How can we help?

Search for answers or browse our knowledge base.

Table of Contents

WP Activity Log plugin changelog

This is the plugin’s changelog, which is mainly a detailed list of all the plugin changes and bug fixes introduced in every version update. Refer to the plugin release notes for a high level overview of what is new and improved with every plugin version update.

4.6.4 (2024-02-14)

Bug fixes

  • Fixed: Undefined array warning shown on website’s front-end when running Gravity Forms in certain setups.
  • Exception handling added for when uploading a PDF as a WooCommerce product image.
  • Fixed: fatal error in third step of install wizard when plugin is installed on a vanilla WordPress.

4.6.3 (2024-02-08)

Plugin & features improvement

  • Added support to the new plans and prices (February 2024 change).
  • Upgraded the Freemius SDK to 2.6.2.
  • Updated a number of links in the plugin (links used in help text etc).
  • Removed hardcoding of post types and post statuses in search filters.
  • Continued code refactoring – code removed from main plugin file, created new classes etc.

Bug fixes

  • Option for event ID 5709 was not showing when filtering the list of event IDs in the Enable/Disable events section.
  • Fixed error generated when duplicating forms on Gravity Forms.
  • Fixed: plugin keeping a log of forms submission even when the option to keep a log by website visitors was disabled.
  • Added event ID check when extracting the last occurrence from the database.
  • Addressed a number of PHP errors generated when running the plugin on PHP 8.2
  • Fixed a server error generated when exporting search results.

4.6.2 (2024-01-09)

Plugin & features improvement

  • Fixed a number of broken links in the UI (search filters) and Enable/Disable events section.

Security fix

  • Fixes an XSS in the activity log viewer. Identified by NamGyu Kang.

Bug fixes

  • Extension update notice introduced in 4.6.0 cannot be dismissed in certain situations.
  • Fixed: Fatal error in WP_Content_sensor triggered in some edge cases.
  • Fixed: Error in MirrorLogger.php triggered by a bad / broken migration of activity log events.
  • Fixed: Fatal error on multisite network when upgrading from 4.5.2 to >4.6.0.
  • Addressed a Composer error triggered when installing Premium over Free edition of the plugin in certain versions.

4.6.1 (2023-11-02) – Free edition only

Plugin & features improvement

  • Migrated more of the plugin’s code to WordPress coding standard.
  • Cleaned the code from a number of redundant and wrong logic.
  • Improved text on certain buttons & other UI sections.
  • Removed all code previously used by the obsolete extensions.

Bug fixes

  • Fixed error / crash encountered when using the Grid View and upgrading to 4.6.X.
  • Fixed: Events cannot be deactivated from the Enable/Disable page in the plugin.

4.6.0 (2023-10-18)

New activity log event ID

  • Event ID 6061: With this event ID the plugin keeps a log of when an email is sent from the website.
  • Event ID 9123: A WooCommerce coupon was moved to trash.
  • Event ID 9124: A WooCommerce coupon was permanently deleted.
  • Event ID 9125: The visibility of a WooCommerce coupon was changed.
  • Event ID 9126: The published date of a WordPress coupon was changed.
  • Event ID 9127: A WooCommerce coupon was restored from trash.

Refer to the list of activity log event IDs in WordPress for a complete list and more details about what the plugin can keep a log of.

New features

  • Free text search included in the free edition of the plugin.
  • Support for the wildcard “*” in the search filters (Premium edition).
  • Added a setting in the external database module so the plugin writes the activity log directly to the external database rather than using the Action Scheduler buffer.
  • Added new option in the Delete activity log tool to delete activity log data of a specific day.
  • Added a new search filter for “user email” in the activity log search.
  • Added support for WP CLI: a number of plugin options can be configured via WP CLI post plugin activation.

Plugin & features improvements

  • Continued the second phase of the major plugin core refactoring, including reviewing, refactoring and documenting the sensors loading, classification process etc.
  • Rewritten all the MySQL connection & database communication classes.
  • Moved all third party plugins extensions (such as those for WooCommerce and Yoast SEO) to the plugin core, meaning extensions are no longer required.
  • Code cleanup: removed redundant old code and a number of obsolete files.
  • Activity log viewer is now using all the standard WordPress UI features (screen options, bulk options etc) for a more seemless experience.
  • Improved support / activity log coverage for Yoast SEO, WPForms, Gravity Forms, and Memberpress.
  • Improved coverage for WooCommerce and also supporting the latest version of WooCommerce: 8.X.
  • Switched the default activity log viewer view mode to pagination.
  • Rebranded the developer / ads / text etc – WP White Security is now Melapress.
  • Improved the activity log data inspector view – now data inspector is within the activity log viewer.
  • Removed the plugin setting to select which columns to show in the activity log viewer. Now the plugin uses the standard WordPress screen options.
  • Removed the Grid view completely.
  • Added the database info to the system info file (useful for support / troubleshooting).
  • Updated the column titles used in the activity log reports.
  • Applied several minor improvements to the Archiving setup screen.
  • Removed all meta related classes and switchd to a universal entity class / switch to arrays instead of objects.
  • Removed redundant “Next” button from the last step of the Connection wizard.
  • Added error & notification messages in the Connections wizard for when invalid database table prefixes are used.
  • Added the timezone / time format information in the reports header.
  • Updated the Freemius SDK to 2.5.12.

Bug fixes

  • Fixed: Reports auto pruning was removing all reports regardless of the configured setting.
  • Fixed: In some cases built-in notifications for critical events were not being fired.
  • Fixed: Grouping of specific notifications criteria were not working. For example event IDs + Not from IP address; the second criterion was ignored.
  • Plugin now deleted the flag “archiving-cron-started” when the “Excute Archiving Now” button is clicked to unblock potential clogged archives.
  • Fixed: Plugin failed to retrieve site URLs in some cases on a multisite network.
  • Fixed: No events reported in the daily email report in some edge cases.
  • Fixed: Reported number of logins for admin users in statistics reports not reported correctly.
  • Fixed: Filtering of logged in users was not correct in the Logged in users section on a multisite network.
  • Fixed: Users and Roles were not counted correctly in the overview of logged-in users page on a multisite network.
  • Fixed: Multiple email notifications sent at ones if the built-in notifications are all enabled at the same time.
  • Fixed: A number of PHP Warnings generated when the Export/Import setting was used on multisite networks.
  • Fixed: Deleting activity log data for a specific user was not deleting Event ID 1000’s on multisite networks.
  • Fixed: Plugin failed to find user in the User filter when generating a Report based on ‘user’ criteria on multisite networks.
  • Fixed: Activity log view of Archived events was not accessible when the Archived connection was linked to the site on a multisite network.
  • Fixed: Terminate all sessions erroneously reporting Event ID 1003 on multisite networks.
  • Fixed: Deleting data upon uninstallation was generating WordPress database errors and PHP warnings in the free edition.
  • Fixed: The date column from the Activity Log viewer could not be filtered if the Archiving or External connection was active.
  • Fixed: Archiving data could have caused a loss of metadata and events from the current day in some edge cases.
  • Fixed: Prevented PHP Warnings / Notices when a Custom Template was used in creating custom notifications.
  • Fixed: In some edge cases, archived activity log data was not included in the reports.
  • Fixed: Deleting data for a specific Event ID from the Archived database not working in some cases.
  • Fixed: Entire list of Event IDs was not fetched when trying to delete data based on specific Event ID.
  • Fixed: Problem with multiple Archive/External connections being created out of a single declared connection.
  • Fixed: Data from external database not being indexed in plugin’s Search.
  • Fixed: Erroneous plugin behavior when the “only me” Setting for Admins to access plugin settings is enabled.
  • Fixed: Fatal error in some cases when Report was generated in .CSV format.
  • Fixed: Fatal error generated in some edge cases when plugin was deleting data in local database when switching back from external to local database.
  • Fixed: Custom “From Email Address” not showing up properly in plugin’s mail recipients.
  • Fixed: Extended logic in default email templates preventing IP Addresses from being displayed in a number of edge cases.
  • Fixed: Events generated on-site’s front end not reaching the Syslog server during mirroring.
  • Fixed: The Custom User field in the Exclude Objects tab was not saving values properly.

4.5.3 (2023-07-05)

Bug fixes

  • Fixed issue causing pruning of reports to remove all stored reports.
  • Fixed issue which could cause a memory issue when migrating from older versions.
  • Fixed error which could cause ‘Excluded custom user fields’ to not save when updating.
  • Fixed issue which cause cause a fatal error when saving pages via the Oxygen Builder plugin.
  • Other improvements
  • Updated Freemius SDK to the latest version (addressing a security issue).

4.5.2 (2023-05-11)

Plugin improvements

  • Improved PHP 8.2 compatability.
  • Replaced the elipsis icon used for the Event data viewer with a “More details” button in the activity log viewer.
  • Updated a number of hooks (better interoperability) used in custom sensors.
  • Improved the “installed plugin” check to only show one extension notification when both the free and premium edition of a plugin are installed at the same time.
  • Activity log data is also automatically deleted from the archive database when using the logs data deletion tool.

Security updates

Fixed a number of CSRFs, missing authorization & missing capabilities checks discovered by Marco from Wordfence.

Bug fixes

  • Fixed: Fatal error reported when cloning a site on a multisite network with the NS Cloner plugin.
  • Fixed: Plugin was not retrieving the correct IP address when using a reverse proxy since update 4.5.0.
  • Addressed a number of PHP Warnings reported when using the WP Rocket plugin to purge the cache.
  • Fixed: PHP warning when saving Exclude Objects settings.
    Setting up a mirroring connection and configuring the mirror of logs was not being reported in the logs.
  • Fixed: Fatal error when using the User Switching plugin to switch a user’s session.
  • Fixed: Logins from non-native login forms (such as those from WooCommerce) were not captured correctly since update 4.5.0.
  • Fixed: Plugin not terminating existing user session when the seting to “overwrite existing session” was enabled.

4.5.1 (2023-04-25)

Plugin improvements

  • Replaced the elipsis icon used to launch the event details viewer with a “More details” button.

Bug fixes

  • Fixed: IP was not extracted properly from HTTP header when a proxy was in use.
  • Fixed: Fatal error in user-switching.php sensor when switching logged in users with a user switching plugin.
  • Fixed: Logins from WooCommerce not captured properly even when plugin is configured to capture logins from all login forms.
  • Fixed: option to “override current logged in session” (Session management module) was not terminating sessions when users log in via the WooCommerce login page.
  • Fixed: PHP fatal error in the login and logout log sensor.
  • Fixed: PHP notice in settings helper class when switching off the reverse proxy settings.

4.5.0 (2023-04-12)

Release notes: Update 4.5: refactored core & improved performance

New features and functionality

  • Automatic activation of license key in NOFS edition of the plugin if key is declared on file.
  • Added events’ severity filter in the Report module.
  • Added a new option to remove report metadata, such as the filters used for the reports from activity logs reports.

Plugin and features improvements:

  • Refactoring the plugin’s core code phase 1 – improved performance, reliability and maintainability.
  • Better support for PHP8 – addressed all reported warnings and fatal errors.
  • Event ID 2002 is now reported when a user changes something in a post for which the plugin does not have a specific event ID.
  • Added a link to the Saved Reports tab in all reports’ emails to allow easy access of all generated reports.
  • Set the Filters and Save Changes button top bar to “sticky” (always floats at the top of the screen) when enabling / disabling events (better UX).
  • Applied multiple tiny UI improvements in the Reports and User Sessions Management pages.
  • Improved the UI of the filters in the activity log viewer – now all the filters are displayed in full and are no longer truncated.
  • Added checks to the excluded objects placeholders to ensure users do not specify wrong objects in the wrong setting.
  • Replaced technical term severity labels with friendly ones. For example WSAL_HIGH is now High severity.
  • Added some new help text and improved existing help text in some pages throughout the plugin.
  • Improved support for RTL setups in the activity log viewer.
  • Deleted obsolete upgrade code that was checking for AWS connections during upgrade.
  • Removed code related to the migration of events when using an external database from the Free edition of the plugin.
  • Improved the way the database table changes are detected by the plugin – all event IDs used for database changes monitoring are now enabled by default.
  • Option to “List only IP addresses used during login” for the IP addresses statistics report is grayed out unless the report is chosen.
  • Improved the sensor that detects page changes (page created, deleted or changed) done automatically via plugins.
  • UI/UX improvements in the reports page and the settings for the periodic reports.

Bug fixes

  • Fixed: Intermittent fatal error in UserSessionsTracking.php when log gin in from custom login pages (like WooCommerce).
  • Fixed: Event ID 7009 (user changed the maximum upload file size for a site on a multisite network) was wrongly logged instead event ID 7011(user changed the maximum upload file size for the network).
  • Fixed: Renaming a menu was not reported correctly, event ID 2085 (Changed menu items order) was reported instead.
  • Fixed: Error reported in the message of event ID 6060 (Changed the status of an event ID).
  • Fixed: WP Activity Log now keeps a log when it is activated or deactivated.
  • Fixed: Deleting events with “Informational” severity delets all events in the log.
  • Fixed: Fatal error in class-alert-manager.php when excluding a user and its role at the same time.
  • Fixed: Super Admin role added to Admin user in logs on a single site.
  • Fixed: PHP warning in /classes/Sensors/Multisite.php on a multisite network when running NOFS edition of the plugin on some specific multisite network setup.
  • Fixed: Plugin version update notice still shown in the NOFS edition of the plugin even when the plugin is up to date.
  • Fixed: When objets are excluded from the activity log.
  • Fixed: Event ID 6052 (Changed activity log retention settings) was not reported if the setting is already on “delete events older than” and the user changes the number of months or years.
  • Fixed: Event IDs 6053 – 6058, used to keep a log of when objects are excluded from the activity log are not reported in a multisite network environment.
  • Fixed: HTML code was shown instead of characters in some drop down menus in the Reports module pages.
  • Fixed: Site title change not reported (Event ID 6059).
  • Fixed: The daily summary email was not reporting file changes reported in the website through the Website File Changes Monitor plugin.
  • Fixed: Tags and Mirror identifier settings removed from Syslog and Slack mirroring settings – these are only used by third parties such as Amazon Cloudwatch and Papertrail.
  • Fixed: Report for number of published posts by user contained duplicate entries.
  • Fixed: Event ID 6034 (Purged activity log) also reported along site event ID 6006 when resetting plugin settings to default.
  • Date filters in reports were not applied correctly; plugin also including events that happened within 24 hours before the start date.

