordPress forms plugin. I like everything about it, including its website and the team that has built it. I really enjoyed working with them; they are very enthusiastic and easy going – Robert Abela, WP White Security.
With the new add-on for WPForms, WP Activity Log can keep a log whenever someone:
- Adds a new form, modifies, duplicates, renames, or deletes it
- Adds a new field in a form, modifies, or deletes it
- Adds, enables, modifies or disables notifications in forms
- Deletes an entry (lead)
and more. For more details on this partnership and this add-on, refer to the activity logs for WPForms.
Activity log add-ons for third-party plugins
We are currently working to enable the plugin to keep a log of changes that happen in many other third-party plugins like we already do with WooCommerce, Yoast SEO, and others.
In order to support many other plugins, yet have a lightweight activity log solution, we introduced the activity log add-ons for third-party plugins. Add-ons are great because we do not have to include all the code in the main plugin. Users can choose which add-on to install, based on their requirements. So if, for example, someone is not using WPForms, they do not have to install the WPForms add-on.
The installer for third-party plugins add-ons
Add-ons can be installed and activated with a single click from the Enable/Disable Events > Third party plugins section. Simply find the add-on of the plugin you want to keep a log of and click the Install Add-On button. Stay tuned as we announce new add-ons later this year!
IMPORTANT NOTICE: In the next releases, we will be migrating the plugin’s sensors for WooCommerce and bbPress as add-ons. If you are using our plugin to keep a log of changes in, for example, the WooCommerce store and products, please follow our news for when we announce the release of the relevant add-ons.
New event type “Renamed”
In WP Activity Log version 4, we introduced Event Types and Objects in the activity log. We added them to make the activity log easier to read. With them you also have more criteria to choose from when searching and using filters, configuring notifications, and generating reports.
With this update, we added a new event type: Renamed. This is used when an object is renamed, such as a post, WooCommerce product, or WPForms form. Event IDs 2123, 2062, 2084, 9077, and 9071 have already been updated to use this new event type.
New events with Renamed event type
Refer to the activity logs metadata for more detailed information on Event Types, Objects and all the other metadata reported in the WordPress activity logs.
Other noteworthy updates
Version 4 was a major update, so naturally version 4.0.1 includes a few followup updates and bug fixes. Here are some of the other improvements that we have included and are also worth a shout:
Updated / improved some of the plugin’s help messages,
Optimized the logged in users view (now it does not retrieve the latest event automatically, so it loads much faster),
Localised the text in JS files,
Started removing some obsolete code (mostly code used for upgrades in older versions)
Fixed an issue in the file
Easier to read yet more detailed WordPress activity logs
This section highlights all the user interface (UI) and user experience (UX) changes we added in version 4 to make the logs easier to read, and to also provide you with a better insight of all that is happening on your WordPress.
New metadata in the activity logs
We have added two new metadata types to the WordPress activity logs: event type and object.
The event type describes the type of activity an activity log event is about. For example when a user logs in to the website, the event type is login. If a user installs a plugin, the event type will be install.
In the object metadata the plugin will report the object the activity log event is about. For example if a user logs in or changes the password, the object will be user. In case of a plugin install, the object will be plugin.
NOTE: upon upgrading to v4 the plugin will not add the event type and object to the older events. Use our activity log data updater plugin to add them.
Improved log message format
Data in point form format is easily scannable, and people can read it in much less time. Therefore we have changed the format of all the log messages to point form so you can get better understand the log in less time.
Now it takes you much less time to parse and understand the activity logs, especially with the addition of the new event type and object metadata types.
More activity log severity levels
In this update, we have also introduced new severity levels. In total, there are now five different ones:
Severity levels indicate the impact a particular change can have on the security, functionality and also performance of the website. An example of a critical severity event is when a user installs a new plugin. Refer to the WordPress activity log severity levels for a detailed explanation of every severity level used in the activity logs.
Improved activity logs granularity (and search filters)
With the introduction of the new event type and object metadata types the activity logs are now more granular.
These metadata types can be used in email and SMS notifications. For example you can use the user object in a notification trigger instead of all the user profile changes event IDs to be alerted whenever there is a change in a user profile.
We have also added the new metadata types as search filters. This means that you can filter your activity log search results using either the event type or the object, or both.
Other notable updates in this version
Like with every other update, we have also included a number of other updates that are worth mentioning, such as:
- A new ergonomic search and filters UI,
- Added several new reference links in the plugin’s help text,
- Updated the Freemius SDK to version 2.3.2,
New filter hooks for plugin users
In this update, we have included three new filter hooks:
- wsal_filter_prevent_deactivation_email_delivery: this filter hook deactivates the email that is automatically sent to the administrator when the plugin is deactivated.
- wsal_filter_deactivation_email_delivery_address: this filter hook can be used to change the email address to where the automated email is sent when the plugin is deactivated.
- wsal_disable_user_switching_plugin_tracking: WP Activity Log keeps a log of changes users make even when switching to another user with the User Switching plugin. You can use this filter hook to disable this and keep a log of the actual user doing the change.
Refer to filter hooks in WP Activity Log for a complete list of all the filter hooks the plugin has.
Better support for custom post types on multisite networks
Up until this update, users could not exclude a child site specific custom post type from the activity logs. However, we have rewritten the code that keeps track of registered custom post types on a multisite network. This means that now you can exclude the monitoring of any custom post type from the activity logs, even if it is just available on a child site in the multisite network.
Other noteworthy updates in this version
In this update, we also have:
- Updated the database queries to support MySQL 8 better
- Fine-tuned the WooCommerce activity log sensor not to report non-relevant events when there are coupon changes
- Added a new setting to toggle the milliseconds in the WordPress activity logs
- Added wsal_ prefix to all cron jobs (standardization of code & elements)
- Updated the activity log custom events API to only require one sensor on a multisite network
Filters and sorting for the Severity column
As shown above, it is now possible to sort the events in your WordPress activity log by the events’ severity. In WP Activity Log Premium you can also filter the activity log view by severity, as shown below.
Until now, in WordPress Activity Log, there are only three different severity levels; Critical, Warning, and Notification. In the upcoming updates, we will include more severity levels, allowing you to have more granularity when filtering and sorting events. We will also write documentation in the plugin’s knowledge base explaining the different levels of severity and how they can help you better understand the logs.
Improved activity log sensors
In this update, we have also improved several activity log sensors so the data in the activity log is more relevant to you. Here are the highlights:
Improved content and post changes sensors: there were cases in which the plugin was keeping a log of trivial automated changes. For example, the plugin kept a log of a draft post date change when something else was updated in the post. Even though such change happens in the background, this is trivial information. There is no need to keep a log of it.
Improved logout detection: the plugin now detects user logouts at a much earlier stage in the process. This allows it to detect user logouts even when other plugins hook into the logout process and include additional functionality. For example, log out and redirect the user to another page.
Better support for the Classic Editor: when a post is published with the Classic Editor, the WP Activity Log was keeping a log of trivial under-the-hood changes. With this update, the plugin only keeps a log of the changes that are relevant to the administrators.
Other noteworthy plugin updates
In update 3.5.1 of the WP Activity Log plugin, we also have:
- Added more help text and links to the plugin knowledge base,
- Improved formatting of daily summary email to better support Microsoft Outlook,
- Fixed some compatibility issues with WordPress 5.4 (thank you Chris Van Patten),
- Updated the plugin to work on the upcoming WordPress 5.3
Individual front-end sensors
The plugin’s front-end sensors keep a log of some activities that happen on the front-end of your WordPress website. Mainly;
- User logins from custom login pages,
- Visitors request a non-existing URLs (404s),
- New users register on your website,
- New prospects make a purchase on your WooCommerce store.
In previous versions of the plugin you could enable or disable these sensors as group. In this update we have segregated the front-end sensors, so you can enable or disable these sensors individually. This give you more flexibility on what features you can enable and disable in the plugin. It also improves the plugin’s performance, i.e. you do not have to load sensors which you do not need.
Improved first-time plugin install plugin wizard
We have also added new slides in the first-time install wizard so customers can configure these sensors when installing the plugin.
Other noteworthy updates
Better WooCommerce activity log coverage: with this update the plugin also keeps a log of stock changes when products’s stocks change because orders are placed manually, or when the number of items in the orders is changed by shop managers.
Support for WooCommerce Tab Manager plugin: when the WooCommerce Tab Manager plugin was installed, the plugin could not retrieve the correct product name. With the WooCommerce sensor update, we have also addressed this issue.
Improved hide plugin feature: the plugin also updates the number of installed plugins when the hide plugin in the plugins page setting, so there are no indications that the WP Activity Log plugin is installed on the website.
(Another) very big and final plugin performance update
In 2019 we set out to improve the plugin’s performance. We have included performance improvements in almost every update we released in 2019. With this update, we continued on what we have done so far this year.
However, we went a step further in this update: we’ve worked closely with Mark Jaquith, one of the five lead WordPress developers, to help us conclude this performance project.
Thanks to his valuable input, this version of the plugin is at least 5.5 times faster than the previous one. Its footprint on a WordPress website is negligible. The following statistic highlights how much the plugin’s performance has improved this year:
Version 3.4.3 is at least 15 times faster and uses just 10% of the resource that version 3.3.1 used!
We compared version 3.4.3 to version 3.3.1 because 3.3.1 was the first update released in the beginning of this year.
Search and reports for MainWP activity logs extension
Soon, we are to release the premium edition of the Activity Logs for MainWP extension. In the premium edition of the MainWP extension, users can search in the activity logs of all the child sites on the network. They can also also generate reports from the child sites activity logs.
Since the premium edition of the MainWP extension depends on WP Activity Log, in this version we have included updates to support this remote functionality.
Other notable plugin improvements
In this version, we have also improved the following:
- WooCommerce activity log coverage (e.g., plugin now keeps a log of product changes done through quick edit)
- Improved the coverage of draft posts (plugin reports the details of draft post changes)
- The plugin also mirrors the IP address of the event when mirroring WordPress logs to Slack
- We shortened the text of the event in the dashboard widget for better readability
- Added the title of the report in HTML reports
30x Faster Database Queries, Search & Filters
Your WordPress activity log is stored in a database. This means that when you view the activity log or filter the views, WordPress retrieves data from the database. By optimizing the database queries, the plugin uses fewer resources and also:
- Browsing the activity log is much faster
- Search results and filters work much faster
- The plugin uses much fewer resources
We are very happy with the optimization results; a search query in an activity log with one million records used to take 350ms. Now it takes less than 1ms!
Improved User Experience (UX)
We are planning a major UX and UI update to the activity log viewer for version 3.5. Though in this version, we focused mostly on minor UX improvements, which together make a big difference:
- MySQL server responses are displayed when the configuration of the external database connection is not correct
- The plugin now shows detailed errors when there are problems with the Twilio integration and sending SMS notifications, allowing admins to troubleshoot easily.
- Added warning message and the plugin is automatically disabled when the plugin is installed on a MainWP dashboard instead of the Activity Log for MainWP
- Several plugin prompts are now responsive and have better text
Import & Export plugin configuration feature
Large businesses are always adding new websites to their web farm, especially WordPress agencies. Whenever they build a new website they also manually configure the WP Activity Log plugin.
However, that is no more! We developed a feature with which you can easily export and import the plugin settings. Now WordPress agencies and other businesses can easily deploy a standard plugin configuration to all the sites they add to their web farm with just a few mouse clicks.
New Hooks for theme developers
The plugin displays warning messages on the login page when you manage and limit users sessions and a user’s session is blocked. However, these messages do not show up on custom login pages.
In this version we have included some new hooks in the activity log plugin that your theme developer can use to display the plugin’s warnings on your custom login page.
