The WordPress activity log is made up of events. Every individual event is a record of a user action or change on a website. In this article we explain the different type of metadata that you can find in every individual activity log event.
Event ID
The event ID consists of 4 digits. Every ID represents a specific change or user action on the website. For example, whenever a user logs in, the plugin keeps a record of the login in an event with ID 1000. Event IDs are very important. Through them you can easily:
- search for a specific change in the activity log,
- configure SMS and email notifications for when specific changes happen,
- generate specific user or website changes reports.
Further reading:
- What are Events and Event IDs in the WordPress Activity Log?
- Complete list of WordPress activity log events and IDs
Severity level
The severity level of an event indicates the impact the change or action can have on the website’s security, performance and functionality. For example, an event in the activity log about a new plugin install has critical severity level because you need to know about such a change on your WordPress. An event about a user logging on to the website has a low severity level, because you do not need to know every time a user logs in to your website.
Further reading:
Date & time
The plugin keeps the date and timestamp of every change it keeps a log of in the activity logs. The format of both the date and timestamp, and also the timezone is the same as that configured on the WordPress website.
Further reading:
- How to change the date and time format of the WordPress activity log
- How to change the timezone of the WordPress activity log timestamps
User and role
This metadata indicates the user who did the change and the user’s role. In case the change was an automated system process, such as purging old activity log data, the plugin uses system as a user.
Further reading:
- How to configure which user information is shown in the activity log
- How to exclude WordPress users or roles from the activity log
IP Address
[SCREENSHOT]
This is the IP address from where the action or change originated. Note that this is the user’s public IP address address. So if the user is using a VPN, or is on a network, you will see the public IP address of the network. If the change is a system change, for example when WordPress automatically deleted auto saved draft posts, the reported IP address is that of the website itself.
All the IP addresses reported in the WordPress activity logs are linked to WhatIsMyIPAddress.com, so you can easily see from where the IP address originates and read other vital information about it.
Further reading:
- How to retrieve the users’ IP address when WordPress is behind a WAF or reverse proxy
- How to exclude all activities originating from an IP address in the activity logs
Object
This is the object the activity log event about. For example, when a user changes the password, the object of the event is User because the event is about a change in a WordPress user profile. Event objects are handy because you to quickly get an idea what the event is about, and can also be used as a filter.
Further reading:
Event type
The event type describes the type of change the event is reporting. For example, when a plugin is activated the event type is Activated. When an editor publishes a post or a page, or a store manager publishes a new product in WooCommerce, the event type is Published.
Similar to the object, event types are handy because with them you get an idea about the type of action the event is reporting. It can also be used as a filter, for when you need to filter the activity log view to find a specific event in the activity log.
Further reading:
Message
In this section you will find the remaining metadata and details about the object and change reported in the event. For example, if the event is about a blog post, in this section you can find the blog post title, the post ID, status, URL etc.