4.4.3.2 (2023-02-09)

New features

  • Added a new option to keep a log of non mirrored events in a log file in case of failure.
  • Added support to send syslog files over a TCP connection (previously it was only possible on UDP).

Plugin & features improvements

  • Updated some of the settings text in the mirroring wizards.
  • Old non_mirrored_events.log files no longer converted to php.

Bug fixes

  • Fixed a broken link in the first-install wizard.
  • Fixed: plugin created the file non_mirrored_events.log even when no mirrors were configured.
  • Fixed: Logger path was wrong (in some cases it was generating a log file in /wp-admin/)

4.4.3.1 (2023-01-12)

Plugin & features improvements

  • Better support for the Nextend Social Login and Register plugin – plugin keeps a log of all logged in sessions, including those signing in via third parties services such as Google and Facebook.
  • All search filters now have the “add filter” button, replacing the client side scripts to improve cross-browser support.
  • Improved the placement and text of some notices & error messages in the activity log mirroring wizard.
  • Added additional checks for the plugin setting “write directly to mirror” to address a number of PHP warnings.

Bug fixes

  • Fixed: Error reported when trying to edit a revision of a post on some particular setups.
  • Fixed: All plugin log files had the .php extension, instead of only the non mirrored logs log file.
  • Fixed a PHP notice triggered whenever accessing the Integrations section in the plugin.
  • Fixed a number of PHP warnings which were being reported when the plugin is run in an environment using PHP8.
  • Fixed: Clicking the “Archive now” button was not triggering the archiving of the activity log, but only the Cron job was triggering the archiving.
  • Fixed: Uncaught error in “FS_Admin_Notices” reported in some cases when plugin is used with MainWP child.
  • Fixed: PHP fatal error reported on some membership based websites when users try to log in.
  • Fixed: Incorrect username is shown in the daily email summary in some multisite network installs.

4.4.3 (2022-12-08)

Release notes: WP Activity Log 4.4.3

New activity log event IDs

  • 6060: an event ID was enabled or disabled.

New features & functionality

  • MemberPress activity log extension – keep a log of the changes that happen on your MemberPress powered website.
  • Support for syslog connections over TLS connection.
  • Setting to write activity logs directly to a log file (completely bypassing the Action Scheduler).
  • Sessions policies for super admins on a multisite network.
  • Button to terminate only the displayed sessions in the Logged-In users view.
  • New setting to show only the logged in users who have multiple sessions.
  • New {user_email} tag available for custom notifications.
  • Plugin can now read v4 IP addresses that are mapped to v6.

Plugin & features improvements

  • Reports are now generated in the background and an email is sent to the user upon completion, allowing users to navigate away from the page without interrupting the process.
  • Non mirrored logs are now stored in a php file instead of a log file – more secure implementation.
  • User email address is now available as a tag that can be used in email templates.
  • Major database queries improvements to optimize the reading of activity log events from the database.
  • Improved display of extension events (as well as special sub-options) within the Enable/Disable events view.
  • Adjusted CSS for a more responsive activity log viewer.
  • Improved login sensor to improve compatibilty with most custom login forms.
  • Improved logic handling when creating custom notifications.
  • Activity Log events sorted by event ID in Enable/Disable Events section.
  • UI improvements to the Enable/Disable events view.
  • Activity log event metadata is now consistently an array for efficiency and better data management.
  • Added new options in the “Terminate all sessions” feature to terminate all but the admin’s sessions.
  • Silencing admin notices in the activity log viewer page.
  • New selection checkbox to individually select sessions from the logged in users view.
  • Various UI and UX improvements to the Users Sessions view.
  • Event data inspector styling improvements.
  • Removed the Freemius SDK from the free edition of the plugin.
  • Plugin now displays the user role name instead of the slug.
  • Improved the plugins internal logging class/system.
  • Applied several new checks and improvements to improve the reliability of the archiving connection module.
  • Limited external connection usage to single use (to avoid conflicts and speed up the process).
  • Removed Freemius from the Free edition of the plugin.
  • Improved the logic of event ID 1000 (user login) to avoid duplicate events when a user logs in via WooCommerce.
  • Improved the “ordering and organizing” of the event ID lists in the Enabled / Disable Events section.
  • Updated the Freemius SDK to version 2.4.5.
  • Improved compatability with the MemberPress plugin (addresses a number of errors etc).

Bug fixes

  • Fixed: PHP error when creating or deleting sites on a multisite network.
  • Fixed: Action Scheduler library used when writing events to local database.
  • Fixed: Error generated during logging in when using WP Defender.
  • Fixed: Automatic update emails from WordPress not being sent in the correct languange when WP Activity Log is activated in specific scenarios.
  • Fixed: Some of the “hover over info panels” in the activity log not working due to a broken JS dependency.
  • Fixed: Grouping in custom notifications not working in certain scenarios.
  • Fixed: An issue that causes the ‘update available’ email to disregard the site’s language.
  • Fixed: Pagination links in list of logged in users was being overridden by other components.
  • Fixed: Cannot save multiple email addresses for the daily activity log notification.

4.4.2.2 – Premium only (2022-07-27)

New functionality

  • New setting to not send the daily notification if there are no events to report.

Improvements

  • Post titles in Daily summary email now link to post directly.
  • Improved support for custom user roles in notifications.
  • Applied a number of UI changes and improvements to the “Logged In Users” section.
  • Added version number to Search JS scripts so they are not cached by browsers.

Bug fixes

  • Fixed: Search of logged in sessions by user role not returning correct results.
  • Fixed: A number of PHP notices were reported whe nthe WSAL_cleanup cron job is fired.
  • Fixed: Daily email summary cannot be disabled.
  • Fixed: Cannot change the daily summary notification email address.

4.4.2.1 (2022-07-06)

Bug fixes

  • Fixed: Fatal error when a WooCommerce file download is triggered.
  • Fixed: Only users with administrator role shown as logged in on a multisite network.
  • Fixed: Event IDs 5010 – 5018 wrongly enabled by default.
  • Fixed: A number of upgrade errors caused because of possibly outdated files.
  • Fixed: Disabled event IDs disabled at multisite network level were activated back when accessing child sites.
  • Fixed: Upgrade notice shown on a multisite network even when it is a new install.
  • Fixed: Fatal error triggered due to incorrectly named files (wrong capilitazion).
  • Fixed: Error in Alert formatter triggered during the upgrade process.

4.4.2 (2022-06-23)

Release notes: WP Activity Log 4.4.2

New activity log event IDs

  • ID 2133: user taken over a post from another user.

New features & functionality

  • A number of new activity log statistics reports such as number of newly created users, user profile changes, password changes and password resets, page views, and more.
  • Added a number of new whitelabeling options in the activity log reports. Users can now add the business name, contact details, business logo and more in the reports.
  • Users can now change the report title, add comments etc.
  • Tags for Loggly & AWS Cloudwatch: add tags to the WordPress activity logs mirrored to your logs management system

Plugin & features improvements

  • Users can now specify the number of hours when configuring a timeout for idle sessions.
  • Automatic plugin and theme updates are now detected and reported in the activity log (event ID: 5004).
  • Improved the logic of event ID 4029 – the user triggering the password reset request is now reported as the user who did the action.
  • Added the format of the generated report in the periodic reports list.
  • Draft posts can also be included in reports criteria.
  • The function to import / export plugin settings replaced with our own library (to be used in other plugins).
  • Plugin now uses the hook ‘deleted_theme’ to detect deletion of installed themes.
  • Removed the multisite tab from built-in notifications when installed on single site.
  • Added a check so the name of a mirroring connection cannot be empty.
  • Plugin now checks if there is an existing mirroring connection with the same name so not to overwrite existing ones.
  • Removed redundant “Save” button from the “Delete activity log data” page.
  • Improved the Integrations wizard – catered for a number of conflicts with other plugins and themes such as Divi.
  • Reviewed and improved the text in the WordPress users’ sessions management module.
  • Reports generation errors now contain details of why reports failed instead of generic errors, helping the user identify what the issue might be.
  • When deleting data about an IP address or a user from the logs, the user is now asked if they want to delete the events about the user / where the IP address is mentioned, or events generated from that user or IP address.
  •  Optimized the way licensing data is stored on a multisite network.
  • Premium plugin advert in activity log viewer is now fixed – it does not interrupt user.
  • Added a new filter to specify which long data fields should be truncated in the activity log viewer.
  • “Email Notifications” section renamed to “Email & SMS Notifications”.
  • Reviewed and rewritten the help text in the Sessions module to advise users to terminate current sessions before restricting sessions.
  • Applied a number of UI/UX tweakts to the Enable/Disable events section making it neater and easier to use.
  • Post titles are now reported and linked to the post in the daily update email.

Bug fixes

  • When user changes multiple plugin settings the plugin now is reporting all the changes and not just one.
  • Fatal error reported when running certain activity log searches.
  • Event ID 6310 no longer incorrectly reported with every plugin setting change.
  • Fixed: activity log retention settings deleted and rewritten to database on page reloads.
  • Fixed: some premium features such as the “link to view all users activity” available in the free edition.
  • Fixed: New notification help text shows HTML code rather than formatted message.
  • Fixed: Clicking the expand data in activity log viewer resets the view and redirects the user to top of the activity log.
  • Fixed: Reports filter “Post type” was not finding events about posts with some custom post types.
  • Fixed: Changes in activity log retention settings not correctly reported in event ID 6052.
  • Fixed: When a user changes a post’s title and content, only the title change is reported.
  • Fixed: Deleting of activity log events by severity is not deleting the events.
  • Fixed: Excape characters in password cause authentication with third party services to fail.
  • Fixed: The setting “Cleanup expired session data” cannot be disabled.
  • Fixed: Step 2 in the integrations wizard is not “scrollable” if you go back to it while configuring a connection.
  • Fixed: changes in built-in email notifications are not saved in some specific scenarios.

4.4.1.1 (2022-04-06)

Bug fix

  • Fixed: Search broken due to changes in the code format.

4.4.1 (2022-03-23)

Release notes: Out now: Activity Log for MainWP 2.0 & WP Activity Log 4.4.1

Improvements & changes

  • All of the plugin’s code is now using the WordPress coding standards.
  • Removed the reporting and search code from the free edition plugin that was used by the MainWP extension.

Bug fixes

  • Fixed: Reports filter “By post title(s)” not working.
  • Fixed: Users couldn’t set up a MySQL connection because of “unknown connection type” error.
  • Fixed: The daily activity log summary email cannot be enabled again after disabled.
  • Fixed: PHP fatal error when index.php file is saved in the custom sensors directory.

4.4.0 (2022-02-28)

Release notes: New Reports engine with more criteria, reports management & more

IMPORTANT – NEW HELPER PLUGIN

  • Third party libraries are now available through a helper plugin. If you are mirroring events or sending SMS messages, you will be prompted to install this helper plugin.

New activity log event IDs

  • ID 6059: Changed the site’s title.
  • ID 4021: Changed the website URL in the user profile.
  • ID 4013: User has been activated on a multisite network.

New features & functionality

  • Reports for WordPress: we developed an all new reporting engine, with more criteria.
  • Reports management module: see all generated reports, redownload or delete them etc.
  • Reports white labelling: users can now change the logo and links on the reports. More to come in upcoming updates.
  • New template for reports with new title page for reports.
  • Reports settings page: making a number of reports configuration settings available, giving the user more options to work with.
  • Setting to configure the plugin to “always” send an email for scheduled reports, even when no events match the criteria.
  • Hooks to allow users to change the columns in reports or ad value from non-default columns. Refer to the list of hooks in WP Activity Log for more information.
  • New naming format for all the reports: [yyyymmdd]-[report_number].[extension].
  • Specific reports can now be generated in PDF and JSON formats.
  • New UI for “Enable/Disable event IDs” with search and filtering functionality.
  • Table with numbers of how many users are logged in with specific roles + filters.
  • Added the user role next to each user in the list of logged in users.
  • Removed obsolete code used for advertorial events in the activity log viewer.
  • New “See user’s activity” link for each user in the users’ page to see a user’s activity with just a click.
  • New filter that allows user to add metadata to user information popup. Refer to the list of hooks in WP Activity Log for more information.
  • The new Activity Log for TablePress extension.

