What data and metadata are available in activity log events?

The WordPress activity log is made up of events. Each individual event includes data and metadata related to that event, providing you with context and information about each event logged. In this article, we explain the different types of data and metadata that you can find in activity log events.

What is data?

Data is the information that is part of the event. This includes the event ID, user, IP, etc. The most important data is displayed in the Activity Log Viewer screen by default.

What is metadata?

Think of metadata as data about the data, in this case, data about the data collected in the event. As metadata is event-dependent, not all events will have the same metadata. Instead, metadata for a particular event will be restricted to the data collected for that event.

Why is metadata used?

Metadata provides additional information about the event. It has a variety of uses, including search, the ability to capture additional information, and other uses. In WP Activity Log, metadata is also used to run hooks, giving you the ability to extend the functionality of the plugin to meet custom operational criteria.

What data and metadata are available with WP Activity Log?

WP Activity Log events include a healthy amount of data and metadata. You can find an updated list below:

Event ID

The event ID consists of 4 digits. Every ID represents a specific change or user action on the website. For example, whenever a user logs in, the plugin keeps a record of the login in an event with ID 1000. Event IDs are very important. Through them, you can easily:

• Search for a specific change in the activity log
• Configure SMS and email notifications for when specific changes happen
• Generate specific user or website changes reports

Further reading:

• What are Events and Event IDs in the WordPress Activity Log?
• Complete list of WordPress activity log events and IDs

Severity level

The severity level of an event indicates the impact the change or action can have on the website’s security, performance, and functionality. For example, an event in the activity log about a new plugin install has a critical severity level because you need to know about such a change on your WordPress. An event about a user logging on to the website has a low severity level because you do not need to know every time a user logs in to your website.

Further reading:

• WordPress activity logs severity levels

Date & time

The plugin keeps the date and timestamp of every change it keeps a log of in the activity logs. The format of both the date and time stamp, and also the timezone, is the same as that configured on the WordPress website.

Further reading:

• How to change the date and time format of the WordPress activity log
• How to change the timezone of the WordPress activity log timestamps

User and role

This metadata indicates the user who made the change and the user’s role. In case the change was made by an automated system process, such as purging old activity log data, the plugin indicates ‘System’ as the user.

Further reading:

• How to configure which user information is shown in the activity log
• How to exclude WordPress users or roles from the activity log

IP Address

This is the IP address from where the action or change originated. Note that this is the user’s public IP address. So if the user is using a VPN or is on a network, you will see the public IP address of the network. If the change is a system change, for example, when WordPress automatically deletes auto-saved draft posts, the reported IP address is that of the website itself.

All IP addresses reported in the WordPress activity logs are linked to WhatIsMyIPAddress.com, so you can easily see where the IP address originates from and read other vital information about it.

Further reading:

• How to retrieve the users’ IP address when WordPress is behind a WAF or reverse proxy
• How to exclude all activities originating from an IP address in the activity logs

Object

This is the object the activity log event is about. For example, when a user changes the password, the object of the event is User because the event is about a change in a WordPress user profile. Event objects are handy because you quickly get an idea of what the event is about. Objects can also be used as filters.

Further reading:

• List of objects in the WordPress activity log

Event type

The event type describes the type of change the event is reporting. For example, when a plugin is activated, the event type reads Activated. When an editor publishes a post or a page or a store manager publishes a new product in WooCommerce, the event type reads Published.

Like Objects, event types are handy because they give you an idea of the kind of action the event is reporting. It can also be used as a filter when you need to filter the activity log view to find a specific event in the activity log.

Further reading:

• List of event types in the WordPress activity log

Message

In this section, you will find the remaining metadata and details about the object and change reported in the event. For example, if the event is about a blog post, here you’ll find the blog post title, the post ID, status, URL, etc.

Additional data

Aside from the data that is visible in the log viewer, logs contain additional information about the event. This information can be viewed through the Event Data Inspector.

Event Data Inspector

The activity log Event Data Inspector is an additional WordPress activity log tool that can be used to view:

• Additional technical details that are not shown in the alerts by default, such as the UserAgent string, Post ID, Post Date, etc.
• The value of an object that is too long to be displayed in the activity log viewer

The Event Data Inspector can be accessed by clicking on the ellipsis button (…) at the far right edge of the log entry.

In the example below, we can see that a user changed the meta description of a published post. Since the values of the old and new meta descriptions are too long to be displayed in the log viewer, the alert reports the change without displaying the old and new values.

To see the values, you will need to open the data inspector. The screenshot below shows the Event Data Inspector, which shows the changes in the META description of a blog post.

Notice that you can see both the old and new values and all the details the plugin records about the post, such as the Post ID, status, type, URL, and revision link. The plugin also stores the Session ID of the user who did the change.

Extracting activity log data using hooks

Data presented in the Event Data Inspector can be extracted programmatically through WP Activity Log hooks. Below is a list of all the variable names, each representing specific data from the activity log. For example, the %Message% variable represents the actual message you see in each event in the activity log viewer.

%Message%

%PromoLink%

%CommentLink%

%MetaLink%

%RevisionLink%

%EditorLinkPost%

%EditorLinkOrder%

%CategoryLink%

%cat_link%

%ProductCatLink%

%TagLink%

%EditorLinkForum%

%EditorLinkTopic%

%MetaValue%

%MetaValueOld%

%MetaValueNew%

%ClientIP%

%LinkFile%

%URL%

%LogFileLink%

%Attempts%

%LogFileText%

%PostStatus%

%ProductStatus%

%multisite_text%

%ReportText%

%ChangeText%

%ScanError%

%TableNames%

%FileSettings%

%ContactSupport%

%LineBreak%