What metadata is available in the activity log events?

Search Knowledge Base by Keyword

The WordPress activity log is made up of events. Every individual event is a record of a user action or change on a website. In this article we explain the different type of metadata that you can find in every individual activity log event.

Event ID

The event ID in the activity log

The event ID consists of 4 digits. Every ID represents a specific change or user action on the website. For example, whenever a user logs in, the plugin keeps a record of the login in an event with ID 1000. Event IDs are very important. Through them you can easily:

  • search for a specific change in the activity log,
  • configure SMS and email notifications for when specific changes happen,
  • generate specific user or website changes reports.

Further reading:

Severity level

The severity levels in the WordPress activity log

The severity level of an event indicates the impact the change or action can have on the website’s security, performance and functionality. For example, an event in the activity log about a new plugin install has critical severity level because you need to know about such a change on your WordPress. An event about a user logging on to the website has a low severity level, because you do not need to know every time a user logs in to your website.

Further reading:

Date & time

The date and timestamp in the WordPress activity log

The plugin keeps the date and timestamp of every change it keeps a log of in the activity logs. The format of both the date and timestamp, and also the timezone is the same as that configured on the WordPress website.

Further reading:

User and role

Users and roles in the WordPress activity log

This metadata indicates the user who did the change and the user’s role. In case the change was an automated system process, such as purging old activity log data, the plugin uses system as a user.

Further reading:

IP Address


This is the IP address from where the action or change originated. Note that this is the user’s public IP address address. So if the user is using a VPN, or is on a network, you will see the public IP address of the network. If the change is a system change, for example when WordPress automatically deleted auto saved draft posts, the reported IP address is that of the website itself.

All the IP addresses reported in the WordPress activity logs are linked to WhatIsMyIPAddress.com, so you can easily see from where the IP address originates and read other vital information about it.

Further reading:


The object metadata in the event

This is the object the activity log event about. For example, when a user changes the password, the object of the event is User because the event is about a change in a WordPress user profile. Event objects are handy because you to quickly get an idea what the event is about, and can also be used as a filter.

Further reading:

Event type

The event type in the activity log

The event type describes the type of change the event is reporting. For example, when a plugin is activated the event type is Activated. When an editor publishes a post or a page, or a store manager publishes a new product in WooCommerce, the event type is Published.

Similar to the object, event types are handy because with them you get an idea about the type of action the event is reporting. It can also be used as a filter, for when you need to filter the activity log view to find a specific event in the activity log.

Further reading:


The message metadata in the events

In this section you will find the remaining metadata and details about the object and change reported in the event. For example, if the event is about a blog post, in this section you can find the blog post title, the post ID, status, URL etc.