Improvements

  • Changed the database schema for improved storing of data, and faster writing and reading. After the upgrade the plugin will launch the upgrade process which might take some time to complete, depending on the amount of data in the activity log.
  • Activity log events from local database can be merged into an extising activity log in an external database.
  • Improved the coverage of changes done to a website via REST API.
  • Improved the format of the statistics reports. More statistics reports will be available in the upcoming version update.
  • Date and time are now two separate objects in CSV reports.
  • Updated the search module to read from new database schema.
  • All plugin settings now have the wsal_ prefix automatically added to them.
  • Added the URL metadata in CSV reports.
  • Rewritten some of the settings help text in the plugin to better explain the settings.
  • Updated the notifications module to read from new database schema.
  • Updated the integrations module for better backward compatability with older versions of WordPress.
  • Removed obsolete settings & code of the old file integrity scanner (now part of Website File Changes Monitor plugin).
  • Removed obsolete reference to the old file changes scanner in the daily summary email.
  • Made a number of JS strings available for translation.
  • Removed a number of plugin settings from autoload for improved performance.
  • Improved the plugin’s metadata and added the licensing information.
  • Long URL strings in activity log events are now automatically truncated. Full URL can be seen with just a click.
  • Removed forced database table collation: plugin now uses the default WordPress table collation.
  • Updated the “Help & Contact Us” page; improved text and added more relevant information.
  • Improved several UI sections in the Third Party Connections module.
  • Improved the check for writing activity log to external database; now it is less restrictive and faster.

Security fix

  • Upgraded the Freemius SDK to version 2.4.3.

Bug fixes

  • * Fixed: Database error when trying to log in with a non-existing user and a login notification is enabled.
  • * Fixed: In some edge cases the plugin was creating an empty “external database” connection string.
  • * Fixed a number of typos in the text of activity log events.
  • * Fixed: Auto complete in the Delete activity log data section was not returning the correct list of objects.
  • * Fixed: Wrong object reported for event ID 5029.
  • * Fixed: Event ID 4000 not reported when front-end sensor is disabled.
  • * Fixed: “Unknown connection type” reported back setting up a third party connection on specific versions of WordPress.
  • * Fixed: Event ID 6320 (added / removed connection) reported instead of event ID 6321 (modified connection).
  • * Plugin settings and view privileges no longer imported when using the configuration import tools. User is not prompted to choose whether to import them or not.
  • * Fixed: Function that was running on “add_filter” instead of “add_action” – Support ticket.
  • * Fixed: Deletion of events from the activity log based on severity not working.
  • * Fixed: Plugin fails to delete specific events from activity log with an error when using the Logs management module.
  • * Old reports are now properly and automatically deleted from the /uploads/ directory.
  • * Fixed: PHP warning about OPCacheUtils.php in specific setups.
  • * Fixed: Edge case in which other plugins couldn’t be installed or updated when WP Activity Log was activated.
  • Automatic termination of idle sessions was not triggering properly on some setups.

4.3.3 (2021-10-13)

Release notes: WP Activity Log 4.3.3: Plugin setting importer & exporter & support for REST API

New activity log event IDs

  • ID 5028: Enabled or disabled automatic updates for a plugin.
  • ID 5029: Enabled or disabled automatic updates for a theme.

New activity log event IDs for notifications in the plugin

  • ID 6310: Changed the status of the “Daily activity log summary email”.
  • ID 6311: Modified the list of recepients of the “Daily activity log summary email”.
  • ID 6312: Changed the status of a built in notification.
  • ID 6313: Changed the recepient(s) of a built in notification.
  • ID 6314: Added a new custom notification.
  • ID 6315: Modified a custom notification.
  • ID 6316: Changed the status of a custom notification.
  • ID 6317: Deleted a custom notification.
  • ID 6318: Modified the default notification template.

New activity log event IDs for integrations & activity log mirrors

  • ID 6320: Added a new integration connection.
  • ID 6321: Modified an integration connection.
  • ID 6322: Deleted an integration connection.
  • ID 6323: Added a new activity log mirror.
  • ID 6324: Modified an activity log mirror.
  • ID 6325: Changed the status of an activity log mirror (disabled/enabled).
  • ID 6326: Deleted an activity log mirror.
  • ID 6327: Changed the statues of the setting “Logging events to database”.

New features

  • Plugin settings exporter & importer: easily export and import the plugin’s settings configuration for backups, migration etc.
  • Options to delete specific data from the activity log, such as all events about a user, or an IP address.
  • Plugin keeps log of authenticated user changes done to the website via the REST API.
  • New button to only terminate the users’ sessions that match the search criteria in Logged in users’ session.
  • Added the new {first_name} and {last_name} tags to the custom notifications template.
  • New hook to edit the activity log event data before it is sent to mirrors.

Improvements

  • Logs from subsites on multisite networks can be mirrored to AWS Cloudwatch as individual log streams.
  • Activity log retention policy can now be specified by the number of days.
  • Plugin now reports user role changes done via the “Members” plugin (by Memberpress).
  • Event ID 2010 (user uploaded a file) now includes a link to the uploaded attachment.
  • Added “Blog ID” and “Site URL” to mirrored activity log events.
  • Hover over prompt for users entries in activity log viewer now displays more information about the user.
  • Improved the handling of post meta changes.
  • Renamed menu entry “DB & Integrations” to “Integrations” to better reflect its purpose.
  • Contact us link in install wizard now points to contact us page on website instead of homepage.
  • Auto complete filters in Reports now check up to 100 records.
  • Added additional database checks to ensure all data is removed from database upon uninstall on a multisite network.
  • Improved coverage for the Members plugin – plugin now reports user role changes done via the Members plugin.
  • Updated the “Help” link in the first time install wizard.
  • change the “wsal_inactive_sessions_test” database override to a filter.
  • Improved in-context help messages in plugin settings and ensured all titles are uniform.

Bug fixes

  • Fixed a PHP warning which happened when visiting the plugin’s settings pages (support ticket).
  • Fixed PHP notice which happened when visiting an archive page (support ticket).
  • Event IDs for “integration connections” changes wrongly reported for changes in “activity log mirroring connection” changes.
  • Fixed: Activity log retention policies appearing twice in some scenarios.
  • Fixed: Activity log retention settings and archive settings popup logic.
  • Added the missing argument in a multisite network that were creating a PHP error during plugin uninstall.
  • Setting the setting “Remove all data on uninstall” to “No” no longer leaves no option selected.

4.3.2 (2021-08-03)

Release notes: New external database module, plugin logging, and other exciting features

New event IDs for WP Activity Log plugin settings changes

  • ID 6046: Changed the status of the Login Page Notification.
  • ID 6047: changed the text of the Login Page Notification.
  • ID 6048: changed the status of the Reverse proxy / firewall option.
  • ID 6049: changed the Restriction Access setting.
  • ID 6050: changed the list of users that can view the activity log.
  • ID 6051: enabled / disabled the Hide plugin in plugins page setting.
  • ID 6052: changed the activity log retention policies.
  • ID 6053: excluded / included back a user in the activity log.
  • ID 6054: excluded / included back a user role in the activity log.
  • ID 6055: excluded / included back an IP address in the activity log.
  • ID 6056: excluded / included back a post type in the activity log.
  • ID 6057: excluded / included back a custom field in the activity log.
  • ID 6058: excluded / included back a user profile custom field in the activity log.

New features

  • A completely new external database module (with full backward compatibility support).
  • Activity log can now be stored on external MySQL databases on Microsoft Azure.
  • A new sensor to keep a log of WP Activity Log plugin settings changes.
  • New setting to “not write activity log to database” when mirroring the activity log to a third party service.
  • The “all except from” criterion in the reports, allowing users to easily exclude specific object from a report criteria.
  • Plugin database version: the plugin’s database is now versioned, making it much easier to upgrade the database structured when required.
  • Custom fields in user profiles can be excluded from the activity log from the “Exclude Objects” settings section.
  • The filter “wsal_event_metadata_definition” which allows users to add additional meta data to an event in the activity log. Refer to the list of hooks in WP Activity Log for more information.
  • Added events severity level filter in the mirroring connection, allowing users to filter which events should be mirrored by severity level.

Plugin improvements

  • Replaced the old external database buffer system with the Action Scheduler library to improve reliability and performance.
  • Redesigned the reports download functionality so it works on any type of WordPress web hosting.
  • Replaced the old activity log events migration module with WP Background processing, for a more reliable migration process.
  • Full support for PHP 8.
  • Detection of third party plugins activity & recommendations for activity log extensions.
  • Added a number of checks to the external database module for an improved database connection setup UX.
  • Activity log plugin extensions are also hidden when the WP Activity Log plugin is hidden from the plugins page.
  • Removed all the code that was previously used for migration of events between the WordPress and external database.
  • Remove code that is no longer required in the free edition of the plugin.
  • Better support for plugins that still use old methods (old use of the lostpassword_post filter) to allow users to reset their password without an error.
  • All database events have been moved under the “WordPress & System” tab in the Enable/Disable events section.
  • Improved the text of the plugin’s install wizard.
  • Live notifications in Admin toolbar are now disabled by default (performance enhancement).
  • Amazon AWS library is disabled by default. Users will be alerted to initialize it from wp-config.php if required.
  • Added the “;” as separator in the meta data section in CSV reports.
  • Removed the event ID 4-digits limit to allow users to declare event IDs with 5+ digits.
  • CSV reports now show the right username & display name, as configured in the plugin settings.

Bug fixes

  • Plugin was not capturing user logouts from Ultimate Member plugin profile page.
  • Plugin was reporting wrong directory name in URL in event ID 2101 on a multisite environment.
  • In specific scenarios the plugin reported a custom field name as NULL in event ID 2054.
  • Fixed the broken link to user profile page in event ID 4001.
  • Event ID 4029 (user sent a password request) had the wrong Event Type.

4.3.1.1 (2021-06-28)

Note: this update is only for the premium edition of the plugin.

Bug fix

  • Fixed an issue in which scheduled reports could not be saved, resulting in a critical error.

4.3.1 (2021-06-03)

Improvements

  • Minimum version of PHP required now is 7.0.
  • Added a custom prefix to libraries and dependencies used in the plugin to ensure there are no conflicts.

Bug fixes

  • Corrected logic in code to ensure all sessions are handled and checked when destroying idle sessions.
  • Fixed an issue causing create/expired times in the “Logged in users” view to appear incorrectly.
  • Implemented a missing function without with events were not retreived from the MainWP extension.

4.3.0 (2021-05-20)

Release notes: WP Activity Log 4.3: The new mirroring module & integrations

New features

The new WordPress activity log mirroring module: mirror your website’s activity log in real-time to AWS CloudWatch, Loggly, a log file and several other services.

Improvements

  • The activity log is mirrored to third party services in real-time.
  • Event metadata is included in the CSV reports.
  • The severity levels of the activity log have been mapped to the standard severity levels documented in the RFC.
  • The event metadata in the mirrored activity log events is in JSON format.
  • Event type and Object metadata is included in the mirrored activity log events.
  • Changes by third party plugins for which an extension is available are no longer muted when extension is not installed.
  • Removed border from the first time install wizard (minor UI improvement).
  • Support for X-ORIGINAL-FORWARDED-FOR HTTP header (more info in [support for WAFS & reverse proxies](https://melapress.com/support/kb/wp-activity-log-support-reverse-proxies-web-application-firewalls/))
  • Plugin now is using the new in-plugin pricing page.
  • A much improved default SMS alert and email notification template.
  • Revamped the connections and mirroring wizards and included connectivity tests in them.
  • Improved the external db connection (now it is a persistent connection).

Bug fixes

  • Critical error was being reported when the failed logins notification was triggered.
  • Fixed an unhandled exception which occurred when the free edition was activated on a site where the premium edition was already activated.
  • Events time stamp in emails was not always the same as in the activity log.
  • Event ID 2065 (modified content) was reported unnecessarily after adding a custom field to a post.
  • Event ID 1010 (user requested password reset) was not reported when the password reset was requested from a custom user profile page.
  • In some cases, archiving of the activity log could not be disabled.

4.2.1 (2021-03-16)

Release notes: WP Activity Log 4.2.1: Improved coverage & foundation work for 4.3

Improved activity log coverage

  • ID 6045: User changed the site language
  • ID 4029: Admin initatiated a user password reset

Improvements

  • Improved events definition (prep work for version 4.3).
  • Added the {meta} and {links} tags in email and SMS notifications.
  • Plugin reports email address used in failed login attempt instead of System.
  • Added nonce to daily email notification trigger to prevent possible CSRF issues.
  • Updated some plugin settings so they can be centrally managed from the Activity Log for MainWP extension.
  • Added more user privileges checks in the plugin (better restricted access to users who has read only access to the activity log).
  • Activity log extensions name is now displayed in admin notices.
  • Sorted the activity log extensions in alphabetical order in the plugin UI.
  • Improved the Search filters labels.

Bug fixes

  • Dates in reports were not being translated.
  • Some cron job data was left behind during uninstall.
  • A database entry was left behind during uninstall.
  • Site administrators could see some plugin pages on a multisite network (help and about).
  • Fixed some formatting issues with some of the event IDs.

4.2.0.1 (2021-02-12)

Bug fix

  • Menus sensor causing fatal error when there are changes in a menu (support tickets 1 & 2).

4.2.0 (2021-02-11)

Release notes: WP Activity Log 4.2: Support for all date & time formats & other major updates

New features

  • New date & time module that supports any type of date and time format that WordPress supports.
  • An all new activity log dashboard widget.
  • Added activity log coverage for several new WordPress settings, including automatic updates settings, date and time settings and application passwords.