Other highlights & improvements3
Also, in this update:
- Option to exclude a range of IP addresses from the activity log
- The Reports for WordPress support more date and time formats
- An updated content sensor that does not log events of legit background processes
- New hook to add logging of hidden custom fields to the activity logs
- Removed hard-coded paths in the WordPress file integrity scanner
Refer to the plugin’s changelog for a complete list of what is new, improved, and fixed in update 3.4.1 of the WP Activity Log plugin.
SMS Notifications In the WordPress Activity Log
The WP Security Audit log plugin has had email notifications since the beginning. Email notifications are good to have. However, they are not instant and as reliable as SMS messages. They tend to slip through your inbox.
SMS notifications are the way to go if you want to be instantly alerted of a change or a user action. If someone logs from an exotic location into your WordPress site outside office hours using an administrator account, you want to be instantly alerted, even if it is the middle of the night. Hence why we added SMS notifications in the plugin.
You can enable any of the built-in notifications or create your own notification criteria to receive SMS messages. The SMS message template is editable, and you can shorten the URLs in the messages with Bit.ly, which is also supported out of the box. The WP Activity Log plugin sends SMS notifications via the Twilio service.
For more detailed information, refer to configuring SMS and email notifications in the WordPress activity log.
Better Coverage Of WordPress Changes
In this release we’ve also focused on improving the coverage of the plugin. Prior to this update, the plugin had somewhat limited coverage of site changes that were not done directly via the WordPress admin pages.
So we enhanced the plugin’s sensors and now the plugin keeps a log of changes done via third party customization. If you are using custom code or applications that automatically apply changes to your site, or you do site changes via them instead of the admin pages, the plugin will keep a log of such changes.
Other Plugin Update Improvements
In this release, we have also included quite a few plugin functionality improvements as well. Here is a high-level overview of what has been improved:
- New event ID 1008 to keep a log of user switching (support for User Switching plugin).
- New event ID 9083 to keep a log of a user’s billing address (WooCommerce).
- New event ID 9084 to keep a log of a user’s shipping address (WooCommerce activity log).
- Added several new pre-configured SMS & Email notifications.
- Optimized the database queries that retrieve the list of logged-in users.
- Optimized some metadata database queries (reduced queries by 75%).
- Removed the limit of five criteria in the notifications trigger builder.
Infinite Scroll in the Log Viewer
Up until this version, you could browse through the events in the WordPress activity log via pagination. However, because of pagination, the plugin had to count all the events in the database every time, which meant the rendering of information was slow and needed additional resources. With the introduction of the infinite scroll, browsing through the activity log is way faster and needs much fewer resources!
Should you wish to switch back to pagination navigation, you can do so from the plugin setting, as explained in the FAQ, switching the WordPress activity log viewer view mode.
Much Faster Search Filters
The other major performance enhancements in this update are in the Search filters. We have improved the database queries the plugin uses to do IP, user and role searches and improved the search performance by more than 600%. Now it takes the plugin just a few seconds to apply a filter and display the results on a database with more than 1,000,000 events.
Mirroring WordPress Activity Logs to Slack
Slack has become really popular with teams. It offers one central source of information about everything that is happening on the networks, applications, and services that users use.
Now, WP Activity Log users can mirror the activity log of WordPress sites to a channel on Slack. Setting up the mirroring of activity logs to Slack is really simple and will only take you two minutes. Also, when configuring the mirroring, you can also configure filters to specify which of the event types should be reported to the Slack channel.
New UI for the External Databases & Services Integration Module
In this update, we gave the UI of the External Databases and Services Integration module a facelift, making it much easier to use. We have also changed the concept of how connections are set up etc. So with the new interface, you can:
- Configure multiple mirroring destinations
- Better manage all the archiving and mirroring connections
- Test the connection status with just a click of a button.
Refer to our Setting up external database and services connections in the WordPress activity log for more detailed information on how these features work.
Mirroring WordPress Activity Logs to a Remote Syslog Server
In previous versions of the plugin, you could only mirror the WordPress activity log to the local syslog, i.e. the one running on the web server where the website is hosted. From this version onward, you can mirror the WordPress activity log to a remote syslog server.
We have also mapped the severity of the WordPress activity log events to the severity levels in syslog, making things much easier and standard.
Improved Users Sessions Management
In this update, we have improved the WordPress users sessions management module, specifically the feature that limits multiple user sessions. WordPress clears users’ session data once every 24 hours, so there were cases where a user’s session expired, yet they were not allowed to log in because there was still session data.
The plugin has now been optimized to handle such situations. The plugin now also checks the session status, so it no longer locks out users whose session is expired.
New Configurable Maximum File Size for File Integrity Scanner
In previous versions of the plugin, the WordPress site file integrity scanner was restricted to only scan files that are smaller than 5MB. From this update onward, WordPress site admins can now configure the maximum file size themselves, giving them more flexibility to scan any files they need.
Major Performance Improvement of the Activity Log Plugin
In this version update, we also worked on a major performance improvement. Now the plugin is more than 50% faster; hence it requires much fewer resources to run. We have also segregated the activity log event IDs used to keep track of activity from non-logged-in users, such as requesting non-existing URLs. By segregating these types of events, you can now disable them altogether, from the Enable / Disable Events section.
Breaking Change – Old Premium Add-Ons No Longer Supported
At the beginning of this year, we switched to a new licensing model. We stopped selling the old premium add-ons and switched to a single premium version. This allowed us to better manage the code and introduce more features. When we announced the new licensing model, we also sent an email to all paying customers with information on how to migrate to the new edition of WP Activity Log. If you still have not migrated, you might encounter problems. If you do, contact us.
In this update, we included several new features and improvements.
Activity Logs for Gutenberg
Comprehensive activity logs is what sets WP Activity Log apart from other activity log plugins for WordPress. And the same value proposition was kept for Gutenberg. So the plugin will not just keep a log that a post has been updated, but it will keep a log of what exactly changed.
Whether you are using the Gutenberg or the Classic editor, the activity log plugin will keep a log of what has changed. So in the activity logs you can see the post content changes the user has done, or if they changed the URL, visibility, status, added tags, changed categories or any other type of post change.
Daily Activity Log Highlights Email from Your WordPress Site
The activity log of a busy WordPress site or multisite network can have thousands of events per day, so it is not possible to get a high level overview of what has happened during the day. So in this new update of WP Activity Log we included a new daily WordPress activity log digest email, which is sent automatically to the administrator.
The email notification can be disabled and the list of recipients can also changed. For more detailed information on this feature refer to the daily activity log digest email from your WordPress sites.
New UI and Settings for Users Sessions Management Module
Since version 2.3 we have been focusing on making WP Activity Log plugin easier to use, so users do not have to be familiar with security and activity logs to use the plugin. So far we have updated all the plugin’s settings, added new help text, developed a new startup wizard and much more.
In this update we have revamped the settings and the UI of the users sessions management features for WordPress. We have changed the settings text and added new help text, making the settings much easier to understand.
Other highlights in this update
In this update of our activity log plugin for WordPress we have also included the following features and updates:
- New admin bar notification with the latest event from the activity log
- Updated the order of the entries in the plugin menu
- Improved the MainWP Child Site Stealth mode in the premium edition
- Improved the WordPress menus sensor (improved coverage and accuracy)
This is a hotfix release, which includes some bug fixes but also a number of improvements that make the plugin easier to use. Here is a highlight of what is included in this version update.
New Activity Log Events
As our commitment to continuously improve the coverage of the WordPress activity log plugin, in this update we included three new events:
- Event ID 6006: user reset the plugin’s settings to default
- Event ID 6033: the WordPress file integrity checks has started or stopped
- Event ID 6034: user has purged the WordPress activity log
Refer to the complete list of WordPress activity log events for more information on what the plugin can keep a record of.
MainWP Child Site Stealth Mode
Since we announced our support and integration with the MainWP WordPress management platform, we have received a lot of good feedback. One thing we’ve learned is that many MainWP users do not necessarily want their clients to see the messages in the activity log because, in most cases, they cannot understand them, thus creating confusion.
To address this issue, we developed the new MainWP Child Site Stealth Mode setting, which is automatically enabled when the plugin is installed on a site on which there is the MainWP Child Site plugin. For more information on how this feature works, refer to What is the MainWP Child Site Stealth Mode setting.
- Added subcategories in the Enable/Disable Events section
- Improved the sensor for the detection of plugins activations and deactivations
- Added response notifications for when old data is purged from the activity log
- Added a pop-up to confirm the chosen log level was applied successfully
Breaking Change – Removed Mcrypt Support
In version 2.6.5 of the plugin, which was released on the 18th of July 2017 we replaced Mcrypt with OpenSSL. We previously used Mcrypt to store the connection details of the external database and other activity log integrations, but replaced it because it was superseded by OpenSSL. Since then we have kept backward compatibility for Mcrypt to give users enough time to migrate to the newer versions of the plugin.
It has been more than a year since we replaced Mcrypt, so in this update we are removing Mcrypt support completely. You should not be affected by this change unless you are using a version of the plugin that is earlier than version 2.6.5. If you are using an earlier version of the plugin, update it to version 188.8.131.52 before updating to this version.
In this plugin update, we focused on making the plugin easier to use and improving the user experience. Version 184.108.40.206 of the WP Activity Log plugin is the first of a number of updates which will focus on improving the user experience. Here is a highlight of what is new and improved in this version.
WordPress activity log plugin startup wizard
When you install the the WP Activity Log plugin you will be greeted with a wizard. It will run you through a few things that you should consider configuring, such as WordPress activity log retention, privileges and more. The wizard will allow you to configure:
- WordPress activity log detail level
- Retention policies for the WordPress activity log
- Privileges for the activity log
- Exclusion rules for the WordPress activity log
WordPress activity log detail levels
The WP Activity Log plugin has the most extensive WordPress activity log in terms of details and coverage. Though we understand that not every WordPress website owner is interested in knowing that a post custom field automatically modified. So we introduced two WordPress activity log detail levels; Basic and Geek.
The Basic level is for those who want to keep a log of generic user activity such as logins, logouts and posts modifications but not of under the hood changes such as custom field changes. In the Geek log level detail the plugin will keep a log of everything it can.
Read the Configuring the WordPress activity log detail level for more information and refer to the complete list of WordPress activity log events for more details on which events are included in which detail level.
New WordPress activity log search filters
As part of our plugin user experience improvements we have added several new search filters to the WordPress activity log. Also, we made the search filters to a more intuitive location, on top of the activity log columns.
Now users can easily use any filter to fine tune their search results. Filters and search terms can also be saved for later use. Refer to the How to search in the WordPress activity log for more details.
New plugin settings pages and help text
We have rearranged and rewritten all the text of all our settings pages. We have also added much more help text and where possible linked the help text to the relevant information in the plugin’s knowledge base.
By explaining in detail all the technical terms the settings can now be easily understood by WordPress user of all levels.
Performance improvement in plugin’s sensors
We have also continued our work on improving the plugin’s performance. In this update we have applied several improvements to the plugin’s sensors logic.
The plugin has a sensor for different type of changes. For example to keep a log of all content changes, the plugin has a dedicated sensor for content. In previous versions, all sensors were being loaded with every user action.
In this update only the sensors that log changes that can be done from the page the user is accessing are loaded, hence the plugin will run faster and consume less resources.
Other plugin updates and improvements
There have been several other updates and enhancements in this version update.
The main highlight of this update is support for MainWP, a WordPress plugin that allows you to manage multiple WordPress installs from one central dashboard. This update also includes several other new features, improvements, and bug fixes, which are highlighted in this post.