Improved activity log coverage

New event IDs for changes in posts

  • ID 2129: User added / changed / removed a post’s excerpt
  • ID 2130: User added / changed / removed a post’s featured image

New event IDs for changes in WordPress settings

  • ID 6035: Changed the “Your homepage displays” WordPress setting
  • ID 6036: Changed the homepage in the WordPress setting
  • ID 6037: Changed the posts page in the WordPress settings
  • ID 6040: Changed the Timezone in the WordPress settings
  • ID 6041: Changed the Date format in the WordPress settings
  • ID 6042: Changed the Time format in the WordPress settings
  • ID 6044: User changed the WordPress automatic update settings

New event IDs for application passwords

  • ID 4025: User added / removed application password from own profile
  • ID 4026: User added / removed application password from another user’s profile
  • ID 4027: User revoked all application passwords from own profile
  • ID 4028: User revoked all application passwords from another user’s profile

New event IDs for multisite network settings

  • ID 7007: Enabled / disabled the setting “Allow site administrators to add new users to their site”
  • ID 7008: Changed the value of the Site upload space setting
  • ID 7009: Changed the value of the file size allowed in the site upload space setting
  • ID 7010: Changed the list of allowed file types on the network
  • ID 7011: Changed the value of the maximum upload file size network setting

Other new event IDs

  • ID 1010: User requested a password reset.

Improvements

  • Improved coverage of users logins, logout and failed logins activity on custom login pages.
  • Standardized the text, format and metadata formatting of all the activity log events.
  • Drastically improved the coverage of the activity logs sensors with a number of new event IDs.
  • Redesigned the activity logs extension UI.
  • Support for URL rewrites and page names (correct page title reported even if the page is a URL rewrite).
  • Default activity log SMS notifications template updated.
  • Plugins version numbers are now reported in the activity log (for example when a plugin is updated).
  • Users who hide the plugin from plugins page now get a notification when a plugin update is available.
  • Consolidated the code that generates the activity log messages.
  • Merged the Help and Contact us pages in the plugin menu.
  • Improved the Reports filters queries to address timeout issues on very big websites.
  • Replaced the “SHOW TABLES” queries for much better plugin performance.
  • Removed the “/uploads/wp-activity-log/” directory in the free edition. This is only required in premium edition.
  • Support for CloudFlare HTTP headers – plugin reports correct IP when behind CloudFlare CDN or firewall (more info on firewalls support).
  • Reports, Email & SMS notifications and other modules now fully support metadata which contains the space character. For example the user role Shop Manager.
  • Remove support for custom sensors. Custom event IDs in activity log now only supported via activity log extension plugin.
  • Completely removed the code of the old promotional events (stopped using them in 2017).
  • Removed the request log file setting. The request log file can now be enabled via a filter.
  • Removed the working directory location setting from plugin settings. Instead introduced a new wp-config.php constant: WSAL_WORKING_DIR_PATH
  • Plugin now using WP_CONTENT_DIR instead of ABSPATH were applicable (better supported by WordPress specific web hosts).
  • Added event text to event IDs 1001 and 1001.
  • The system information file now also includes all of the plugin’s settings saved in the wp_options table.
  • Simplified the process that retrieves filnames.
  • Several under the hood performance improvements (removed obsolete code, improved sensors etc.)

Breaking Change

Bug fixes

  • Event ID 1000 (user login) still logged when IP address is excluded.
  • Change in page template was not being logged with event ID 2048.
  • Event ID 2002 was not always reported in some edge cases.
  • Plugin’s directory in uploads was not being created when website was hosted on Flywheel and WordPress.com.
  • Date & time were missing in CSV reports when using some specific date and time formats in WordPress.
  • Super admin role was also shown for administrators on single site setup.
  • Plugin was not showing the correct total of sessions when deleting all sessions.
  • Plugin was generating a PHP error when a network site was deleted.
  • No event was being reported when installing activity log extensions for third party plugins.
  • Plugin installation was not running correctly when installed alongside the Website File Changes Monitor plugin.
  • The setting to configure the number of failed logins to keep a log of was reset to default each time the settings page was saved.
  • Wrong variable was used in licensing notifications, resulting in misleading error responses when license failed to activate.

4.1.5.2 (2021-01-21)

Improvement

  • Replaced Swipebox with Simple Lightbox (compatible with WordPress 5.6)

4.1.5.1 (20201123)

Improvements

  • Updated the Freemius SDK to the latest version
  • Updated the Twilio SDK to the latest version

Bug fix

  • In some edge cases, the time in the reports was incorrect.

4.1.5 (20201104)

Release notes: WP Activity Log 4.1.5: Support for new MainWP settings module & improved coverage

New features

New event ID

  • ID 7012: user changed the network’s users and sites registration settings.

Security fix

  • SQL Injection in external database module reported by WP deeply. Thank you for the responsible disclosure.

Breaking change

  • Removed detection and logging of requests to non-existing URLs (404s). Event ID 6007 and 6023 no longer used in the plugin. This breaking change resulted in a major performance improvement.

Improvements

  • Added Event Type and Object in the activity log reports.
  • Improved the coverage of the login / logout detection sensor.
  • Improved format of “hover over pop-ups” used in the activity log viewer (such as the one to exclude a specific event ID).
  • Moved almost all of the remaining WooCommerce sensor code to the activity log for WooCommerce extension.
  • Improved UX for the front-end sensors settings – options now are available underneath the relevant event ID.
  • Removed redundant code that is now in the WordPress activity log extensions.

Bug fixes

  • Sorting of activity log events not retained in following pages when in pagination mode.
  • Users sessions table was not being created when upgrading from the free to the premium editions of the plugin.
  • Link to exclude custom field in event was broken / not adding the custom field to the exclusion list.
  • Changing the category of a post was not being reported (Event ID 2016).
  • Unkown object was reported in event ID 6034 (purged activity log).
  • Changing password via the WooCommerce account page caused session to remain once user logs out.
  • Users could add multiple identical search filters causing a crash.
  • Users not redirected to the correct list of event IDs after installing the activity log for Yoast SEO extension.
  • Install Extension button in events was broken and not triggering the extension installer.

4.1.4 (20201007)

Release notes: WP Activity Log 4.1.4: New activity log for Yoast SEO extension & improved coverage

New features

New Yoast SEO activity log event IDs

  • 8826: user has enabled / disabled the Redirect Attachment URLs in the Yoast SEO plugin.
  • 8827: Usage tracking has been enabled / disabled.
  • 8828: The REST API: head endpoint setting was enabled / disabled.
  • 8829: The social profile URL was added / modified / deleted.
  • 8830: User changed the taxonomies settings to show in search results.
  • 8831: Changed the SEO title template for a taxonomy type.
  • 8832: Changed the meta description template for a taxonomy type.
  • 8833: Enabled or disabled the display of Author or Date archives.
  • 8834: Configured the plugin to show the Author or Date archived in the search results.
  • 8835: Changed the SEO title template for the Author or Date archive pages.
  • 8836: Changed the Meta description template for the Author or Date archive pages.
  • 8837: Enabled / disabled the setting to show SEO settings for specific taxonomy types.

Refer to the complete list of activity log event IDs for more detailed information.

Improvements

  • Improved the overall coverage and how events of changes in Yoast SEO plugin and YoastSEO metabox are reported.
  • Implemented a single email class that is now used by all email features in the plugin.
  • Updated Freemius SDK to the latest version (2.4.0).
  • Improved the detection mechanism of installed third party plugins used for the activity log extensions notifications.
  • Consolidated all activity log extensions code – now all third party plugins extensions use the same code.
  • Improved the plugin’s activation process on multisite network.
  • Plugin only shows file changes notifications if the Website File Changes Monitor plugin is installed.
  • Plugin prompts user to save unsaved changes in settings page before switching pages.
  • Improved plugin & activity log permissions on multisite network.
  • System information file updated to retrieve settings from the wp_options table.
  • Removed all the obsolete event IDs from the Enable/Disable events section.
  • Updated a number of filters/hooks calls that were calling deprecated ones.
  • Removed all the obsolete code which was used for the old wp_wsal_options table.
  • The handling of disabled event IDs is now done more efficiently, via filters.
  • Improved the session db adaptor which was causing errors in specific edge cases.
  • Branded the notifications for third party plugins extensions and improved the text.
  • Improved the first-time install wizard CSS to correctly display the list of required extensions for third party plugins.
  • Removed event ID 2106 (plugin updated post) and ID 8823 (Yoast SEO date snippet) because they were made redundant.
  • Moved all remaining bbPress code to the Activity Log for bbPress extension.
  • Added check to prevent identical search filters from being saved.

Security fix

  • Improper validation of nonce in plugin. Issue reported by Lenon Leite.

Bug fixes

  • Removed the old version check from the wp_wsal_options table.
  • Reset plugin settings was not deleting all the settings.
  • Reports UI was not loading in a mixed content environment.
  • Unkown object was reported in event ID 6034 (user purged activity log).
  • Custom login page message was not shown in specific edge cases.
  • Addressed a number of errors that were appearing during WooCommerce setup.
  • List of IP addresses in event ID 1005 (users has multiple logged in sessions) was incorrect.
  • Plugin was generating an error when changing the WooCommerce store address on a multisite network.
  • Event ID 1000 reported twice on websites using the OptimizeMember plugin.
  • Third party plugins detection was not detecting all plugins on multisite network.
  • Built-in email notifications couldn’t be disabled after they were enabled.
  • Notifications to install third party plugin extensions were shown in sub sites on a multisite network.
  • Event ID 1000 (user login) was reported even when user was excluded from the logs.
  • Data picker obscured by autocomplete in notifications.
  • Fixed conflict with MyCred plugin; widget sensor was killing ongoing widget requests (support ticket).

4.1.3.2 (20200814)

Improvement

Bug fixes

  • The orders details in WooCommerce were not being added to the order (Support ticket).
  • An empty space was added to the top of the WordPress admin menu.
  • Third party plugins extensions notification not showing in the activity log viewer.
  • Third party plugins extension help text was shown on the wrong pages.

4.1.3 (20200711)

Release notes: New extension for WooCommerce & other updates BREAKING CHANGE: Only update from 4.1.2 to 4.1.3 . If you are using an older version of the plugin, upgrade to 4.1.2 before upgrading to this version.

New features

New activity log event IDs

  • ID 2131: Added relationships in a custom field.
  • ID 2132: Removed relationships from a custom field.
  • ID 9101: Created new product tag in WooCommerce.
  • ID 9102: Deleted a product tag in WooCommerce.
  • ID 9103: Renamed a product tag in WooCommerce.
  • ID 9104: Changed the slug of a product tag in WooCommerce.

Refer to the complete list of activity log event IDs for more detailed information.

Improvements

  • Improved the plugin’s coverage of WooCommerce stores, products, orders etc by adding new events, and updating the current sensor.
  • Plugin now uses the default WordPress options table to store settings (performance enhancement).
  • Refactored all settings in the database so they all use yes/no values.
  • Restricted the plugin’s and activity log settings to the network dashboard only on a multisite network.
  • Change in wp_wsal_sessions table structure: now plugin uses session ID as unique identifier in table.
  • Plugin keeps the ID of the sites a user is logged in to on a multisite network.
  • Removed the Import/Export plugin settings functionality (a much better utility will be designed and launched as a replacement).
  • File changes detected by the Website File Changes Monitor plugin are now reported in the daily summary email.
  • Log files working directory in uploads directory renamed to wp-activity-log.
  • If no path is specified for the log files working directory, the default path is used.
  • Improved activity log privileges – on multisite super admin can restrict site admins from seeing their own site’s activity logs.
  • WooCommerce front end sensor is automatically enabled if admin enables events to track purchases of non-logged in users.
  • Improved the text of the third party plugins extensions notifications.
  • Updated the format of event IDs 9070 and 4020 to matches the standard template.
  • Coverage of WooCommerce coupon changes has been improved andplugin can now keep a log of usage restriction changes in coupons.
  • IP address in list of logged in users is now linked to WhatIsMyIPAddress.com.
  • Added a message for when no sessions are shown in the Logged In users section.
  • Minor changes in the plugin’s settings pages.
  • Updated some notifications used by the third party plugins extensions.
  • Third party plugins extensions are now automatically activated on multsite network when installed.
  • Removed all code that was used for file scanning. Now plugin is fully integrated with Website File Changes Monitor.

Bug fixes

  • Extensions notifications were wrongly shown to sub sites admins on multisite.
  • Event 1002 (failed user login) was wrongly reported when a user session is blocked.
  • When the setting Delete data on uninstall was enabled the plugin was not deleting all the data from the database.
  • Event ID 1002 (failed user login) incorrectly links to log file.
  • Plugin does not send logs to Activity Log for MainWP extension when child site uses a non-default admin URL.
  • Error when loading user session tokens from usermeta table in some cases.
  • Users sessions table was moved to external database when activity log is stored in an external database.
  • Plugin was reporting event ID 1000 (login) when user changes own password in user profile page.
  • Plugin’s log files working directory was hardcoded (uploads directory).
  • When super admins changed the plugin’s settings on a child site, the settings were not applied globally.
  • Users who are allowed to view the activity log can also see who is logged in.
  • The old plugin name was shown on the daily summary email template.
  • Plugin created working directory in wrong location when site address is different than WordPress address.
  • Setup wizard shows all the extensions for third party plugins instead of those for the installed plugins.
  • Wrong anchor text “view post in editor” used for WooCommerce products.
  • Unknown object reported instead of actual Object in some of the WPForms activity log events.
  • Event ID 2080 not reported when the last item was removed from the site menu.
  • Plugin logo missing from license activation screen.
  • Website File Changes Monitor custom posts type changes were reported (these are ignored by default).

4.1.2 (20200624)

Release notes: WP Activity Log fully integrated with Website File Changes Monitor

New feature

Improvements

  • Event ID 6033 now reports when [file integrity monitoring](https://melapress.com/wordpress-file-integrity-scanning-site/) scans start and stop.
  • File changes events in the activity log link directly to the changes reported in Website File Changes Monitor.
  • Log files custom path setting reverts to default path if left empty.

Bug fix

  • Plugin creating the log files outside website directory if Website URL is different than WordPress URL.

4.1.1 (20200611)

Note: this is a premium edition update only

Bug fix

4.1.0 (20200526)

Release notes: New session policies per user roles & other improvements

BREAKING CHANGE

  • The new users sessions management module uses the plugin’s own data. Therefore it will not show the users who have been logged in before the plugin was updated as logged in. They will be shown once they logout and log back in and the new session is created.

New features

  • New WordPress users sessions management module with configurable policies per user role.
  • Setting to configure the log files location (request log file, 6007 and 6023 events).

Plugin improvements

  • Activity log reports now support user roles which have the space character in the name.
  • Removed more legacy code from the plugin (the check for encryption method).
  • Removed old update scripts (for when updating from versions prior to 3.5.2).
  • Moved 10 more plugin settings from the custom table to the wp_options table (performance improvement).
  • Standardized the format of all placeholders in the UI (now they are all using default WordPress format).
  • Removed premium only code from free edition.

Bug fixes

  • Scheduled daily reports included data of the last 24 hours instead of the previous day.
  • Resaving the activity logs archiving settings generated errors (didn’t check if connection was already setup).
  • Issue with the plugin when installed on MainWP child sites (support ticket).
  • Plugin adding Menu entry with no title (used by the wizard).

4.0.4 (20200520)

WP Security Audit Log renamed to WP Activity Log (read the announcement).

4.0.3 (20200416)

Release notes: Update 4.0.3 – Support for WooCommerce 4.0 & new bbPress add-on

BREAKING CHANGE

  • The old individual add-ons are no longer supported.

New features

New activity log event IDs

  • 9105: The stock quantity of a product was changed due to an order.
  • 9085: The WooCommerce setting “Selling location(s)” was changed.
  • 9086: List of excluded countries to sell to in WooCommerce was changed.
  • 9087: List of countries to sell to in WooCommerce was changed.
  • 9088: The WooCommerce setting “Shipping location(s)” was changed.
  • 9090: The WooCommerce setting “Default custom location” was changed.
  • 9091: The “Cart page” in the WooCommerce settings was changed.
  • 9092: The “Checkout page” in the WooCommerce settings was changed.
  • 9093: The “My Account page” in the WooCommerce settings was changed.
  • 9094: The “Terms & conditions page” in the WooCommerce settings was changed.

Improvements

  • Improved the coverage of the WooCommerce activity log sensor.
  • WooCommerce sensor now detects changes done from the new WooCommerce Admin interface.
  • Event 9029 (WooCommerce store base location change) now reports both the old and new address.
  • Updated WooCommerce sensor to detect all the changes in tax options (event IDs 9078 – 9081).
  • Changed the event type from Modified to Renamed in the events where in which the object is renamed.
  • “Plugins” is reported instead of a username when a change is done automatically by a plugin.
  • Improved the activity logs external database connection test during connection setup.
  • Removed obsolete code which was only used in previous versions from the defaults.php file.
  • Improved event ID 2055 (deleted custom field) so it is not reported when a custom field is deleted autoamtically due to the post being deleted.
  • Removed redundant filters wsal_event_type_text and wsal_event_object_text.
  • Moved 10 plugin settings to the WordPress options table as part of the plugin improvement project.
  • External database connector now reports actual MySQL error for improved troubleshooting.
  • All the changes done to a bbPress forum or topic are reported, even when done at the same time.

Bug fixes

  • Event ID 8808 not firing when Cornerstone article setting is enabled or disabled in a post.
  • Event ID 9066 not firing when the expiry date of a WooCommerce coupon is changed.
  • Plugin reporting event ID 2001 instead of 5019 when a plugin automatically creates posts.
  • Fixed a minor compatibility issue in the Hide plugin functionality (support ticket).
  • Event ID 9063 reported instead of event ID 9071 when reporting a WooCommerce coupon change.
  • Events ID 1005 (multiple sessions detected) and 1007 (user terminated another user’s session) were only working when front-end sensor was enabled.
  • Activity logs view buttons link to first site on network instead of network dashboard on multisite network.
  • Error reported when the role property was undefined.
  • Fixed a PHP 7.3 compatibility issue (support ticket).

4.0.2 (20200228)

Security fix

  • Added authentication check for the first-time install wizard. This addresses an edge case in which if the wizard was never completed by the user, unauthenticated users could run the wizard and give access to the plugin settings to WordPress users.

Improvements

  • Removed the setting / functionality to allow access to users with non-admin role to the plugin settings. Now users who require access to the plugin settings need to have the admin role.
  • Removed the “activity log view access” and the “exclude objects” steps from the install wizard. These are advanced settings.
  • Check the role of users trying to import settings file and deny if it does not have admin role.

4.0.1 (20200213)

Release notes: Announcing activity logs for WPForms & add-ons in 4.0.1

New features

Improvements

  • Updated event IDs 2123, 2062, 2084, 9077 and 9071 so they now use the “Renamed” event type.
  • Updated the activity log severity levels definitions in defaults.php.
  • Updated / improved some of the help text messages.
  • Plugin does not automatically retrieve the IP addresses and latest change of logged in users if there are 100+ sessions (performance improvement).
  • Localized text in JS files.
  • Started removing obsolete code.

Bug fixes

  • Only the path of the added, modified or deleted file was reported in daily summary email.

4.0.0 (20200108)

Release notes: The all new more comprehensive, yet easier to read WordPress activity log

New features

Improvements

  • Updated the severity levels of all activity log events.
  • Updated the Freemius SDK to version 2.3.2.
  • Included the two new metadata types in the email notification templates (event type and object metadata).
  • Added a notification to refresh search when the filters change.
  • Added several new reference links in the plugin’s help text.

Bug fixes

  • Addressed a warning message in the logs generated by the connector when using PHP 7.4.
  • Fixed an issue which was triggered when using the User Switching filter hook.
  • Few spelling mistakes in the plugin’s UI and settings pages.

3.5.2 (20191126)

Release notes: New filter hooks & better support for Custom Post Types on multisite networks

New filter hooks

Improvements

  • Updated database queries to better support MySQL 8.
  • New setting to enable/disable milliseconds in timestamps.
  • New option in wizard to enable the WordPress activity log mirror once set up.
  • Added the wsal_ prefix to all cron jobs (standardization).
  • Fine tuned the WooCommerce activity log sensor to report only the necessary events when there are coupon changes.
  • Updated the WordPress activity log custom events API to only require one sensor on a multisite network.
  • Removed old version specific checks used during upgrades.
  • Daily summary email now includes more accurate user logins details.

Bug fixes

  • Custom post types on sub sites were not recognized on multisite network install.
  • Background events were not being excluded from the logs even when the plugin is configured to exclude them.

3.5.1 (20191024)

Release notes: New filters & sorting in the activity log viewer & other improvements

New Feature

  • Filters and sorting capabilities added to the Severity column in the activity log viewer.

Improvements

  • Improved the way data is reported in some WooCommerce activity log events.
  • Added more links to the plugin documentation in the settings pages.
  • Improved the reporting of Event ID 2022 (date change), it is no longer reported with every change on draft post.
  • Improved user logout detection to detect logouts when using plugins such as Login and Logout Redirect.

Bug Fixes

  • Multiple events reported when a new post is saved with the Classic Editor.
  • List of failed logins IP addresses not displayed properly in daily email when using outlook.
  • Fixed compatibility issue with the Newspaper news theme.
  • Removed incorrect use of parameter in add_submenu_page (credits: Chris Van Patten).

3.5 (20190912)

Release notes: New configurable front-end sensors & improved wizard

New Features

  • 3 new front-end sensors that can be individually enabled / disabled individually (used for front end activity, such as logins from non-default WordPress login page).

Improvements

  • Improved the hide plugin feature: number of installed plugins is also adjusted when plugin is hidden.
  • Added new steps in the wizard to help users configure the front-end sensors when they install the plugin.
  • Plugin keeps log of stock changes when orders are placed manually or items in orders are changed WooCommerce Activity Log.
  • Removed event ID 2126 (visitor posted a comment): noticed almost all users disable it since this is trivial information / change.

Bug Fixes

  • Plugin was not reporting correct product name & stock quantity when WooCommerce Tab Manager was installed.
  • Mirroring cron jobs not firing / not copying logs to mirror.
  • Unhandled error when using custom login pages.

3.4.3 (20190828)

Release notes: Front-end plugin performance improvements & MainWP extension support

New Features

  • Improved the plugin performance by five fold.
  • Added coverage of WooCommerce product changes done with Admin Columns Pro.
  • Support for the new Search and Reports features coming up in the Activity Log for MainWP extension.

Plugin Improvements

  • Improved log coverage of WooCommerce products – plugin keeps log of changes done to products via quick edit.
  • Improved log coverage of draft posts – now plugin reports the details of changes on draft posts.
  • Added report title in HTML reports.
  • Maximum number of logged in user sessions the plugin retrieves is now be configured.
  • Removed plugin branding from WordPress activity log HTML reports and automated emails.
  • Removed a number of redundant files from old premium extensions.
  • Events in activity log dashboard widget have been shortened for better readability.
  • Removed broken links from 404 error email notifications.

Bug Fixes

3.4.2 (20190717)

Release notes: Update 3.4.2 – Plugin UX & Performance Improvements

New Feature

Plugin Improvements

  • Optimized the database queries used for search and filters (30x faster!).
  • Improved tracking of mirrored events to avoid mirroring duplicate events.
  • Specific error messages that help you troubleshoot are now shown when integrating Twilio for SMS notitications.
  • Plugin shows warning to install Activity Log for MainWP when installed on MainWP website.
  • Added website URL in default email notifications for WordPress.
  • MySQL response errors are now displayed when configuring an external database connection.
  • Improved the first time install message about non-sensitive diagnostic data.
  • Width of first install wizard prompt is responsive.

Bug Fixes

  • Plugin logs an error when a non exising WooCommerce page is requested (HTTP 404).
  • Handling of infinite loop when Freemius API is unavailable during plugin first install.

3.4.1.1 (20190701)

Minor Update

  • Updated the Freemius SDK to address an issue introduced because of a core change.

3.4.1 (20191605)

Release notes: New plugin settings import/export tool & hooks for theme developers

New Features

  • Tool to export and import plugin configuration & settings.
  • Exclude range of IP addresses from the activity log.
  • New hooks for theme developers to display the custom login messages the plugin shows when multiple user sessions are blocked.
  • New hook to add a list of hidden meta keys the plugin should keep a log of.

Plugin Improvements

  • First time plugin use texts is now easier to read and much shorter.
  • Added support for more time & date formats in the activity log reports for WordPress.
  • Improved content sensor – previously reporting events not necessarily needed (background processes)
  • Removed hardcoded paths from the WordPress file integrity scanner. Removed Sites filter from activity log viewer – made redundant by the site selector drop down menu.

Bug Fixes

  • Multiple events reporting the same thing generated when user changes WooCommerce shipping / billing address.
  • Updated incorrect tags used in test SMS message.
  • Event 2002 (modified post) reported even when there is a specific change event ID.
  • Event 2016 (plugin modified post) reported whenever a post is updated by user.
  • External database connection cannot be deleted because it is marked in use even when not.
  • Plugin generating error when set_user_role is set to NUL in request.
  • Infinite scroll stops working on Firefox (intermittent issue).

3.4.0.1 (20190410)

Bug Fixes

  • Backward compatibility issue for PHP 5.4.
  • Fix for activity log page search extension check function.

3.4 (20190403)

Release notes: Announcing SMS Notifications for the WordPress activity logs

New Features

  • SMS notifications for the WordPress activity logs (integration with Twilio).
  • Integration with Bit.ly to shorten URL in SMSs.
  • Added buttons to test email and SMS notifications.
  • Support for User Switching plugin.

New Activity Log Event IDs

  • Event ID 1008: user logged in as another user.
  • Event ID 9083: user changed the billing address (WooCommerce activity log).
  • Event ID 9084: user changed the shipping address (WooCommerce activity log).

Plugin & Features Improvements

  • Added more pre-configured SMS & email notifications.
  • Improved all sensors to also detect changes that are not done via the dashboard.
  • Optimized some metadata database queries (reduced qeuries by 75%).
  • Improved the content sensor (better detection of content changes).
  • Optimized the database query that fetches list of logged in users.
  • Removed email notifications wizard.
  • Standardized all tabs and titles in the Emails & SMS Notifications feature.
  • Improved the help text in the Emails & SMS Notifications feature.
  • Removed the limit of 5 criteria in the notifications trigger builder.
  • Removed declaration of emails’ Mime-type – this is automatically set so there is no need for it.

Bug Fixes

  • WooCommerce order name was not reported in event ID 9040 (changed order detail) in some edge cases.
  • Maximum execution time configured in the WordPress activity log reports engine now is only used when generating a report.
  • CSV reports were not being generated.
  • Audit trail auto refresh was not working when using infinite scroll viewer option.
  • Plugin reporting event 9032 (disabled use of WooCommerce coupons) by mistake.
  • Event IDs 2046 and 2051 were not being reported when files were modified via the editors.
  • Plugin reporting event 2002 when there were changes in a post’s Yoast SEO metabox.
  • Removed all reference to obsolete plugin setting: wsal-archiving-date-e.
  • Admins on multisite child sites could see the activity logs of other sites.
  • Event ID 2073 (post submitted for review) was not being reported in Gutenberg.
  • Event 2074 (scheduled post) was not being reported in Gutenberg.