Support for MainWP
We are working on a full integration between Main WP and the WP Activity Log plugin, with which users can view the WordPress activity log of all child websites from the central MainWP dashboard. This integration is split in two phases.
In phase one, which we are announcing today, the WP Activity Log plugin will keep a record in the WordPress activity log of any changed done to a website from the MainWP dashboard. In phase two of the partnership, which we will be announcing in the near future, we will release a MainWP add-on that can be used to view the WordPress activity logs of all MainWP child websites from the central MainWP dashboard.
A shout out to Ivica Delic of Freelancers Tools and all our beta testers from the MainWP Users Facebook group who offered to beta test the plugin and this integration.
Buffer for external WordPress activity log database
In this version we introduced a buffer for the WordPress activity log external database. This means that should the external database connection be slow or unavailable, the events will be stored in the WordPress database and sent to the external database once the connection is restored. Therefore if the connection is slow or dropped, the website and its performance are not affected.
Retention settings for archived events in the WordPress activity log
WordPress activity log archiving allows you to archive events that are older than a specific time, so there are not a lot of events stored in the main activity log database. Previously it was not possible to configure WordPress activity log retention when archiving was enabled.
In this version, we introduced retention settings for archived activity log events as well. Therefore when archiving is enabled, the retention settings of the activity log are moved to the archiving settings.
Exclusion of logs of requests to specific non-existing URLs
By default, the WP Activity Log plugin keeps a log in the WordPress activity log when a user or website visitor requests a non-existing URL (404 errors). Such logs allow you to identify automated scans and other forms of possible automated malicious attacks.
Though you may not want to keep a log of all requests to non-existing URLs. For example, if you change the WordPress login page URL the plugin will keep a log of bots requesting such URL, which are useless for you. In such case you can easily exclude the logging of such requests to non-existing URLs from the Exclude options in the plugin’s settings.
In this update of the plugin and the next few ones we will be announcing several performance enhancements. The WP Activity Log plugin is already optimized to run on any type of WordPress and web server configuration without affecting the website’s performance. Though our aim is to reduce even further the resources footprint of the plugin to the lowest possible level while still improving its performance. In this update we have:
- Improved the sensors loading mechanism so sensors for third party plugins that are not installed will not be loaded
- Changed the plugin’s loading scripts so views are only loaded when requested
Stay tuned by subscribing to the WP Activity Log plugin newsletter so you are informed when new updates are released.
Other notable Improvements
In this update of the most comprehensive WordPress activity log plugin, we have also included the following:
- Option to exclude directories from the WordPress file integrity scans
- Updated the 404 detection sensor to use a more accurate source to capture the requested non-existing URLs
- Added a new setting to exclude the changes of automated changed to product stocks in WooCommerce
- Plugin now allows administrators of sites on multisite networks to view who is logged in to their sites
- Updated the exclusion settings to allow users to exclude any post type from the logs, including the default post and page
WordPress website file changes warnings in the WordPress activity log
Most probably this was the most asked for feature – keep a record of any file added, modified or deleted on a WordPress website in the WordPress activity log. The plugin uses three different event IDs to report file changes in the activity log, which are:
- Event ID 6029 to report newly created files,
- Event ID 6028 to report that an existing file was modified,
- Event ID 6030 to report that a file was deleted from the website.
The scanning for website file changes, also known as WordPress file integrity check, is enabled by default and runs once a week. You can configure the scanning frequency and other scan settings from the plugin settings. You do not have to worry about performance because the scanning process is heavily optimized, and on a low spec’d test web server, the plugin can scan up to 21,000 files per minute!
Read the WordPress file changes warnings and file integrity checks in the activity logs for all the technical details on how the WP Activity Log plugin file changes scanning technology works and how you can configure it.
MySQL database connections over SSL & Client Certificates
The External database module in the plugin, which allows you to store the WordPress activity log in an external database, mirror it or archive it now supports SSL and client Certificates. So now you configure a connection with an external database and you can encrypt the communication between your WordPress activity log plugin and the remote MySQL database server.
Other plugin improvements & bug fixes
In this update, we have also made some other improvements and fixed a number of issues reported by our users, whom we’d like to thank for their cooperation.
New Data Inspector for the WordPress activity log
When the WP Activity Log plugin keeps a log of a change, it records a lot of technical details, though most of them are not reported in the WordPress activity log. For example, when a user makes a change in a blog post the plugin records the post type, ID, user session and more.
To view all these details you can use the all new Data Inspector, which we introduced with this version update. In previous versions of the plugin we had a less informative Data Inspector, and was not enabled by default.
Buffer for Alerts when using an external database
When using the WP Activity Log plugin you can store the WordPress activity log in an external database. Though what happens if the external database is not available?
We have developed a buffer so when the external database is not available the website operations are not stopped. Instead the plugin will keep a buffer of the WordPress activity log in the WordPress database. Once the external database is available again the plugin will automatically migrate the alerts from the buffer to the external database.
All of these operations are done automatically and do not require any user interaction, though certainly worth a mention, especially if one of your requirements is high availability!
Other notable highlights for this version update
In this update we have also:
- Converted the HTML WordPress reports template to responsive,
- Improved the support for Ultimate Member Pro and WooCommerce,
- And much more!
The two big highlights of version 3.1.5 of the most comprehensive activity log plugin for WordPress are:
- Detailed activity Log for YOAST SEO plugin
- A new fully blown users sessions management module
This post explains in detail the two new features and what else is improved in this plugin update.
Activity Log for Yoast SEO Plugin
The WP Activity Log plugin can now keep a log of SEO changes users do on posts (post/page/custom post type) and when administrators change the Yoast SEO plugin settings. Let’s dive a bit into the details.
Changes in Yoast SEO Meta Box
If you have used the Yoast SEO plugin before, you are certainly familiar with the SEO metabox shown in the below screenshot.
When a user changes any of the SEO details or settings, the WP Activity Log keeps a record of the change in the WordPress activity log. The plugin keeps a record of what was updated as well. So for example in case the title was changed, it will keep a log of the title change which also includes the old and new title. Below is the list of Alert IDs the plugin uses to keep a record of such changes:
- 8801: Changed the SEO title
- 8802: Modified SEO description
- 8803: Changed the option Allow Search engine to show post in search results
- 8804: Changed the option Search Engine follow links
- 8805: Set the Meta Robots Advanced setting
- 8806: Changed the canonical URL
- 8807: Changed the focus keyword
- 8808: Enabled / disabled the option cornerstone article
Refer to the complete list of all the Alert IDs the WP Activity Log plugin uses to keep a record of what has changed on WordPress for more detailed information.
Changes in Yoast SEO Plugin Settings
The WP Activity Log plugin also keeps a record of the settings changes WordPress administrators do on the Yoast SEO plugin, for example when the home page meta description is changed, or when the XML sitemap is enabled or disabled.
Here is the list of Alert IDs the WP Activity Log plugin uses to keep a record of the Yoast SEO plugin settings changes in the WordPress activity log:
- 8809: Changed title separator
- 8810: Changed the Homepage Title
- 8811: Changed the Homepage Meta description
- 8812: Changed the Knowledge Graph setting
- 8813: Changed the option Show Posts / Pages / Attachments in Search Results
- 8814: Changed the Posts / pages / Attachments title template
- 8815: Changed the SEO Analysis setting
- 8816: changed the Readability analysis setting
- 8817: Change the cornerstone content setting
- 8818: Changed the Text link counter setting
- 8819: Changed XML Sitemaps setting
- 8820: Changed Ryte Integration setting
- 8821: Changed the Admin bar menu setting
- 8822: Changed the Posts / Pages / Attachments meta description template
- 8823: Changed option Date in Snippet Preview for Posts / Pages / Attachments
- 8824: Set the option Yoast SEO Meta Box for Posts / Pages / Attachments to Disabled
- 8825: Changed the setting Security: no advanced settings for authors
Refer to the complete list of all the Alert IDs the WP Activity Log plugin uses to keep a record of what has changed on WordPress for more detailed information.
WordPress Users Sessions Management Module
In this update of the WP Activity Log plugin we also included the fully revamped WordPress Users Sessions Management module, which you can use to:
- Terminate all logged in users sessions with just one click (in case you notice suspicious behavior)
- Limit the number of multiple sessions per WordPress user (ideal for all those subscription websites that want to ensure paid users do not share their login details)
- Automatically terminate idle logged-in WordPress sessions
- Configure logged-in session override settings
- Use text search and search filters to search for logged-in users
- And much more!
Read managing logged-in WordPress users sessions for more detailed information on this powerful module and how to configure it.
Other Improvements & Bug Fixes in this version
We have also added other improvements and bug fixes. For example, now the plugin can also keep a log of automated changes to WooCommerce products’ stock quantities which are done via a plugin or when an order is placed.
Better Support for WordPress Multisite
Prior to this version update of the plugin, sites on a WordPress multisite network were considered as individual sites by the plugin when it comes to licensing etc. So even when purchasing the premium edition of the plugin, administrators had to manually enter and activate the license keys on every individual site on the multisite network.
We have changed all of this In this version – now multisite network administrators can opt-in and opt-out, and activate license keys from a central Account page in the multisite network dashboard, as shown in the below screenshot.
Central account page for all sites on the multisite network
When the premium edition of the plugin is installed on the multisite network, the super administrators can also see the licensing details and activations for every individual site on the multisite network.
Managing plugin site licenses on multisite
Improved Logging of Users & Visitors Comments
In this new version, the plugin uses two different alerts to keep a log of posting of comments on a WordPress website:
- Alert 2099 – Logged in user posted a comment
- Alert 2126 – Website visitor posted a comment
Logging of comments activity in WP Activity Log plugin
Prior to version 3.1.1 the plugin only used alert 2099 to log the posting of comments. Now that these activities have been segregated, websites that have a high volume of visitor comments can still keep a log of comments posted by logged-in users without having their WordPress activity log full of alerts about comments posted by website visitors.
Refer to the list of WordPress activity log alerts for a complete list of changes that the WP Activity Log plugin can keep a log of.
Other Noteworthy Updates in 3.1.1
As usual, we managed to fit in some other updates in this version. Here are a few of them:
- Logging of user role change at the multisite network level
- Improved the content sensor to log multiple content changes done at the same time on a post/page / post with custom post type
- Improved the plugin menu node on multisite network sites
- Post Type selection menu in Email Notifications is not automatically populated on multisite network install so users can specify their custom post type
- Changed severity of alerts 6007 and 6023 (404 errors) from High to Notification
Consolidation of WordPress Content Alerts
The plugin now records the Post Type and Post Status of the content so we could consolidate all the content alerts. Post Type can be a post, page, or any other custom post type you are using. WordPress has a standard list of post statuses, such as draft and published, though custom ones can also be created.
This new functionality means that now we have one alert that covers all post types and statuses instead of individual ones. For example, in the previous versions of the plugin, we had six different alerts to log that a post, page, or post with custom post type were modified:
- 2002: Modified the published post.
- 2003: Modified the draft post.
- 2006: Modified the published page.
- 2007: Modified the draft page.
- 2031: Modified the published post with custom post type.
- 2032: Modified the draft post with custom post type.
In version 3.1 of the WP Activity Log plugin, we have changed this completely. The plugin now just uses one alert to log all of these WordPress changes. For this particular example, the alert is 2002, and the message’s format is:
Modified the %status% %type% titled %post_title%.
So if you modify a draft post titled Joy Division that has a custom post-type movie, the following record will be logged in the WordPress activity log:
Modified the draft movie titled Joy Division.
Below is a screenshot with some of the new content alerts.
Content alerts in the WordPress activity log
This change gives the users more flexibility when it comes to searching for alerts, creating reports or building email notifications, as explained in the next section of this post. Refer to the complete list of WordPress security activity log alerts for a complete list of all the WordPress changes the plugin can keep a log of.