3.3.1.2 (20190226)

Release notes: Activity log coverage for WooCommerce variable product changes

New WooCommerce Store Settings Events

  • ID 9078: Changed the option to include / exclude taxes in product prices.
  • Event ID 9079: Changed the option on what type of shipping to calculate tax on.
  • Event ID 9080: Changed the shipping tax class.
  • Event ID 9081: Enabled / Disabled the rounding of the sub total.
  • Event ID 9082: Added / Deleted / Modified a shipping zone on WooCommerce.

Plugin Improvements

  • Better handling of plugin activation on multisite – plugin can only be activated from the network dashboard.

Security Fix

  • Updated Freemius SDK which includes a security fix.

3.3.1.1 (20190207)

New Feature

Plugin Improvements

  • Improved the search filters – now they are 600% faster!
  • Improved user session handling to better handle >1,000 sessions.
  • Replaced PHP severity with event log severity in the list of Events.

Bug Fixes

3.3.1 (20190129)

Release Notes: Major improvement in WooCommerce coverage

New Events for WooCommerce Orders

  • ID 9035: New order placed in WooCommerce.
  • ID 9036: Changed the status of a WooCommerce order.
  • ID 9037: Moved a WooCommerce order to trash.
  • ID 9038: Restored a WooCommerce order from the trash.
  • ID 9039: Permanently deleted an order.
  • ID 9040: Changed the orders details.
  • ID 9041: Refunded a WooCommerce order

New Events for WooCommerce Product Admin & Attributes Changes

  • ID 9042: Changed the catalog visibility of a product.
  • ID 9043: Changed the Featured product setting of a product.
  • ID 9044: Changed the allow backorders setting of a product.
  • ID 9045: Changed the the Upsells of a product.
  • ID 9046: Changed the Cross-sells of a product.
  • ID 9047: Added a new attribute of a product.
  • ID 9048: Modified the value of a product attribute.
  • ID 9049: Renamed a product attribute.
  • ID 9050: Deleted a product attribute.
  • ID 9051: Changed the visibility of a product attribute.

New Events for WooCommerce Categories

  • ID 9052: Deleted a product category.
  • ID 9053: Changed the slug of a product category.
  • ID 9054: Changed the parent of a product category.
  • ID 9055: Changed display type of a product category.
  • ID 9056: Changed the name of a product category.

New Events for WooCommerce Payment Gateways

  • ID 9074: Enabled a payment gateway.
  • ID 9075: Disabled a payment gateway.
  • ID 9076: Modified a payment gateway.

New Events for WooCommerce Coupons

  • ID 9063: Published a new coupon.
  • ID 9064: Changed the discount type of a coupon.
  • ID 9065: Changed the coupon amount.
  • ID 9066: Changed the coupon expire date.
  • ID 9067: Changed the Usage Restriction settings of a coupon.
  • ID 9068: Changed the Usage Limits settings of a coupon.
  • ID 9069: Changed the description of a coupon.
  • ID 9070: Changed the status of a coupon.
  • ID 9071: Renamed the WooCommerce coupon.

New Events for WooCommerce Attributes

  • ID 9057: User created a new attribute.
  • ID 9058: User deleted an attribute.
  • ID 9059: User changed the slug of an attribute.
  • ID 9060: User changed the name of an attribute.
  • ID 9061: User changed the default sort order of an attribute.
  • ID 9062: User enabled/disabled the option Enable Archives of an attribute.

New Features

  • Email notification to site admin when the plugin is deactivated.
  • New setting to control refreshing of the live notifications in the admin bar.
  • Three new hooks in the activity log plugin that allow for event data manipulation.

Plugin Improvements

  • Major performance enhancement to the Event Viewer
  • Updated the text of some settings.
  • Events severity are now saved as meta data (we can now build filters for them).
  • Added the product status in all WooCommerce events.
  • Event 9011 (modified draft WooCommerce product) made obsolete with event 9010.
  • Event 9020 changed to report the different product types (simple, grouped, external, variable, downloadable, virtual)
  • Updated Freemius SDK
  • Better handling of incorrect database privileges when installing plugin.
  • Excluded the default WordPress cache directory from the default WordPress site File Integrity Scans.

Bug Fixes

  • Events 2027 and 2011 incorrectly logged hen saving a draft post in Gutenberg.
  • Plugin logged event 5019 by mistake when the front end editor of WP Bakery was used.
  • When files bigger than the file size limit were scanned for the first time the plugin wrongly reported them as modified.
  • In some cases where WordPress was not upgraded to 5.0 the plugin was not recognizing content changes.

3.3.0.1 (20181226)

New Feature

  • A setting to configure the number of logged in sessions the plugin retrieves when checking for logged in sessions.

Plugin Improvements

  • Improved handling of logged in users sessions data.
  • Terminate All Sessions button now also purges sessions data from the WordPress database.
  • Improved the events for when saving a draft post in the Gutenberg editor.
  • Checks for the Papertrail activity log mirroring connectivity improved.

Bug Fixes

  • Fixed an issue in which the plugin was sending two daily activity log summary. * Removed code for backward compatibility but was not PHP 7.2 compatible (Support Ticket). * Updated the list of website visitor events in Enable/Disable events section. * Fixed an issue with the auto refresh of users sessions.

3.3 (20181213)

Release notes: Slack integration, new external connections UI and performance update.

New Features

Plugin Improvements

  • Maximum file size for WordPress file integrity scans is now configurable.
  • Updated the Freemius SDK to 2.2.2 (addresses a MainWP conflict fix).
  • Plugin access can now be restricted to super administrators only on a multisite network.
  • Multiple scan started / stopped events per directory merged into one.
  • Added 1 and 4 hours option to terminate idle users sessions setting.
  • Plugin now always keeps a log a post updates, even if update is not done via the editor.
  • Better handling of terminated users sessions (in hung state, blocking legit logins).
  • Access to plugin now can be restricted to super admin role on multisite networks.
  • User info in daily activity log summary email is now variable – the same as configured in the plugin settings.
  • Limited Freemius user messages to users who can view & manage the plugin.
  • Added support for a dot in the time format (e.g: d.-m-Y G:i)

Bug Fixes

  • Better handling of data from the REST API (Support ticket).
  • Fixed: two daily activity log emails were being sent instead of one.
  • Restricted the starter license (had access to some pro features).
  • Fixed a number of minor warnings when running the plugin on PHP7.
  • Logins when using the Two-Factor plugin are now logged properly.
  • Fixed – first time setup wizard prompt not always showing.

3.2.5 (20181115)

Release notes: Announcing Activity Log for Main WP extension

New WordPress Activity Log Events

New Functionality

Bug Fix

  • Fixed an issue in the licensing which allowed users with Starter plan to access features from the professional plan.

3.2.4 (20181004)

Release Notes: Update 3.2.4 – Activity Logs for Gutenberg and more.

New Features

Plugin Improvements

  • Revamped the Users management module and settings – part of the easy to use updates.
  • Error message for blocked simultaneous users sessions can now be configured.
  • Updated the order of the plugin menu entries to a more convenient one.
  • Invalid usernames used in failed logins are now kept for 30 days in the database.
  • Improved WordPress menu sensor – added coverage and improved accuracy.
  • Changed Event Code to Event ID in email notifications trigger builder.
  • Improved MainWP Child Site Stealth Mode for premium edition.
  • Sidebar admin notification on first install now only shown to the first user accessing the activity log.
  • Removed in activity log adverts.
  • Updated top banner adverts in activity log – now users can hide them.
  • Updated WordPress icon used to report system events in activity log.

Bug Fixes

  • Added support for arrays in ACF – Support Ticket
  • Handled an exception error in which user has same event ID. Now instead plugin shows an show error and disable custom sensor.
  • Fixed an issue in which the startup wizard was shown twice on the free edition of the plugin.
  • Fixed an issue in which reports were not generated because of non-standard paths.

3.2.3.3 (20180912)

Release notes: Update 3.2.3.3 for WP Activity Log Released

New Feature

New WordPress Activity Log Events

Plugin Improvements

  • Added sub categories to Enable/Disable Events section to segregate long lists.
  • Improved the sensor for the detection of plugins activations and deactivations.
  • Removed the startup wizard from upgrade – now only triggered on new installs.
  • Improved the premium trial message with a Start Free Trial button.
  • Added notification response to purging old data from the event log manually.
  • Added a pop-up notification to confirm activity log level was applied successfully.
  • Improved error messages in the Exclude Objects setting page.
  • Removed Mcrypt completely (was previously used for external DB connection).
  • Updated the Freemius SDK to the latest version.
  • Removed use of GLOB_BRACE – it is no longer needed.

Bug Fixes

  • Fixed an issue in which notifications with specific post IDs was not working on multisite.
  • Fixed some security issues highlighted by RIPS tech.
  • Removed nodes of premium features for users who have VIEW ONLY access to the WordPress activity log.

3.2.3.2 (20180817)

Bug Fix

  • Fixed a backward compatibility issue in which the setup wizard was wrongly restricting plugin access.

3.2.3.1 (20180815)

Bug Fix

  • Fixed a compatibility problem with WordPress running on IIS and Windows Server.

3.2.3 (20180813)

New Features

Plugin Improvements

  • Performance improvement: optimized the logic of the plugin sensors to load only required ones during user action.
  • Redesigned all the settings pages and included more help text, making them more user friendly.
  • Added links to plugin knowledge base where possible in the plugin settings.
  • Improved the WordPress activity log pruning setting so now it is possible to configure retention based on a period of time.
  • Database improvement: changed the option_value column in the plugin tables to long text.
  • WordPress website file changes results are now stored in the plugin’s options table.
  • Improved the list of excluded file extensions in the WordPress file changes scanner.
  • Added sorting in the logged in WordPress users view.
  • Added more checks to ensure opt-in and other plugin messages are shown when needed only.
  • Removed affiliate network message in plugin.

Bug Fixes

  • Fixed an issue where stored passwords might have been changed because of change from Mcrypt to OpenSSL.
  • Fixed an issue in which retention settings were reset when moved to archiving settings.

3.2.2.1 (20180801)

Bug Fix

  • Fixed an issue with an incorrect opt-in prompt from the SDK

3.2.2.1 (20180718)

Bug Fix

  • Fixed issues related to Freemius SDK path

3.2.2 (20170717)

Release Notes: WP Activity Log version 3.2.2 released

New activity log event IDs

  • Event ID 9072: User opened WooCommerce product in editor
  • Event ID 9073: User viewed WooCommerce product

New Features

  • Support for MainWP – plugin keeps a log of changes done on websites from MainWP dashboard.
  • Added new option to allow users to trial the premium edition for free.
  • Added built-in email notifications for WordPress file changes.
  • Created buffer for external database to cater for slow connections.
  • Retention settings for WordPress activity logs archives.
  • Setting to exclude non-existing URLs so they are not reported in the WordPress activity logs.
  • System info module that captures diagnostic data into a log file required by support.

Plugin Improvements

  • Ability to exclude directories from the WordPress file integrity scanner.
  • Increased file size limit to 5MB in the WordPress file integrity scanner.
  • Monitoring sensors now only loaded if source being monitored is active / installed (performance enhancement)
  • Views will not be loaded unless accessed (performance enhancement)
  • Updated HTTP 404 errors detection sensor to use $wp_query (fallback to $_SERVER global array)
  • New setting to exclude the logging of automated changes to WooCommerce products’ stock.
  • Sub sites admins on multisite networks can now see who is logged in to the websites they administer.
  • Updated exclusion settings to allow users to exclude any post type from the logs.

Bug fixes

  • Added a check on post type value to handle an unhandled error.
  • Updated Search filters to handle role names and role slugs (e.g. shop-manager and shop manager).
  • Fixed issue in which database selection (archive or live DB) was not stored properly.
  • Fixed issue where activity log viewer was auto refreshing to page one automatically when browsing other pages.

3.2.1 (20180605)

Improvements

3.2.0 (20180605)

Release Notes: WordPress file changes warnings & more in WP Activity Log 3.2

New Features

New Activity Log Event IDs

  • 6028 – A file on the website has been modified
  • 6029 – New file has been created on the website
  • 6030 – A file was deleted from your website
  • 6031 – File too big to scan (2MB).
  • 6032 – File changes scan limit reached (1M files)

Plugin Improvements

  • Performance enhancement – storing table names in sentients so they are note retrieved every time they are required.
  • Improved the built-in WordPress email notifications for content.
  • Changed the Freemius opt-in / opt-out screen to non compulsory.
  • Updated WhatIsMyIpAddress.com link to HTTPS so traffic is now encrypted.
  • Added notification on new installs to point out to users where to find the WordPress activity logs.
  • Updated Freemius SDK (now GDPR compliant)

Bug Fixes

  • Fixed issue in which the archive / live activity log database was not being saved properly.
  • Fixed issue in WooCommerce activity log – Alert 2053 was being reported instead of 9001 when a new product is published.
  • Fixed issue in WooCommerce product SEO change – wrong event was being reported.
  • Fixed issue where sorting activity logs events by IP address which tripled the entries displayed in the log.

3.1.7 (20180430)

Release Notes: New data inspector for the WordPress activity log & external database buffer

New Features

Plugin Improvements

Bug Fixes

  • Plugin now records WooCommerce product stock changes done by plugins such as Bulk Stock Management
  • Fixed a reported performance issue. Now plugin activity log refreshes every 20 seconds.

3.1.6 (20180416)

Bug Fix

  • Fixed an issue in the Freemius SDK – mutisite opt-in was not working.

3.1.5 (20180405)

New Features

Activity log alerts for Yoast SEO

  • 8801: Changed the SEO title
  • 8802: Modified SEO description
  • 8803: Changed the option Allow Search engine to show post in search results
  • 8804: Changed the option Search Engine follow links
  • 8805: Set the Meta Robots Advanced setting
  • 8806: Changed the canonical URL
  • 8807: Changed the focus keyword
  • 8808: Changed the cornerstone article option
  • 8809: Changed title separator in Yoast SEO plugin settings
  • 8810: Changed the Homepage Title
  • 8811: Changed the Homepage Meta description
  • 8812: Changed the Knowledge Graph setting
  • 8813: Changed the option Show Posts / Pages / Attachments in Search Results
  • 8814: Changed the Posts / pages / Attachments title template
  • 8815: Changed the SEO Analysis setting
  • 8816: changed the Readability analysis setting
  • 8817: Change the cornerstone content plugin setting
  • 8818: Changed the Text link counter setting
  • 8819: Changed XML Sitemaps setting
  • 8820: Changed Ryte Integration setting
  • 8821: Changed the Admin bar menu setting
  • 8822: Changed the Posts / Pages / Attachments meta description template
  • 8823: Changed the option Date in Snippet Preview for Posts / Pages / Attachments
  • 8824: Changed the option Yoast SEO Metabox for Posts / Pages / Attachments
  • 8825: Changed the setting Security: no advanced settings for authors

Updates

  • List of logged in users uses displays either first & last name or username.
  • Automated changes in WooCommerce product stock quantity and statuses done by plugins or order placements are now recorded.
  • Added checks for when the plugin cannot retrieve the latest change of a session to report in the logged in users section.

3.1.4 (20180323)

Improvement

  • Reintroduced the functionality to download 404 error log files from activity log.

Bug Fix

  • Freemius addressed multiple issues in SDK for WordPress multisite (updated SDK)

3.1.3 (20180319)

Improvements

  • Reintroduced the count of failed logins for non WordPress users.
  • Reintroduced the setting to limit the number of failed logins by non WordPress users the plugin should keep a log of.
  • Improved the formatting of the log file for usernames used in failed logins.

Bug Fix

  • Fixed issue where new restrictions in The plugin uploads directory broke the custom alerts.

3.1.2 (20180316)

Security Improvement

  • Moved failed logins logs to the database
  • Added index.php and .htaccess files to the plugin upload directory

3.1.1 (20180313)

Release notes: WP Activity Log 3.1.1 – Improved Multisite Support

New WordPress Activity Log Alert

  • Alert 2126: Website visitor posted a comment (segregated from alert 2099 which was used for both logged in users and website visitors).

New Features

  • Logging of user role change at WordPress multisite network level.
  • New site selection menu for opting-in to sending diagnostic data or activating licenses on WordPress multisite network installations.
  • New account page for installs on multisite network.

Improvements

  • Logging of posting of comments from logged in users and website visitors now reported by different alerts.
  • Improved the logging of multiple post changes that were done at the same time on a post / page / post with custom post type – previously only the last change was being reported.
  • Post Type selection menu in Email Notifications is not automatically populated on multisite network install so users can specify their custom post type.
  • Changed severity of alerts 6007 and 6023 (404 errors) from High to Notification.
  • Improved the plugin menu node for sites on multisite network (added messages on nodes users do not have access to, removed nodes that admins on sites should not have access to).
  • Added responsiveness to the Archive Now and Mirror Now buttons in the integration tools.
  • Added product name in alert 9019 (when product stock quantity is updated in WooCommerce).

3.1.0 (20180228)

Release Notes: WP Activity Log 3.1 Released

New Features

  • Added Post Status and Post Type in alerts.
  •  Consolidated all Posts / Pages / Custom Post alerts.
  • Added Post Status and Post Type filters in search.
  • Added Post Status and Post Type criteria in Email Notifications trigger builder.
  • Added Post Status and Post Type criteria in Reports.
  • Fallback system for display names – when user does not have first and last name, the username will be used.

Improvements

  • Improved the priority of the plugin’s hooks so logins from custom forms are captured (e.g. better support for Restrict Content PRO and similar plugins).
  • Improved the UI of the Enable/Disable Alerts section.
  • Changed the column Type to Severity in Audit Log viewer.
  • Better handling of errors and variables during plugin activation.
  • Consolidated Post ID, Page ID and Custom Post ID in just Post ID in Email notifications trigger builder.
  • Improved the look & feel of the login page notification (GDPR compliance).
  • Improved the UI and queries used for the Users Sessions management.
  • Added the IP address requesting the non-existing page in the 404 log files.
  • Users can now specify the number of 404 and failed login alerts before being alerted in the built-in alerts section.

Bug Fixes

  • Removed a Disable All Logging option from plugin settings – was redundant.

3.0.1 (20180201)

New Features

  • Added a new editable message on the login page to alert users that their changes are logged (plugin is now GDPR compliant).

Improvement

  • Changed the name of a setting from Security Alerts Pruning to Audit Log Retention (GDPR compliance).

Bug Fixes

  • Updated Freemius SDK – Freemius was not firing on new installs.
  • Fixed an issue where a URL was reported as NULL in email alerts (PREMIUM).
  • Removed promo alerts when premium add-ons are installed.

3.0 (20180116)

New Features

  • Added Freemius to the plugin (opt-in is optional)
  • Code changes to support new licensing model Message for blocked users sessions can now be edited (PREMIUM)

New Alerts

  • Alert 9034: Enabled / Disabled the option Cash on Delivery in WooCommerce
  • Alert 6024: Changed the WordPress address (URL)
  • Alert 6025: Changed the site address (URL)

Improvements

  • Fixed escaping issues, improved security and the code of the plugin up to latest WordPress standards.
  • Improved the Data Retention option (Alerts Pruning). Now users only have to specify the number of months.
  • Added option to view Tag in all Tag alerts.
  • Plugin now stores Post ID, Type, Status and Created Date records for every post. Capturing of such data is important for future updates.

Bug Fixes

  • Fixed an issue where users with view activity log privileges could disable alerts from the hover over option.
  • Fixed broken links in notification emails (PREMIUM)
  • Fixed a security issue reported by Jahan Khan

2.6.9.1 (20171027)

Bug Fix

  • Fixed a syntax issue in the code that was affecting installs on PHP lower than 5.4.

2.6.9 (20171026)

New Audit Trail Alerts for logging of Tag changes

  • Alert 2119: User added tag to a post
  • Alert 2120: User removed a tag from a post
  • Alert 2121: User added new tag on WordPress
  • Alert 2122: User deleted a tag from WordPress
  • Alert 2123: User renamed a tag
  • Alert 2124: User changed the slug of a tag
  • Alert 2125: User changed the description of a tag

New Audit Trail Alerts for logging of User Profile Changes

  • Alert 4017: Changed the first name of a user
  • Alert 4018: Changed the last name of a user
  • Alert 4019: Changed the nickname of a user
  • Alert 4020: Changed the display name of a user

New Functionality

Improvements

  • Drop down menu to select number of alerts to display in Audit Log Viewer now has only fixed numbers.
  • Renamed first column to Alert ID (standardising text in plugin)
  • New French translation by Denis Moscato

2.6.8 (20170919)

Improvement

  • Improved the sensor for custom post types so posts with NULL value or other temp custom posts are not reported. This was reported in several support tickets; here, here and here.

Bug Fix

  • Add a new check to ensure the object is of WP_Post class (Support Ticket)

2.6.7 (20170909)

Improvements

  • Added a new property in WSAL main class to store the current plugin version.
  • Added a new function in WSAL main class to define constants (to be used throughout the plugin)
  • Improved the code formatting in AuditLog.php

2.6.6 (20170830)

New Audit Trail Alerts

  • Alert 4015 for when a user creates a custom field in a user profile.
  • Alert 4016 for when a user updates a custom field value in a user profile.

New Feature

  • Logging of changes in custom fields (in posts, pages, custom post types, user profiles) created by Advanced Custom Fields (ACF) or similar plugins.
  • New option to show either the Username or Firstname and Lastname of the user in the Audit Trail.

Improvements

  • 404 errors logfiles are now saved in /uploads/wp-security-audit-log/404s/ directory.
  • Changed the 404 errors logfile name format to [alert]_[yyyymmdd].log. Thanks to Enable Security for PoC of vulnerability and advise.
  • Removed link to view post from Alerts about permanently deleted posts (2008, 2009, 2033).
  • Added tooltip for filter via IP address.

Bug Fix

  • Fixed an issue where the viewing of content was not being logged when Yoast SEO is installed.

2.6.5 (20170718)

New Audit Trail Alerts

  • Alert 1007 for when an administrator terminate’s a logged in session using the Users Sessions Management Add-On
  • Alert 6023 to log 404 HTTP errors (requests to non-existing pages) by website visitors (non WordPress users)

Improvements

  • Seggregated the logging of 404 HTTP Errors by who generates them. Alert 6007 for logged in users, 6023 for anonymous website visitors.
  • Improved the logging of Alert 4014 so it is not reported every time a user’s profile page is reloaded with a refresh or when a change is applied.
  • Removed the wsal_wp_session cookie, which was used to store the selected database when archiving of activity log alerts is enabled. Using LocalStorage instead.
  • Replaced mcrypt (deprecated in PHP 7) with OpenSSL. Mcrypt still used temporarily to convert configured password. Will be removed completely in future updates. (Support Ticket)

2.6.4 (20170601)

New Features

  • Added a number of queries in the plugin to support the new version of the Reports Add-On.

2.6.3 (20170503)

Security Update

  • Updated third party session libraries to a more secure version

2.6.2 (20170422)

New alerts to record actions & profile changes

  • 1006: User logged out all other sessions with the same username
  • 4014: User opened the profile page of another user

New alerts to record post and page specific settings changes

  • 2111: Disabled Comments / Trackbacks and Pingbacks on a published post
  • 2112: Enabled Comments / Trackbacks and Pingbacks on a published post
  • 2113: Disabled Comments / Trackbacks and Pingbacks on a draft post
  • 2114: Enabled Comments / Trackbacks and Pingbacks on a draft post
  • 2115: Disabled Comments / Trackbacks and Pingbacks on a published page
  • 2116: Enabled Comments / Trackbacks and Pingbacks on a published page
  • 2117: Disabled Comments / Trackbacks and Pingbacks on a draft page
  • 2118: Enabled Comments / Trackbacks and Pingbacks on a draft page

New alerts to record WordPress site-wide settings changes

  • 6008: User enabled / disabled the option Discourage search engines from indexing this site
  • 6009: User enabled / disabled comments on all the website
  • 6010: User enabled / disabled the option Comment author must fill out name and email
  • 6011: User enabled / disabled the option Users must be logged in and registered to comment
  • 6012: User enabled / disabled the option to automatically close comments after [X] days
  • 6013: User changed the value of the option Automatically close comments from [X] to [X] days
  • 6014: User enabled / disabled the option for comments to be manually approved
  • 6015: User enabled / disabled the option for an author to have previously approved comments for the comments to appear
  • 6016: User changed the number of links from [X] to [X] that a comment must have to be held in the queue
  • 6017: User modified the list of keywords for comments moderation
  • 6018: User modified the list of keywords for comments blacklisting

Plugin Improvements

  • URL of content in alert is no longer truncated. Now it will be reported in full
  • Organised the alerts in Enable/Disable Alerts section in categories and sub categories, thus they are easier to find
  • Plugin no longer links to a non-existing log file when 404 logging is switched off
  • Added additional checks for when using the function wp_Sessions_register_garbage_collection, which was causing a conflict with another plugin

Bug Fixes

  • Fixed an issue in which the plugin was changing the titles of WooCommerce product pages for logged in users (ticket)
  • Fixed an issue in which plugin was unable to handle automated generated content with author 0 (ticket)

2.6.1 (20170309)

Bug Fixes

  • Removed the PHP Session ID cookie created by mistake for non logged in users.

2.6 (20170208)

New Features

New WooCommerce Audit Trail Alerts

Plugin Improvements

  • Improved severity of alerts and added severity description on hover over.
  • Removed all code related to PHP error monitoring, which is no longer used (code spring cleaning).

Bug Fixes

  • Fixed an issue in which 404 logs where still being generated when the logs option was disabled but alert 6007 was enabled.

2.5.9.2 (20170111)

Bug Fix

2.5.9 (20170103)

Support for new features in External DB Add-on:

2.5.8 (20161109)

Plugin Improvement (Standardized all date & time formats and timezone)

  • Plugin now uses the time & date format configured in WordPress (removed the option from plugin that override this).
  • Updated all the Premium Add-Ons to use the time & date format configured in WordPress.
  • Changed the Request Log file extension to php and disabled execution (before it was log, hence users could guess it).

Bug Fixes

  • Fixed a problem with restricting users’ access to the plugin (support ticket).
  • Fixed a bug in the custom alerts – previously custom alerts were overwritten during upgrade. Updated custom alerts documentation as well.

2.5.7 (20161005)

Bug Fix

  • Fixed an issue where a page’s title was not being returned (Support Ticket)

2.5.6 (20160927)

Bug Fix

  • Fixed an issue where previous 404 reports were not being correctly merged. (Support Ticket)

2.5.5 (20160927)

New WordPress Audit Trail Alerts

  • 2100: User opened a post in the editor
  • 2101: User viewed the post
  • 2102: User opened page in editor
  • 2103: User viewed page
  • 2104: User opened custom post type in editor
  • 2105: User viewed the custom post type

New Features

  • New setting to configure the number of 404 requests the plugin should record in a logfile from the same IP address.
  • Ability to download the 404 log file directly from the alert.
  • Added a new setting that disables or enables all of the plugin’s logging. It is disabled by default.