New Search Filters and Improved Reports & Email Notifications
The new content alerts system allowed us to build even more robust premium functionality, giving the users more tools to work with.
New Filters in Audit Log Search
We introduced two new filters in our search, one for Post Type and one for Post Status. Therefore now you can search for logs about draft posts or published posts that have a custom post type cars.
Post Type and Status Filters in Search
Improved Criteria Content Reports
We have included the new Post Type and Post Status as criteria in the new WordPress reports. So in the below example, a report can be generated about all Movies posts that are Private.
Use the Post Type and Post Status criteria in reports to create reports for content of a specific type, or that has a specific state.
Use the Post Type and Post Status criteria in reports to create reports for content of a specific type, or that has a specific state.
New Criteria in Email Notifications Trigger Builder
We have also included the new Post Type and Post Status in the Email Notifications builder. So, for example, you can now create an alert so that every time an entry in the WordPress activity log contains information about a published post with a custom post type Movies you are alerted via email.
Other Notable Changes in Version 3.1
Apart from the big announcement above, we also improved a good number of things in this version of the WP Activity Log plugin. Here is a highlight:
- Improved the priority of the plugin’s hooks so logins from custom forms are captured (e.g. better support for Restrict Content PRO and similar plugins).
- Developed a new fallback system for display names so when users do not have a first and last name configured, the username is displayed.
- Improved the tabs / UI of the Enable/Disable Alerts
- Consolidated Post ID, Page ID and Custom Post ID in just Post ID in Email notifications trigger builder.
- Improved the look & feel of the login page notification (GDPR compliance).
- Improved the UI and queries used for the Users Sessions management.
- Added the IP address requesting the non-existing page in the 404 log files.
New Licensing Model
As announced a few days ago, from version 3.0 onward, we will no longer sell individual add-ons. Instead, the WP Activity Log will be available in four editions:
- Free – as it currently is,
- Starter – includes Email Alerts and Search,
- Professional – includes Email Alerts, Search, Reports, Users Sessions Management, Database Management, and Integrations module,
- Business – the same as the Professional Edition but also with priority support and an account manager.
For more details on the new licensing mechanism, such as when the existing customers will be migrated, read the post; 2018 – New Licensing Model for the WP Activity Log WordPress Plugin. If you have any questions about the new licensing mechanism please do not hesitate to contact us.
Insert table from – https://melapress.com/wordpress-activity-log/releases/
Integration with Freemius
In this release of WP Activity Log plugin, we also included Freemius, which will allow us to provide free trials, better manage our licensing program and accept credit card payments via a new payment gateway, not just PayPal payments.
Freemius will also give us the functionality to better understand our customers and how they are using our plugin, thus helping us in continuously improve the plugin and make sure it meets all of our customers’ requirements.
Note that opting in is optional. Should you choose not to opt-in, the plugin will still work. Also, when you opt-in to send us diagnostic data, NO activity log and user activity are sent to us
Freemius & WP Activity Log
Other Noteworthy Features
Apart from the two big changes above, which took most of the development time for this release, we also managed to fit in some other new features, which are:
- New Alerts for change of WordPress URL (6024) and site URL (6025),
- Fixed a number of coding issues to make the plugin WP Engine compliant,
- Plugin now also captures the status and created date of a post. This data is needed to implement new features in future versions.
- Updated the Italian translation files.
The main highlight of this update is the ability to keep a record of changes done to custom fields created by Advanced Custom Fields (ACF) and similar plugins.
Do note that we also released the new Search 2.0 add-on, with a new UI and functionality. Read the WP Activity Log Search 2.0 release notes for more information.
Logging Capabilities of Custom Fields
Prior to this release, the plugin was only keeping a log of changes done to the built-in custom fields of WordPress in posts, pages and posts with custom post type. Though with this update, it is also able to keep a record in the WordPress activity log when the value of a custom field created by ACF is changed in a post, page, post with custom post type and also user profiles.
In fact, with this update, we also introduced two new alerts:
- Alert 4015: User updated Custom Field in a user profile
- Alert 4016: User created a custom Field in a user profile
Refer to the list of WordPress activity log alerts for a complete list of changes that the WP Activity Log plugin can keep a record of on a WordPress website.
Other Notable Updates
We also included other updates in this version, such as:
- A new option to either show the Username or the First & Last Name of the users in the WordPress Audit Trial.
- Changed the naming format and location of 404 error log files. For more information refer to the logging of 404 errors with WP Activity Log. Note: we changed the naming format because there were security issues with the format we were using before. Thank you Enable Security for the proof of concept and help with this issue.
- We also added a new Tooltip functionality to filter all alerts by IP Address, as shown in the below screenshot.
Improved Monitoring of 404 HTTP Errors
WP Activity Log now has two different alerts to keep a record of 404 HTTP errors in the WordPress activity log, which are generated when someone sends a request to a non-existing page. It has:
- Alert 6007, which is used to record 404 HTTP errors generated by logged-in users
- Alert 6023, which is used to record 404 HTTP errors generated by non-logged-in/anonymous users
The segregation of the reporting of 404 HTTP errors allows you to be more specific when configuring WordPress email notifications or when trying to track down a specific problem or suspicious behavior. It is also possible to configure logging options for both of the alerts.
Updated Encryption Mechanism
The plugin used Mcrypt encryption mechanism to encrypt the passwords of the databases used for the external database and also the archiving and mirroring of the activity log alerts. Since Mcrypt is depreciated in PHP7, we changed it to OpenSSL. Note that the Mcrypt module will still be used in the plugin to convert the old configured passwords and will be removed completely in future updates.
Other Notable Changes in WP Activity Log 220.127.116.11
The other notable changes we have included in this update are:
- We removed the wsal_wp_cookie completely and instead are not using LocalStorage. The cookie was being used to store which database was being used when archiving was enabled
- We improved the reporting of alert 4014, which previously was being reported even when a user was updating another WordPress user’s profile and the profile page is refreshed
- We also introduced the new Alert 1007, which is now being used to report that a user logged out another WordPress user’s session from the Users Sessions Management add-on. Please refer to the list of WordPress activity log alert IDs for a complete list of the WordPress changes that the plugin can keep track of
Monitoring of WordPress Website Site-Wide Settings
This update’s main focus was to improve the monitoring of the site-wide comments settings of a WordPress website, including the settings of sites on a WordPress multisite installation. Below is a list of Alert IDs that the plugin will use to keep a record of such changes in the WordPress activity log:
- Alert 6008: User enabled / disabled the option Discourage search engines from indexing this site.
- Alert 6009: User enabled / disabled comments on the website.
- Alert 6010: User enabled / disabled the option Comment author must fill out name and email.
- Alert 6011: User enabled / disabled the option Users must be logged in and registered to comment.
- Alert 6012: User enabled / disabled the option to automatically close comments after a number of days.
- Alert 6013: User changed the value of the option automatically close comments after a number of days.
- Alert 6014: User enabled / disabled the option for comments to be manually approved.
- Alert 6015: User enabled / disabled the option for an author to have previously approved comments for the comments to appear.
- Alert 6016: User changed the number of links a comment must have to be held in the queue.
- Alert 6017: User modified the list of keywords for comments moderation.
- Alert 6018: User modified the list of keywords for comments blacklisting.
Monitoring of Post Specific Comments, Pingbank and Trackback Settings
In this update, we are also including monitoring capabilities of the Pingback and Trackback settings in posts. Below is a list of alerts the plugin will use to keep a record of such changes in the WordPress audit trial:
- Alert 2111: User disabled Comments/Trackbacks and Pingbacks on a published post.
- Alert 2112: User enabled comments/Trackbacks and Pingbacks on a published post.
- Alert 2113: User disabled Comments / Trackbacks and Pingbacks on a draft post.
- Alert 2114: User enabled comments / Trackbacks and Pingbacks on a draft post.
- Alert 2115: User disabled Comments / Trackbacks and Pingbacks on a published page.
- Alert 2116: User enabled comments / Trackbacks and Pingbacks on a published page.
- Alert 2117: User disabled Comments / Trackbacks and Pingbacks on a draft page.
- Alert 2118: User enabled comments / Trackbacks and Pingbacks on a draft page.
Monitoring Capabilities of Other Changes on Your WordPress Website
We also managed to include the monitoring of the following changes:
- Alert 1006: User logged out all other sessions with the same username
- Alert 4014: User opened the profile page of another user
WP Activity Log Plugin Improvements
In this update, we also applied a few plugin improvements, which are listed below:
- We organized the list of alerts using categories and subcategories, hence now it is easier for you to find a specific alert.
The list of the WordPress activity log alerts is split into categories
- URLs are now reported in full in the WordPress activity log (previously, they were truncated).
- When the logging of requests to non-existing pages (404s) is disabled, the alert will not contain a link to a log file that does not exist.
- Added additional checks when using the function wp_sessions_register_garbage_collection to ensure there are no clashes with other plugins.
Reports, Search, and Users Sessions Management Add-On Updates
Since in this update of WP Activity Log we changed the way alerts are organized, we also released an update for the below list of add-ons. Therefore upon updating the plugin, update the add-ons below, else they might not function properly:
- Reports Add-On
- Search Add-On
- Users Sessions Management Add-On
We are excited to announce version 2.5.9 of the WP Activity Log WordPress plugin, and version 2.0 of the External DB premium add-on. We have really put in a lot of work in these versions, and finally, you can mirror the WordPress activity log to Syslog and Papertrail, the cloud-hosting log management system.
Here is an overview of what is new and improved in these version updates of both the plugin and its External DB add-on.
Mirroring of the WordPress Audit Trail to Papertrail and Syslog
With the new version of the External DB add-on you can mirror the WordPress activity log to Papertrial, Syslog or even an external MySQL database. There are a number of advantages you can benefit from when mirroring the activity log, such as:
- Meet regulatory compliance requirements
- Centralize logging
- Ensure the WordPress activity log is not tampered with (even in case of a hack)
- Ensure the WordPress activity log is always available, even when the website is down
Read the below FAQs for more information on how to configure mirroring of the WordPress activity log to any of the supported solutions:
Archiving of the WordPress Audit Trail
Some of the WordPress websites WP Activity Log is installed on are multisite, and they run thousands of websites. Typically such a setup generates thousands of alerts in the WordPress activity log on a daily basis. Such quantity of data can slow down the reading and writing to the database. Now you can use the Archiving feature in the External DB add-on to keep the WordPress activity log database small, manageable, and fast.
Once you configure the archiving of the WordPress activity log alerts, you can still see the archived alerts in the activity log viewer by using the drop-down menu to select the database.
You can also use the Search feature to search through the alerts in the archiving database and the Reports to generate reports from it, as explained in this FAQ about the archiving of WordPress activity log alerts.
In this update, we standardized the date and time formats the plugin and all the add-ons use, and also the time zone.
With this update, the WordPress activity log of WP Activity Log can now be used by businesses, government agencies, and similar organizations as an official record to adhere with today’s strict compliance requirements.
Time & Date Format in the WordPress Audit Trail
The date and time format used to time stamp the alerts in the WordPress activity log will now have the same format as configured in your WordPress website. Therefore if for example the date and time formats on your WordPress are configured as mm-dd-yyyy and as AM/PM time format, the time stamps used in the WordPress activity log will be with the same format as per the screenshot below.
Time and Date Format in WP Activity Log Premium Add-Ons
The same update applies to all the premium add-ons, so if you have any of them installed you will be prompted to update them. In short, with this update:
- All the timestamps in the email alerts generated by the Email Notifications Add-On will use the same date and time format, and time zone configured in WordPress.
- All the WordPress reports changes generated with the Reports Add-On will use the date and time format, and time zone configured in WordPress.
- All the logged in and expiration times reported in the Users Sessions Management Add-On will use the same date and time format, and time zone configured in WordPress.
- All the input fields that require a date or time, such as the filters in the Search Add-On now have a help text that shows which format should be used when entering the date or time.
Other Updates and Improvements
With this update we also applied some improvements to the custom alerts. Please read the updated documentation on how to create your own custom alerts for WP Activity Log for more detailed information on how you can create your own custom alerts.
And last but not least, we fixed some issues reported in the plugin’s support forums and changed the extension of the request log file to php, so it cannot be downloaded directly via a normal HTTP GET request.
Create Your Own Custom Alerts
Would you like to monitor changes of something specific on your WordPress that the plugin does not? Maybe monitor the changes on a custom WordPress solution or changes on a third-party plugin? In this version, we released a new hook that allows you to do just that. Refer to the Create custom alerts in the WordPress activity log document for more information.
Monitoring Changes in WordPress Menus
In this version, we also introduced new alerts to keep a record of all WordPress menu changes done from both the WordPress admin pages and the customizer. Here is a list of new WordPress menu alerts:
- Alert 2078: User created a new menu
- Alert 2079: User added objects to the menu
- Alert 2080: User removed objects from the menu
- Alert 2081: User deleted a menu
- Alert 2082: User changed the settings of a menu
- Alert 2083: User modified the content in a menu
- Alert 2084: User changed the name of a menu
- Alert 2085: User changed the order of the objects in a menu
Keeping Track of Scheduled Posts, Pages, and Custom Post Types
In version 2.4 of WP Activity Log, we also added the below alerts, allowing you to also keep a record when a WordPress user schedules a post, page, or custom post type:
- Alert 2074: User scheduled a post for publishing
- Alert 2075: User scheduled a page for publishing
- Alert 2076: User scheduled a custom post type for publishing
Refer to the complete list of WordPress security alerts for more information about every WordPress change WP Activity Log can keep track of in the activity log.
Other Improvements and Bug Fixes in this release
In this new version of WP Activity Log, we also fixed an issue where the automatic pruning of Alerts was not working in an out-of-the-box installation. For a detailed list of what is new and fixed in this version, please refer to the plugin’s changelog.
Support for External DB Add-on
With version 2.1, we are also releasing the all-new External DB Add-on. This add-on enables you to save the WordPress activity log in an external database rather than the default WordPress database. By storing the activity log in an external database, you ensure the WordPress activity log is not tampered with, even in case of a hack attack. You also improve the performance of your WordPress and also ensure your business WordPress website meets today’s strict regulatory compliance requirements.
Get All the Information about a Recorded IP Address with One Click
When a WordPress change is recorded by the plugin, the date and time when the change happened, the username and the role of who did the change, and the source IP address of the user are all recorded. We integrated the plugin with WhatIsMyIPAddress.com so you can get more information about the IP address of the user, such as the ISP hosting it, the country of origin, and other geolocation information with a simple click.
The IP Address in a WordPress Security Alert can be clicked for more information about that IP
As seen in the screenshot above, the source IP address of the user is now linked, and upon clicking on it, you will be redirected to the WhatIsMyIPAddress.com website, where you can find all the information you need about that IP.
WhatIsMyIP.com provides users with all the details they need about a particular IP Address
Ability To Exclude IP Addresses from Logging
We do not recommend excluding anything from the monitoring and auditing of WordPress though if you really need to, you can now also exclude an IP address from the monitoring.
Exclude an IP Address from being monitored by the WordPress plugin WP Security Audit Log
To exclude an IP address, navigate to the plugin’s settings page, and in the Exclude Objects tab, specify the IP address you want to exclude in the Excluded IP Addresses input field and click Add. Once ready, click Save to save all the changes.
Option to Hide Specific Columns in the Audit Log
Select the columns you would like to see in the WordPress Audit Log Viewer
By default, the Audit Log Viewer, from where you can see all the WordPress security alerts captured by the WP Activity Log plugin, has the following columns; Alert ID, Type, Date (and time), Username, Source IP, and Message. In a multisite environment, the Site column is also included in the Audit Log Viewer to differentiate the alerts by site. In this new version, it is possible to specify which of the columns should be shown or not. Untick any of the columns you would like to hide from the new option Audit Log Columns Selection in the WP Activity Log plugin settings.
Option to Disable WordPress Background Tasks
WordPress has a number of background tasks which are reported by WP Activity Log plugin, such as the deletion of auto draft posts. If you do not want the plugin to record and report such WordPress background activity, tick the new option Disable Alerts for WordPress Background Activity on the plugin’s settings page.
Other Changes and Bug Fixes in Version 2.1
For more information about the changes and bug fixes in this version of WP Activity Log refer to the plugin’s changelog on the WordPress repository.
New WordPress Database Connector
In this version of WP Activity Log, the plugin that allows you to monitor WordPress users and their productivity, we built a new database connector that allows faster and more efficient plugin to WordPress database communication. The new WordPress database connector will also allow us to add much more new features through the add-ons, such as support for an external database.
In fact, at the moment, we are working on a new premium add-on that will allow you to save the WordPress Audit Log, to an external database. By hosting the activity log of your WordPress in another database, you improve the security of your WordPress, reduce the chances of having the activity log tampered and as well improve the website’s performance.
Other Features Highlights for WP Activity Log 2.0
Option to Change Time Format of Alerts
It is now possible to select the time format reported for each alert from the plugin’s settings page. Therefore the time stamp for each alert can be displayed in 24-hour format or in 12-hour format (AM/PM), as seen in the below screenshots.
24 Hours Format
WordPress Security Alert 24-Hour time format
12 Hours Format
WordPress Security Alert 12-Hour time format (AM/PM)
Ability to Sort Alerts in Audit Log Viewer
In this version, it is also possible to sort the logs in the Audit Log viewer by Code, Date & Time, and Source IP address. To sort the logs click on the column’s title in the activity log viewer. In the below screenshot, the logs are sorted by Alert Code.
The WordPress security alerts are sorted by code in this example
Bug fixes in this version
- Fixed an issue where the role of a Super Administrator was not reported when it was logged in to a site on the WordPress multisite network.
- Fixed an issue where a user tried to change the password from the profile page, and alert 4003 was generated even though the password confirmation failed.
- Fixed an issue where a WordPress administrator tried to change a WordPress user’s password, and alert 4004 was generated even though the password confirmation failed.
- Fixed some formatting/display issues in the Audit Log Viewer (such as spacing and wrapping of text in the Date & Time column).
- Fixed an issue where multiple plugins were updated at the same time using the Update option in the drop-down menu, and no alert was being generated.
Exclude WordPress Users and Roles from User Monitoring
From this version of WP Activity Log onwards, you can exclude WordPress users or roles from monitoring. To exclude users, it is very simple; navigate to the plugin’s settings, and in the Excluded Objects tab, specify the users or/and roles you would like to exclude from monitoring, as shown in the below screenshot.
Once you exclude a user or role, any change the excluded user does will not be logged in the WordPress activity log. We are not exactly fans of excluding objects, ideally everything should be logged. Though the option is still there for anyone who might need it.
Exclude Specific Custom Fields from WordPress Monitoring
By default, WP Activity Log keeps track and logs all of the custom field changes in blog posts, WordPress pages, and also in custom post types. Although this is a very handy feature for many, some plugins update custom fields each time a visitor accesses a post; hence the WordPress activity log is polluted with the same alerts.
From this version onwards, you can now exclude the monitoring of specific custom fields. There are two ways how to exclude custom fields from WordPress monitoring:
Manually Exclude Custom Fields in the Plugin’s Settings
Similar to excluding a user or role, click on Excluded Objects in the plugin’s settings and specify the custom fields you would like to exclude.
Exclude Custom Fields From Audit Log Viewer
You can also exclude a custom field from being monitored by the WP Activity Log plugin from the WordPress security alert itself in the Audit Log viewer. As seen in the screenshot below, in a custom field WordPress security alert, you can exclude the custom fields from monitoring. Just click the link, and it will be excluded.
Once a custom field is excluded from monitoring, any changes applied to that custom field will no longer be logged in the WordPress security activity log.
New Plugin Settings Table
In version 1.5 of WP Activity Log, we also introduced a new table in the WordPress database called wp_wsal_options (wp_ is the WordPress database prefix. If you changed your WordPress database prefix, it will be the same as your database prefix). This table will be used to store all of the plugin’s settings.
The plugin’s functionality is growing, and with time we are introducing more options; hence it makes more sense to centralize all of the plugin’s options in one central table.
Accurate Monitoring of Failed WordPress Logins
By monitoring WordPress failed logins, you can take the necessary evasive action at an early stage, thus avoiding any of your WordPress users being hacked. In version 1.4 of WP Activity Log, the plugin reports for which WordPress username there are failed logins, thus allowing you to know which WordPress username might be under attack, as shown in the below screenshot.
If there is a failed login for a non-existing WordPress username, Alert 1003 is generated, as shown in the below screenshot.
Refer to the complete list of WordPress security alerts for more information about each alert.
Email Alerts for Failed WordPress Administrator Logins
You can use the Email Notifications premium add-on to configure email alerts for when there are failed logins for the WordPress administrator or any other user for that matter. As seen in the below screenshot, I configured a new trigger to send me an email notification each time Alert 1002 (failed login) is generated, and the user has an administrator role.
Other Plugin Improvements for Version 18.104.22.168
New Translation – Romanian
WP Activity Log is now available in Romanian thanks to Artmotion secure services.
IP Address Validation Checks
We also improved the IP validation checks. From now onwards, if the IP address validation check fails, the plugin reports “incorrect format” rather than “unknown”. This functionality will help us troubleshoot IP address retrieval issues.
Alert Pruning Options Configured Upon Plugin Activation
The WordPress security alerts pruning options are now configured in the WordPress database upon activation. Previously they were only saved once the user saves the setting page, hence creating some problems.
Plugin Removes Database Tables Upon Uninstallation
We included a new option in the plugin settings so that when enabled, the WordPress database tables the plugin creates are deleted upon uninstallation.
Plugin Automatically Retrieves Originating WordPress User IP Address
WP Activity Log is being used by a good number of large organizations, which typically have their WordPress website installed behind a reverse proxy, a web application firewall, or even behind load balancers. In this update, we included a new option that, if enabled, the WP Activity Log plugin will automatically retrieve and record the originating IP address of the WordPress user. WP Activity Log is retrieving the IP address from a number of HTTP headers, as explained in How WP Activity Log Retrieves Originating WordPress User IP Address.
Removed the Sandbox from WP Activity Log
Earlier this year, we introduced the Sandbox in WP Activity Log. The scope of the sandbox was to allow WordPress developers directly interact with the WordPress database and also execute code for troubleshooting purposes. Considering how powerful the sandbox is and how it can be misused, we removed it from the plugin completely. Should you wish to use the sandbox, contact us so we can provide you with the extension.
Other Improvements and Bug Fixes in WP Activity Log 1.3.2
In this version of WP Activity Log, we also addressed some bugs. Refer to the WP Activity Log change log on the WordPress repository for more detailed information on what is new in this version.
In this version, we included a few updates, improvements, and fixes that allow the plugin to work better on large WordPress installations and enable administrators to have more control over who can access the plugin.
Much Faster Log Viewer
We have completely rewritten the way the Audit Log Viewer retrieves WordPress security alerts from the WordPress database; we made it more efficient so it will be much faster, and it consumes fewer resources. Therefore when you open the Audit Log Viewer to see the activity on your WordPress, you will be able to see the WordPress security alerts instantly without any overheads on the web server and its resources.
If you monitor a small WordPress blog or website where only a few WordPress security alerts are generated, most probably, you won’t notice a difference. But if you own a large WordPress multisite installation, you will definitely notice a difference in both the resource usage and performance of the plugin itself.
Restrict Administrator Access to Plugin Settings
When WP Activity Log is installed on a WordPress blog or website, all the administrators can view the WordPress security alerts and manage the plugin from its menu. When installed on a WordPress multisite, by default, all super administrators on that network can view the WordPress security alerts and manage the plugin while the site administrators can view the WordPress security alerts of their site, as explained in WP Activity Log plugin features for WordPress multisite.
Though this is not always what WordPress administrators want, especially in large implementations of WordPress. Hence we introduced a few new settings that allow you to specify who can access the WordPress activity log and even configure who can change the settings in the WP Activity Log.
New WP Activity Log Menu Position
Many WordPress administrators access the Audit Log Viewer on a frequent basis to keep an eye on the activity of their WordPress. Though sometimes, especially in a WordPress multisite environment where lot of plugins are typically installed, the Audit Log Viewer is not so easily accessible. So we moved the WP Activity Log plugin menu Audit Log exactly underneath the Dashboard in the WordPress administrator pages, thus making it easily accessible.
For a quick overview of the latest changes on WordPress, administrators can also refer to the dashboard widget, which shows the five latest critical alerts in the dashboard, as soon as you log in to WordPress.
WP Activity Log Plugin Change Log
We also implemented several other minor fixes to the plugin in this release. For more details about what was fixed in this version of WP Activity Log, refer to the WP Activity Log change log on the WordPress repository.
This version of the plugin ships with an improved database structure which allows better and more efficient monitoring of large WordPress and WordPress multisite websites with high traffic.
More Robust Database Structure & Better Monitoring
Lately, we received some support tickets related to the database structure and performance of the plugin, especially when running on very busy WordPress and WordPress multisite websites. We have taken action upon these support requests and addressed the issue by building a more robust database structure for the plugin that allows it to work much better and more efficiently on high-traffic WordPress websites.
Improved Settings Page
We also noticed that many users were enabling the developer options, hence if they had a theme, plugin, or any other WordPress component that was generating errors, the plugin was generating large numbers of alerts, thus increasing the load on the WordPress database.
Therefore we have moved the developer options behind a link and added a warning that developer options should only be enabled on testing, staging, and development websites and not on live websites. During the plugin update process, such options will also be disabled.
WP Activity Log Plugin Available in German
WP Activity Log is now also available in German, thanks to Mourad Louha.
This is a minor release in which we addressed a number of bug fixes reported to us via email and enabled the translations on the plugin. WP Activity Log is already available in Italian thanks to Leonardo Musumeci.
Unlimited Alerts & Optional Auto Pruning Options
In previous versions of WP Activity Log, administrators could store up to 5000 alerts. In this new version of the plugin, administrators can keep as many alerts as they like. The alerts auto pruning options in the new version can also be enabled or disabled as desired.
WordPress security alerts pruning options in WP Activity Log
More Accurate Alert Timestamps
The WordPress security alert timestamps in this new version of WP Activity Log will also include the milliseconds, as highlighted in the below screenshot.
Timestamp in WordPress Security Alerts
Hide Plugin from WordPress Plugins Page
Administrators can now hide the WP Activity Log plugin from the WordPress plugins page from the plugin’s settings. This feature comes in handy should the WordPress site be hacked; if a malicious user manages to gain access to the admin dashboard, he cannot see the enabled plugin and disable it; hence malicious activity will still be recorded and logged.
Multisite Auto Complete Site Search
If there are more than 15 sites enabled on a WordPress multisite installation, the site selection drop-down menu is replaced with an auto-complete site search box for a more practical site selection. Read the documentation WP Activity Log WordPress Multisite Features for more details about WordPress multisite support and features.
New WordPress Security Alerts
Like in every other version, in this new version, we introduced a number of WordPress security alerts that enhance the security monitoring of WordPress and WordPress multisite blogs and websites. The new alerts introduced in this version of the plugin are:
- Alert 5007: User uninstalled (deleted) a WordPress theme
- Alert 5008: Super administrator network activated a WordPress theme in multisite
- Alert 5009: Super administrator network deactivated a WordPress theme in multisite
For a complete list of WordPress security alerts and WordPress activity that WP Activity Log can monitor and keep an audit of, refer to the Complete List of WordPress Security Alerts.
- The user avatar is shown in the alert allowing administrators to easily recognize users
- The user role is reported in the WordPress security alert so administrators can get a better overview of all of the users’ activity
- The username in the alerts is clickable, allowing WordPress administrators to easily access the user’s profile should they need to
- New alert is generated when a user uses the file editor to modify a plugin file. The alert will report both the file name and location of the changed file, making it easy to track back any source code changes
- PHP version checker; if the plugin is installed on a system running a version of PHP is older than 5.3 the plugin will notify the user and won’t install.
Audit Log Viewer displaying WordPress users’ roles and avatars
New WordPress Security Alert
Alert 2051: User changed a plugin file using the plugin editor
For a complete list of WordPress security alerts and WordPress activity that WP Activity Log can monitor and keep an audit of, refer to the Complete List of WordPress Security Alerts.
Fixed the wrapping problem in the alerts dashboard widget
Plugin Upgrade & Release Notes
1. With the release of version 1.0 of WP Activity Log, we changed the database tables and structure. This allows the plugin to work more efficiently and allows us to better scale the plugin. During this upgrade, the old tables used in version 0.6.3 were not deleted. Therefore if you successfully upgraded to version 1.0 or later versions, such as this one, delete the following tables from your WordPress database:
2. Since version 1.0 of WP Activity Log, we started supporting PHP 5.3 and more recent versions only. There are a number of reasons from the development and security point of view why we only support installations that are using PHP version 5.3 or later, but in simple terms, if PHP themselves are no longer supporting anything older than version 5.3, neither are we.
WordPress Security Monitoring Just Got More Robust and Better
We have learned a lot since we launched the first version of the WP Activity Log plugin nine months ago, and we decided to put what we have learned into practise. Version 1.0 of WP Activity Log is a complete rewrite of the plugin. Version 1.0 is much more stable and robust when compared to its predecessors. Version 1.0 also allows us to scale the plugin much better, so expect a number of new and cool features in the near future, such as searching, filtering, alerting, and reporting.
Granular WordPress Monitoring and Detailed Security Alerts
With this new version of WP Activity Log, we take WordPress monitoring to the next level. Unlike other WordPress monitoring plugins, WP Activity Log reports extensive details in the WordPress alerts. For example, while other plugins will alert you that a page was changed, WP Activity Log will alert you about what was changed in the page, such as the author, date, template, and much more. Such details are really important, especially if you need to trace back suspicious behavior or a malicious WordPress hack attack.
Monitor Themes and Plugin File Code Changes
Version 1 of WP Activity Log keeps a record of who is using the WordPress in-built editor to modify theme and plugin files. The modified filename will also be reported so you can easily track down any website breakdowns, plugin or theme code modifications, malicious code injection, and other similar WordPress hacks.
Monitor WordPress Settings
WordPress security alerts will be generated when WordPress is updated or when the WordPress permalinks are changed. WP Activity Log also monitors several other WordPress settings changes, as explained in WordPress Settings and System Security Alerts.
Monitor WordPress Themes
In this new version of WP Activity Log, WordPress administrators can also monitor the WordPress themes; WordPress security alerts are generated when a new theme is installed or when a theme is activated on WordPress.
Granular Monitoring of WordPress Pages
An alert advising you that a WordPress page was modified is not enough. The new version of WP Activity Log alerts WordPress administrators even when a page’s template or parent is changed.
For more detailed information about WordPress pages monitoring alerts, refer to the WordPress Pages Activity Security Alerts KB document.
New Audit Log Viewer
The Audit Log Viewer has also been revamped. It will auto-refresh upon new activity; hence administrators do not have to click the refresh button to view the latest alerts generated by the latest activity.
Audit Log Viewer in WordPress user monitoring plugin
New Developer Tools
The new version of the WordPress monitoring plugin is also shipped with a number of new developer tools which allow WordPress developers and administrators to get more information about the alerts, monitor and get alerted of WordPress and PHP errors and much more.
WordPress Security Alert Data Inspector
Once enabled from the settings, the Alert Data Inspector allows developers and administrators to see more detailed information about each alert generated by the plugin, such as the user-agent string, the user ID, and more, as seen in the below screenshot.
WordPress Security Alert Data Inspector
By enabling the developer option PHP errors from the plugin settings, WP Activity Log will also generate an alert about all the PHP errors, warnings, notices, exceptions, and shutdowns. Such features come in handy for anyone developing a theme, plugin, or other extension on WordPress. A screenshot of a PHP shutdown alert is shown below.
PHP Error reported in WP Activity Log
Enable the Request Log from the plugin settings to log all the HTTP GET and POST responses sent to your WordPress and WordPress multisite websites to a log file. The log file Request.log.php is created in the plugin directory and is using a PHP extension for security reasons; if someone guesses the log file name, it cannot be downloaded like a normal log file, thus exposing sensitive details about the WordPress blog or site.
List of New WordPress Security Alerts Introduced in this Version
Below is a list of new WordPress security alerts that are generated by the plugin when such activity is noticed:
- Alert 2046: User modified a file using the editor
- Alert 2047: User changed parent of page
- Alert 2048: User changed template of page
- Alert 2049: User set post as sticky
- Alert 2050: User removed post from Sticky
- Alert 5005: User installed a new theme
- Alert 5006: User activated a theme
- Alert 6004: User upgraded WordPress
- Alert 6005: User changed the WordPress permalinks
As explained in the previous section, the new version of WP Activity Log can also monitor PHP activity and errors, thus making it a handy tool for WordPress developers. Below is a list of alerts that monitor PHP errors:
- Alert 0000: Unknown error
- Alert 0001: PHP error
- Alert 0002: PHP warning
- Alert 0003: PHP notice
- Alert 0004: PHP exception
- Alert 0005: PHP shutdown error
For a complete list of WordPress security alerts and WordPress activity that WP Activity Log can monitor and keep an audit of, refer to the Complete List of WordPress Security Alerts.
Support for Custom Post Types
The new version of WP Activity Log supports custom post types; WordPress administrators can now monitor all activity of posts with custom post types, for example, who created new ones or modified and deleted existing ones.
Enable, and Disable WordPress Security Alerts
WP Activity Log version 0.4 also allows WordPress administrators to switch on or off specific WordPress security alerts. For example, if the administrator does not want to be alerted via the Audit Log Viewer when another WordPress administrator upgrades a WordPress plugin, the administrator can disable the WordPress security alert from the new plugin’s node Enable/Disable Alerts.
Translate WP Activity Log Plugin
The new version of WP Activity Log supports translations. If you are interested in contributing a translation, drop us an email at email@example.com.
New WordPress Security Alerts for Custom Post Types
WP Activity Log plugin is now able to generate and log a security alert in the Audit Log Viewer when any of the below actions related to posts with custom post types happen on your WordPress installation:
A new post with a custom post type is created and saved as draft (Alert 2029)
- A new post with a custom post type is published (Alert 2030)
- A published post with a custom post type is modified (Alert 2031)
- A draft post with a custom post type is modified (Alert 2032)
- A post with a custom post type is permanently deleted (Alert 2033)
- A post with a custom post type is moved to trash (Alert 2034)
- A post with a custom post type is restored from trash (Alert 2035)
- The category (or categories) of a post with a custom post type is changed (Alert 2036)
- The URL of a post with a custom post type is changed (Alert 2037)
- The author of a post with a custom post type is changed (Alert 2038)
- The status of a post with a custom post type is changed (Alert 2039)
- The visibility of a post with a custom post type is changed (Alert 2040)
- The date of a post with a custom post type is changed (Alert 2041)
Other WP Activity Log Plugin Improvements
WP Activity Log version 0.4 also includes the following improvements:
- Updated the Settings page to use the standard WordPress format and improve the ease of use.
- Updated the Audit Log Viewer to support further resolutions, especially those of tables (iPad, etc) and phones.
- A new Security Alerts widget that displays the latest 5 WordPress security alerts is added to the WordPress dashboard. The WordPress administrator can switch it on or off from the plugin’s settings page.
- Improved the upgrade functionality for a smoother (less problematic) upgrade of the WP Activity Log plugin.
New WordPress Security Alerts
WP Activity Log plugin will now generate and log a security alert when any of the below actions take place on your WordPress:
- The Anyone can Register option in WordPress settings is changed (Alert 6001)
- The default use role in WordPress settings is changed (Alert 6002)
- The Administrator notification email in WordPress settings is changed (Alert 6003)
- The visibility of a blog post is changed (Alert 2025)
- The visibility of a page is changed (Alert 2026)
- The date of a blog post is changed (Alert 2027)
- The date of a page is changed (Alert 2028)
WordPress Plugin Improvements
- Links to the Audit Log Viewer and Settings in the plugin summary
- Time of Failed Login alerts now reflects the time of last failed login attempt
- Fixed: Incorrect alerts generated when the author of a page was changed from quick edit mode
- Fixed: Conflict with WP Mandrill and other plugins using pluggable.php
- Fixed: Incorrect alerts generated when the plugin is installed via a zip file/upload method
Better WordPress Monitoring & Security
A new update of the WordPress security plugin WP Activity Log plugin is available. It has been almost three months since the first release, but the long wait was well worth it. The new version of the WP Activity Log plugin is compatible with the latest version of WordPress 3.6 and also includes a truckload of new features, several performance improvements, and of course, a truckload of bug fixes!
New Features & Updates in WP Activity Log v 0.2.0.0
- Support / Fully compatible with WordPress 3.6
- Restricted plugin options and WordPress Audit Log Event Viewer only to WordPress administrators
- Improved failed logins events (events generated from the same IP, or same username will be grouped to avoid mass flooding of security events)
- Security Events pruning now uses wp-cron functionality (improved stability and reliability of events pruning)
- Applied several performance improvements (faster loading of events etc)
- Added support for permalinks; now events will include page or blog post URL rather than ID
- New alerts for when a page or blog post status is changed from draft, pending review or published
- New alert for when a page or blog post URL or author is changed
- New alert for when a blog post category is changed
- New alerts for when a user creates or deletes a category
- New alert for when the author of a blog post or page is changed
- New plugin alerts for when a plugin is installed, uninstalled or upgraded
- Updated navigation menu to use standard WordPress dashboard icons etc
Since we have added several new features in the plugin the database structure had to be changed. Therefore upon upgrading the plugin, all the events generated by version 0.1 of this plugin will be purged. This is just a small price to pay for the upgrade. The upgrade is definitely worth it!
We are proud to announce the first-ever BETA release of our new WordPress security plugin WP Activity Log. The plugin is available for download from the official WordPress plugin directory.
What is WP Activity Log?
WP Activity Log is similar to the Windows Events Log or Linux Syslog. It keeps a log of what is happening on WordPress, such as who logged in or out, who deleted a blog post, who published a page, and much more.
The WordPress administrator can use the Audit Log Viewer, which is part of the plugin, to see all of the logged activity. Below is a screenshot of the Audit Log Viewer.
From the above screenshot of the Audit Log Viewer, we can see that for each action that the plugin logs, an Event is created. For more information about such events, please refer to the WP Activity Log list of WordPress Security Alerts.
Why and who should use WP Activity Log?
Ideal for every type of WordPress installation, especially for multi user business blogs and websites, with WP Activity Log you can:
- Detect suspicious activity, e.g. if users roles or passwords are changed, if a plugin is activated without your concent etc
- Monitor WordPress users activity and productivity
- Detect a hacker’s hacking preliminary activity
- Monitor the content of your WordPress blog or website
- Identify issues before they become a problem, such as a hacking attack
Extensions and Add-Ons
Extension update – February 2023
WP Activity Log is well known for its ever-expanding list of activities it can track and log. Thanks to plugin extensions, it also supports third-party plugins such as WooCommerce. These extensions have been a great success, extending the functionality of WP Activity Log to include some of the most popular plugins on the market. Today, we are proud to announce the 13th addition to the extension library – The WP Activity Log MemberPress extension.
MemberPress is an extremely popular plugin that allows WordPress owners to offer courses, paid digital downloads, and membership subscriptions, among other things. This new extension gives owners the ability to gain invaluable insight into the management and operation of their MemberPress.
With 18 individual trackable MemberPress activities available straight out of the box, the MemeberPress extension will ensure you hit the ground running from day one. Check out our list of WordPress activity tracking to learn more about the activities WP Activity Log can track (including the brand-spanking new MemeberPress plugin).
Extensions updates – November 2022
Since the new version features some major updates, we needed to update the WP Activity Log extensions to ensure they are compatible with the new update. To this end, updates are available for the following extensions:
- Activity Log for WPForms
- Activity Log for bbPress
- Activity Log for Gravity Forms
- Activity Log for WooCommerce
Improved WooCommerce coverage in the latest extension update
We took this opportunity to improve the coverage of the Activity Log for WooCommerce extension. This update introduces 15 new event IDs to keep a log of:
- Changes to the WooCommerce store shipping options,
- User account changes customers or subscribers do from the WooCommerce customers portal, WooCommerce store privacy settings changes,
- And several others
Refer to the list of activity log event IDs for a complete list of all the user changes and activities, the latest versions of these extensions, and the WP Activity Log plugin can keep a log of.
Extension updates – May 2022
Today, we have released the latest version of the extension Activity Log for WooCommerce. This update features several new additions, improvements, and fixes, but the highlight is the improved coverage of changes in WooCommerce orders, which gives you a much better view of how the team is handling the orders on your WooCommerce store.
Highlight: better coverage of changes in WooCommerce orders
Undoubtedly, the highlight of this release is the expanded coverage of changes in WooCommerce orders. In addition to the wide coverage of changes in WooCommerce store and products already available, the extension can now also keep a log of the following changes in WooCommerce orders:
- A product is added or removed to an order
- The product quantity in a placed order is changed
- A fee is added, modified, or removed from an order
- Order tax is added, modified, or removed
- Order refund is reversed
- Shipping is added or removed from an order
Furthermore, the activity log extension is now also able to keep a log of:
- Changes to currency settings
- Changes to WooCommerce WebHooks
- Products’ Low stock threshold changes
Other important improvements
Apart from the ability to keep a log of many more changes, version 1.4.0 adds several improvements and fixes, ensuring smoother operations.
The codebase has now been aligned with the WP coding standard, ensuring better code maintainability and upgrades as we continue to develop the extension.
Also, a number of existing event IDs have been fine-tuned for more accurate logging, and the product SKU will now be included in all events that contain product information.
Extension updates – March 2022
In this month’s update, we are releasing the following updates:
- Activity Log for Yoast
- Activity Log for Gravity Forms
- Activity Log for WPForms
All updates include improved coverage, with the extensions now able to log more activities than ever before. We have also updated the code across the board to ensure it meets the WordPress coding standard.
New activity log events
As previously mentioned, we have increased the number of activities that the extensions are able to track. This addition improves the scope of logs, ensuring a more comprehensive picture of changes. Below is the list of new event IDs:
Activity Log for Yoast
- 8849: Enabled / Disabled a third-party integration.
- 8850: Changed the Breadcrumb title of a post.
- 8851: Changed the Page type in the Schema settings of a specific post type.
- 8852: Changed the Article type in the Schema settings of a specific post type.
- 8853: Changed the Default Page Type setting in the Content Type Schema settings.
- 8854: Changed the Default Article Type setting in the Content Type Schema settings.
- 8855: Added a new redirect.
- 8856: Modified a redirect.
- 8857: Deleted a redirect.
- 8858: The redirect method has been changed.
Activity Log for Gravity Forms
- 5714: Added/deleted note from entry (lead).
- 5717: Entry (lead) was modified.
- 5718: Exported entries from a form.
- 5719: Imported/exported a form.
Activity Log for WPForms
- 5513: Enabled / disabled anti-spam protection on a form.
- 5514: Enabled/disabled dynamic fields population setting on a form.
- 5515: Enabled/disabled dynamic fields population setting on a form.
- 5516: Renamed a notification.
- 5517: Changed the property of a notification.
- 5518: Added/enabled/deleted a confirmation from a form.
- 5519: Changed the confirmation type of a form confirmation.
- 5520: Changed the confirmation page in a form confirmation.
- 5521: Changed the redirect URL in a form confirmation.
- 5522: Changed the message in a confirmation form.
- 5523: User/website visitor submitted a form on the website.
For more detailed information about the changes, the WP Activity Log plugin can keep a log of, refer to the list of WordPress activity log event IDs.
Other notable improvements
Aside from the addition of new events, we also fixed a number of bugs and refactored some of the code in the WPForms extension.
We are also working on a major update for the Activity Log for WooCommerce extension, so make sure you watch this space to be the first to know.
Extension updates – September 2021
Today, we are updating the three most popular activity log extensions. Even though these are mostly maintenance updates, we have also improved the coverage of Yoast SEO plugin settings changes and WooCommerce orders changes.
Let’s dive right in to see what is new and improved in these updates.
Activity Log for WooCommerce 1.2.3
With this update, the WP Activity Log plugin can now keep a log of changes stores owners and their team do to the product reviews settings, Checkout and Account endpoints, and products’ tax status and tax class.
Below is a list of the new event IDs that the plugin will be using to keep a record of the above-mentioned WooCommerce store and product changes:
- ID 9100: User allowed / disallowed product reviews on WooCommerce store.
- ID 9107: User enabled/disabled the “Show verified owner label on reviews” setting in the WooCommerce store.
- ID 9108: User changed the status of the “Reviews can only be left by verified owners” setting in the WooCommerce store.
- ID 9109: User changed the status of the “Star rating on reviews” setting in the WooCommerce store.
- ID 9110: User changed the status of the Star ratings should be required setting in the store.
- ID 9111: Changed a Checkout endpoint on the WooCommerce store.
- ID 9112: Changed an Account endpoint on the WooCommerce store.
- ID 9113: The Tax status of a product was changed.
- ID 9114: The Tax class of a product was changed.
Refer to the list of activity log event IDs for WooCommerce for a complete list of all the WooCommerce store, products, orders, and other changes the WP Activity Log plugin can keep a log of.
In this update, we have also:
- Made sure that all of the extension’s strings are translatable.
- Improved the WooCommerce orders activity log sensor to detect and keep a log of new products added to an existing order.
- Fixed a number of bugs.
Activity Log for Yoast SEO 1.2.0
In this update of the extension for the most popular SEO plugin, we focused on improving the coverage of the social media settings in the plugin. This means that with this update, WP Activity Log can keep a log of changes done in the social media account settings pages. For example, the plugin will now keep a log when the default image used for Facebook posts is changed.
Below is the list of the new event IDs the plugin is now using to keep a log of these changes:
- ID 8844: The setting “Add Open Graph metadata” in the Facebook settings page was changed.
- ID 8845: The “Default image in the Facebook” settings page was changed.
- ID 8846: The setting “Add Twitter card metadata” in the Twitter settings page was changed.
- ID 8847: The “Default card type” setting in the Twitter settings page was changed.
- ID 8848: Changed the Pinterest confirmation meta tag in the Pinterest settings page.
In this update, we have also removed more obsolete code and have fixed a few reported issues, making this the most stable and reliable version of this extension.
Refer to the list of activity log event IDs for Yoast SEO for a complete list of all the WooCommerce store, products, orders, and other changes the WP Activity Log plugin can keep a log of.
Activity Log for WPForms 1.1.2
This extension’s update is a real maintenance update. In this update we have updated the extension’s core to the latest and most stable version of the activity log extensions core mode, which is used by all the other extensions.
We have also fixed a number of issues with the sensor of this extension. For example, in some cases, multiple activity log events were reported incorrectly when a new form is created in WPForms plugin. We’re happy to say that with this update, there are no more known issues for this extension.
Refer to the list of activity log event IDs for WPForms for a complete list of all the WooCommerce store, products, orders, and other changes the WP Activity Log plugin can keep a log of.
Update your activity log extension for optimum performance and activity log coverage
In these three updates, we have included a number of new event IDs and core improvements. Therefore, by upgrading the extensions you use to the latest version, you benefit from both better performance and also better activity log coverage.
Extension updates – April 2021
In this update, we have increased the coverage of the changes that can be done in plugin settings and also the multisite network plugin settings.
Let’s dive right in to see what’s improved in the Activity Log extension for Yoast SEO.
Improved activity log coverage
The main highlight in this update is the improved activity log coverage. This means that the plugin now keeps a log of many other changes that previously it did not. Here is the list of the new activity log event IDs the plugin is using:
- ID 8841: Added / changed / removed a search engine webmaster tools verification code.
New event IDs for multisite networks:
- ID 8838: Changed the setting of who should have access to the Yoast SEO plugin settings on a multisite network.
- ID 8839: Changed the setting from where new sites on the multisite network should inherit the SEO settings.
- ID 8840: User has reset the SEO settings of a site on the multisite network to default.
- ID 8842: Disabled a plugin feature at multisite network level.
- ID 8843: Allowed site administrators to toggle a plugin feature on or off at site level on a multisite network.
Refer to the complete list of activity log event IDs for more information on which WordPress and Yoast SEO plugin changes can WP Activity Log keep a log of.
For more information on activity log for third-party plugins, check out our activity log extensions page.
Extension updates – April 2021
You might have noticed that by now, we have developed quite a few activity log extensions for third party plugins. We have an activity log extension for WooCommerce, Yoast SEO, WPForms, Gravity Forms, MainWP, and a few others.
To manage all these extensions, and the many others that we have planned, we have created a code core template, so all these extensions can be easily maintained.
In this release, we focused on updating the core code that all the extensions use, which is more efficient, and uses the new activity log events definition system in the main plugin: WP Activity Log.
So without wasting any more time, let’s dive right in to see what’s new and improved in this update.
Improved events’ text & more efficient / better-performing code
With the new events’ definition we also improved the text in the events. Now the messages in the events for each extension are better written. This change improves the readability of the WordPress activity logs, therefore making it easier to understand when scrolling through the Activity Log Viewer.
New refactored code that is much lighter and way more stable
This update not only introduces better events and logs, but also a number of performance improvements, much more efficient code, and a number of bug fixes.
With the new code the extensions use much less resources, yet it is easier for us to troubleshoot any issues users might encounter.
Extension updates – November 2020
In this update, we focused mostly on improving the coverage of the activity logs. Now the WP Activity Log and this extension can keep a record of the software download settings changes, and can also keep a log of WooCommerce software downloads!
Let’s dive right in to see what are the new event IDs in the WooCommerce plugin.
Activity logs for software downloads via WooCommerce
WooCommerce has a variety of features. One of them is to allow you to sell software downloads.
If you are selling software via WooCommerce now, you have the ability to keep a log of who has downloaded your product(s), regardless if they are logged in or not! The plugin also keeps a log of the software download settings changes. For example, in the below screenshot, you can see event ID 9099 (visitor/user downloaded the software), and event IDs 9097 and 9098 (user Martin changed the download limit and download expiry settings).
These are the new event IDs the plugin uses in the activity log to keep a record of the above mentioned changes:
- ID 9097: the download limit of a product was changed
- ID 9098: the download expire setting of a product was changed
- ID 9099: a software product was downloaded
Refer to the complete list of event IDs in the WordPress activity log for more details about each event ID and what change it represents.
Performance & the other major change in this update
In the last few updates, we have released several WP Activity Log plugin extensions, so the plugin can keep a log of changes that happen in other popular plugins such as Yoast SEO and WPForms.
To manage all these extensions, and the many others that we have planned, we have created a code template, so all these extensions can be easily maintained. This code was developed with performance and reliability in mind, so you, the user can keep a log of everything that happens on your website without having to lift a finger.
In this update of this WooCommerce extension, we have replaced the old code with this new, better-performing, and more reliable code. As a result, this new update is way better than its predecessors!
Extension updates – September 2020
We are excited to announce a new update of Activity Log for the WPForms. With this extension for the WP Activity Log plugin you can keep a log of changes your team does on forms and the WPForms plugin settings.
In this update, we focused mostly on improving the coverage of the activity logs; WP Activity Log keeps a record of when a user integrates or removes an integration with a third-party service, changes the currency, or installs, activates, or deactivates an addon in WPForms.
Let’s dive right in to see what are the new event IDs for changes in the WPForms plugin and forms.
Activity logs for third-party service integrations & addons changes in WPForms
WPForms has a variety of add-ons. These allow site administrators to integrate the plugin with third-party services such as MailChimp, PayPal, and many more. These types of changes in the plugin are very important and can affect the functionality of the forms and the plugin itself.
Hence why we are happy to release this update with which you can keep track of all the installed, activated, and deactivated add-ons, and when third-party service integrations are added or removed. And as usual, the activity log of our plugin does more than just keep a simple log that shows something was changed. It shows you the name of the addon and its status, and the same to third-party service integrations, giving you a more granular insight about your website.
Below are the new event IDs the plugin uses in the activity log to keep a record of the above-mentioned changes:
- ID 5509: the currency used in the plugin has changed
- ID 5510: a third-party service was integrated / an integration was removed
- ID 5511: an addon was installed/activated/deactivated
Refer to the complete list of event IDs in the WordPress activity log for more details about each event ID and what change it represents. Below is a screenshot of some of the new event IDs reported in the activity log.
All this is helpful when it comes to troubleshooting. For example, a simple change to the MailChimp integration setting could lead to a disaster. That’s why a comprehensive and detailed WordPress activity log is needed when it comes to troubleshooting and to improve your team’s accountability and productivity.
Other Changes in this update
You might have noticed that by now, we have developed quite a few activity log extensions for third-party plugins. We have an activity log extension for WooCommerce, bbPress, MainWP, Yoast SEO, and a few others that are currently being developed.
The easiest way to maintain all these extensions is to have one core code template that is used by all the extensions, so when there are problems, or we need to update all the extensions we only have to update the core template. The newly refactored code is also much lighter and way more stable. In this update of this extension we have included the latest version of this code, making this extension much more stable and efficient.
Extension update – July 2020
Activity log for WPForms update
Keep a log of entry edits in WPForms
“Getting accurate data and having control over your form entries should be simple.” – WPForms
That is why we improved the plugin’s logging coverage. With our plugin you can now keep a record and know who changed an entry, when, from where. The plugin also keeps a log of both the old and new values, so you can know exactly what was changed.
Activity log for access control settings changes in WPForms
WPForms has a number of built-in access control settings. These allow site administrators to give specific privileges to users without an admin role. For example, you can allow a user with a contributor role to create new forms, and edit entries, or forms.
Access controls are sacred in security. As a site administrator, it is important that you know when these change.
In this update of our activity log extensions for WPForms, we have also added the coverage of access control settings. Therefore when you or another user changes any of these settings, the plugin keeps a log of the changes.
When the access control settings are changed, WP Activity Log keeps a record in the activity log of who did the change, when and from where, and most importantly of all, what were the access control changes. Refer to the complete list of WPForms changes the plugin can keep a log of.
Keep a log of changes your team does on WPForms
Leads are the bread and butter of every business. Therefore it is of utmost importance to keep a log of all the changes done to your business’ leads and also to the forms and the leads generation systems that you use.
Extension update – March 2019
The main highlights of this MainWP extension update are:
Infinite Scroll for the Activity Log Viewer
We have added a new view mode for the activity log viewer, the infinite scroll. The infinite scroll view mode is much faster and less resource hungry than the old pagination view mode. Also, you do not have to configure the number of events to show per page or navigate through the pages to find the event you are looking for.
You simply scroll down, and the events are automatically loaded, as can be seen in the below screenshot which highlights the differences between the two view modes.
We have also added a new option in the MainWP extension setting that you can use to switch between the two view modes. By default, however, the plugin will use the infinite view mode.
Major Performance Updates in the Activity Log Viewer
In the last few updates of the WP Activity Log plugin, we have really focused on improving performance. We’ve learned a lot, and we are applying what we’ve learned to the Activity Log for MainWP extension as well.
As a matter of fact, when using the infinite scroll and this update of the MainWP extension, the activity log viewer is around 500% faster.
Integrated the Freemius SDK
The news all MainWP extension users have been waiting for! We are currently working on the premium features for this extension. We will be implementing the Search & Filters, Reports and other functionality.
So we implemented the Freemius SDK in preparation for the premium features and licensing module. Stay tuned with us and subscribe to our newsletter so you are alerted when the premium features are available.
Add-On updates – April 2018
We are happy to announce version 1.1.0 of the External DB Add-On, which allows you to store the WordPress audit trial in an external database. In this new updated version of the plugin, we introduced the new migration mechanism built with AJAX. This new mechanism allows you to migrate as much as many alerts as you want between the WordPress database and vice versa. Therefore now the migration process does not have an impact on the web server’s performance and is not limited by the allocated hardware resources, such as memory.
Add-On updates – August 2017
This update took quite some time to finish, but finally, it is here. We are happy to announce the new Search 2.0 Add-on, which adds search functionality to WordPress’ most popular and widely used activity log plugin WP Activity Log. This update which features new functionality and also a completely revamped, new UI. Let’s see what is new in this exciting update of the Search Add-On.
New Search Filters
Prior to this update, you could only search for a specific change done by a user by using the username filter. Now you can use the filters to search for activity from a user with a specific First Name and Last Name.
We also included a new search filter for Post Type. So if, for example, you have a blog post and a post of a custom type (such as a movie from a movie database) with the same name, you can easily filter the search results for changes that happened on that particular post type.
Save and Load Search Term and Filters
In this update of the Search add-on, we also included the ability to save the search term and filters. Therefore if, for example, you have to search for something specific from time to time, you can save both the search term and filters and reload them whenever you need to do the search again.
Other Notable Updates in Search 2.0 Add-On
Apart from a number of add-on performance improvements, we have also:
- Added a new button to clear search results,
- Included hover-over functionality to filter activity log either by IP address or username.
Add-On updates – July 2017
Today, we released an updated version of the Reports Add-On. This is a minor release, and in it, we:
- Moved the Reports upload directory to /wp-content/uploads/wp-security-audit-log/reports/
- Removed all of the wp_session cookie code (no longer needed)
- Improved the code that loads wp-config.php
- Removed the error log function.
Add-On updates – March 2017
Today, we released an update for the Email Notifications Add-on, which allows you to configure your own rules so you are instantly alerted via email of important changes on your WordPress. With this update, you can now:
- Use custom WordPress user roles when creating a rule
- Use Custom Post Types with prefix
In previous builds of the Email Notification Add-on, both of the above were not supported.