Plugin Improvements

  • Organized the plugin settings under different tabs making it is easier to configure.
  • Updated the Reports add-on to show 404 log file location in the reports.
  • Removed the auto-enabling of 404 requests monitoring (introduced in previous version).
  • When 404s are from localhost, localhost is used in filename and not the IP. (Support Ticket)
  • The Add Functionality node is now automatically disabled when one or more premium add-ons are activated.
  • Changed the location of request log to /wp-content/uploads/wp-security-audit-log/.
  • Changed the extension of the request log file from php to log.
  • Plugin won’t keep a record of newly posted comments that are marked as spam by Akismet.

Bug Fixes

  • Fixed the data inspector that was not working in certain installations.
  • Fixed an issue with custom alerts, which were overwritten during upgrade. Refer to the custom alerts documentation for more information.

2.5.4 (20160914)

Update

  • Updated the Italian translation file with the latest translations.

Bug Fix

  • Fixed a bug related to database collation which was affecting the generation of reports.

2.5.3 (20160816)

Bug Fix

  • Enabled the 404 logging by default during upgrade and new install. Read this FAQ for more information on this functionality.

2.5.2 (20160812)

New Feature

  • Logging of 404 Requests to a Log file. Read this FAQ for more information on this functionality.

Improvements

  • Fixed several alerts / monitoring capabilities that were not working correctly in WordPress 4.6.

2.5.1 (20160726)

Bug fixes

  • Fixed the disabling functionality of Alert 6007 because it was not working.
  • Fixed the disabling functionality for Alerts 1000 and 10001.
  • Merged bug fixes from version 2.4.4 (were not included in 2.5.0).

2.5.0 (20160712)

New Features

  • Plugin now keeps a record in the activity log of changes in WordPress comments. Refer to the list of alerts for WordPress comments for the complete list.
  • Audit log alerts for 404 (page not found) requests.
  • Audit log alerts for pages / posts / custom post types automatically created by plugins.
  • Added wildcard (*) support for when excluding Custom Fields.
  • New setting to customize From email address and display name. The premium edition have been updated to use the configured email address.

New WordPress Audit Trail Alerts for Changes in Comments

  • 2090: User approved a comment
  • 2091: User unapproved a comment
  • 2092: User replied to a comment
  • 2093: User edited a comment
  • 2094: User marked a comment as Spam
  • 2095: User marked a comment as not Spam
  • 2096: User moved a comment to trash
  • 2097: User moved a comment out from the trash
  • 2098: User permanently deleted a comment
  • 2099: Website visitor / User posted a comment (disabled by default. Enable it from the Enable/Disable Alerts node in the plugin menu)

New WordPress Audit Trail Alerts for Plugins Activity

  • 5019: Plugin automatically created a post
  • 5020: Plugin automatically created a page
  • 5021: Plugin automatically created a custom post type
  • 5025: Plugin automatically deleted a post
  • 5026: Plugin automatically deleted a page
  • 5027: Plugin automatically deleted a custom post type

Other New WordPress Audit Trail Alerts

  • 5031: User updated a theme
  • 2089: User moved an object as a sub-object in a menu
  • 6007: User / website visitor requested a non-existing page (404 ERROR)

Improvements

  • Standardized all alerts messages / Improved the text of all of them. Each post / page / custom post type alert has a linkt to the Editor now

2.4.4 (20160627)

Security fix

  • Fixed a cross-site scripting vulnerability in the function AjaxDisableCustomField()

Bug fix

  • Fixed the hide plugin setting which was not working in some scenarios. (Support Ticket)

2.4.3 (20160601)

New Add-On Support

  • Included code to support the new Users Sessions Management module, which allows you to see who is logged in to your WordPress and WordPress multisite networks.

New Alerts in the WordPress Audit Trail

  • 1004: A login attempt was blocked because a session with the same username already exists
  • 1005: Multiple logged-in sessions for the same WordPress username has been detected

Improvement

  • Plugin reports changes when an object is moved as a sub object in a menu.

Bug fixes

  • Fixed a problem where wrong permissions were assigned to the reports directory in the uploads directory for the Reports module. Fixed an issue where multiple incorrect changes were reported when changing the structure of a menu (Support ticket). Fixed a bug in the settings sensor (support ticket).

2.4.2 (20160426)

Improvement

  • Removed hardcoded memory limit in database connector. Now all database connections are done via AJAX calls hence there is no need for such limits.

2.4.1 (20160420)

New Features

New WordPress Security Alerts for Content title changes

  • 2086: User changed the title of a post
  • 2087: User changed the title of a page
  • 2088: User changed the title of a custom post type

Improvements

  • Implemented AJAX calls for when migrating the WordPress Audit Trail between databases with the[External DB module.

2.4 (2016-03-28)

Read the WP Activity Log 2.4 release notes for a detailed overview of what is new.

New Features

  • Monitoring of WordPress menus changes from both admin pages and theme customizer.
  • New hook that allows users to create their own custom alerts. Read the WP Activity Log Custom Alerts documentation for more information.
  • New alerts for when a either a post, a post or a custom post type is scheduled.

New WordPress Security Alerts for Menus

  • 2078: User created a new menu
  • 2079: User added objects to menu
  • 2080: User removed object from menu
  • 2081: User deleted a menu
  • 2082: User changed menu settings
  • 2083: USer modified an object in menu
  • 2084: User renamed a menu
  • 2085: User changed the order of the objects in menu

New WordPress Security Alerts for Scheduled Items

  • 2074: User scheduled a post for publishing
  • 2075: User scheduled a page for publishing
  • 2076: User scheduled a custom post type for publishing

Bug Fixes

  • Fixed an issue where WordPress updated alerts were begin generated repeatedly upon accessing the updates page. (Support Ticket)
  • Fixed an issue where WordPress pruning was not working in an out of the box installation.
  • Fixed a conflict with Migrate DB. (Support Ticket)

2.3.3 (20160216)

Bug Fixes

  • Fixed an issue where automated WordPress updates were not being reported.
  • Improved error handling in database queries.

2.3.2 (20160121)

Bug Fix

  • Fixed an issue with the login/logout sensor reported in this ticket.

2.3.1 (20160116)

Improvement

  • Improved the SQL queries used in the Reports module.

2.3 (20160112)

New Features

Keep track of changes on bbPress forums. For more detailed information read the WP Activity Log 2.3 Release Notes.

New WordPress Security Alerts

  • 8000: User published a new forum
  • 8001: User changed the status of a forum
  • 8002: User changed the visibility of a forum
  • 8003: User changed the URL of a forum
  • 8004: User changed the order of a forum
  • 8005: User moved forum to trash
  • 8006: User permanently deleted a forum
  • 8007: User restored a forum from trash
  • 8008: User changed the parent of a forum
  • 8009: User changed the role of forum auto user role
  • 8010: User changed the option for anonymous posting on forum
  • 8011: User changed the forum type
  • 8012: User changed the time setting to disallow editing of posts
  • 8013: User changed the time setting for post throttling
  • 8014: User created new forum topic
  • 8015: User changed the status of a forum topic
  • 8016: User changed the type of a forum topic
  • 8017: User changed the URL of a forum topic
  • 8018: User changed the forum for a topic
  • 8019: User moved a forum topic to trash
  • 8020: User permanently deleted a forum topic
  • 8021: User restored a forum topic from trash
  • 8022: User changed the visibility of a forum topic

Improvements

  • Improved the performance / queries of the Audit Log Viewer, hence now it is faster when retrieving alerts from bigger databases.
  • Rewritten and improved the reporting engine for the Reports module.

Bug Fix

  • Fixed an issue where administrators of sub domain websites could see the alerts of other websites from the dashboard widget in a multisite installation. (Ticket)
  • Fixed a SQL query error where a NULL value was being saved and it wasn’t accepted. (Ticket)

2.2 (20151110)

New Features

Bug Fixes

  • Fixed an issue where user was allowed to disable all columns in Audit Log Viewer (Support ticket). Fix recommendation by Bates College.

2.1.1 (20151008)

New WordPress Security Alerts

  • 2072: User modifies a post that is submitted for review
  • 2073: Contributor submits a post for review

Improvements

  • Added the functionality to search by Alert ID in the Search module.
  • When a background process is reports, plugin now reports “System” as username and not “unknown”.
  • Improved the connection checks of the External DB module (now it also has a timeout for when incorrect IP / Host is specified).

Bug Fixes

  • Fixed an issue in the Reports module where not all available users were being listed to generate a report
  • Fixed an issue with licensing notifications – now all licensing notifications will be automatically dismissed upon activating a key.
  • Fixed an issue where the user reset passwords were not being recorded (since 4.3). (Ticket)

2.1.0 (20150909)

New Features

  • Introduced the External DB module.
  • Integration with WhatIsMyIPAddress.com (Click an IP addresses in Audit Log viewer to get all information about it).
  • Settings to Include or exclude specific columns from the Audit Log viewer.
  • Ability to exclude an IP address from monitoring
  • New option to disable the reporting of WordPress background tasks (such as deletion of auto draft posts)

Bug Fixes

  • Fixed a problem when trying to customize a widget via the theme customizer (support ticket).
  • Handling an error that was generated when someone logged in to a WordPress via social media channels.
  • Fixed: incorrect alert generated when a widget is moved from the bottom of a container to another.
  • Fixed: incorrect alert generated when a custom filed is deleted from a page.
  • Fixed an issue where post related actions were not reported for users with author and contributor roles.
  • Fixed an issue where in a specific scenario the settings in the options tabel were duplicate.

2.0.1 (2015-08-05)

Minor Change

Launched a new WP Activity Log website and updated all relevant links.

2.0.0 (20150716)

New Features

  • New database connector allowing faster and more efficient plugin to WordPress database communication
  • Added new option to switch the display time of alerts between 24 hour or 12 hour format
  • Sorting functionality in Audit Log Viewer (sort WordPress security alerts by date & time, code or username)

Bug Fixes

Fixed issue where super admin roles was not reported when logging in to “sub sites” in WordPress multisite Fixed several formatting issues in the Audit Log Viewer (UI) Fixed issue where multiple plugins were upgraded via the drop down menu and no alerts were being reported Fixed: When unrestricting plugin access from a single admin was not working properly

1.6.1 (20150504)

Bug Fixes

  • Fixed the monitoring of plugin updates for WordPress 4.2 (Support Ticket)
  • Fixed an issue where multiple plugin updates triggered by drop down menu were not being reported
  • Fixed a conflict with Magic Fields 2 plugin (Support Ticket)
  • Updated the escaping of add_query_arg() function which could result in a potential XSS

1.6.0 (20150416)

New Security Alerts

  • 5010: plugin created new tables in the WordPress database
  • 5011: plugin modified the structure of a number of tables in the WordPress database
  • 5012: plugin deleted tables from the WordPress database
  • 5013: theme created new tables in the WordPress database
  • 5014: theme modified the structure of a number of tables in the WordPress database
  • 5015: theme deleted tables from the WordPress database
  • 5016: an unknown component created new tables in the WordPress database
  • 5017: an unknown component theme modified the structure of a number of tables in the WordPress database
  • 5018: an unknown component theme deleted tables from the WordPress database
  • 2052: a user changed the parent of a category

1.5.2 (20150407)

Bug Fix

  • Removed a clause which changed the debug log path (used for testing) (Support Ticket)

1.5.1 (20150326)

Improvements

  • Completely removed the user of the is_admin() function to follow better security practises

Bug Fixes

  • Updated the licensing mechanism to correct problem where premium add-ons could not be activated.
  • Fixed several issues where the database tables were not being created during install or upgrade. Support ticket and Support ticket.
  • Fixed an issue where the plugin did not monitor any activity in specific scenarios. Support ticket and Support ticket.
  • Removed duplicate options in the settings page. (Support ticket)

1.5.0 (20150318)

New Features

  • Ability to exclude custom fields from monitoring (custom fields can be excluded from the Audit Log Viewer with a simple click or you can specify them in the settings)
  • Ability to exclude WordPress users and roles from monitoring

Improvements

  • WP Activity Log now has its own settings table in WordPress database. This will provide us with more flexibility and have more centralization of data
  • Updated the code where is_admin() function was being used to follow better security practises

Bug Fixes

  • Fixed a problem where a PHP exception was being thrown during the activation of the plugin (support ticket)

1.4.1 (20150312)

Bug Fix

  • Fixed an issue where the IP address was not being reported for anyone using PHP version 5.3.3 or earlier (support ticket)

1.4 (20150224)

New Features

  • WordPress username is now reported when a failed login is recorded – More Details
  • Plugin is now available in Romanian thanks to Artmotion

Improvements

  • Improved IP Address validation checks – if IP address format is incorrect the plugin reports “incorrect format” and not “unknown” – This will help us improve troubleshooting
  • Alerts pruning options are now added during activation of the plugin, making pruning options more reliable – existing pruning options will be retained

Bug Fixes

  • Fixed issue with the option “auto / manual” refresh of Audit Log Viewer
  • Fixed plugin uninstallation process (added new option to purge all plugin data from WordPress database upon uninstall)

1.3.3 (20150121)

New Features

  • Premium features nodes will be hidden from the WordPress plugins page when the Hide plugin option is enabled.

Improvements

  • Updated some of the help text in plugin’s settings page
  • Updated the text of some WordPress security alerts

Bug Fixes

Fixed a bug related to the reverse proxy / IP retrieval functionality Fixed an issue related to Sandbox removal and upgrades (Support Ticket)

1.3.2 (20141216)

New Features and Options

  • Plugin automatically retrieves user’s originating IP address even if WordPress is installed behind a reverse proxy, web application firewall or load balancer. For more information refer to WP Activity Log, Reverse Proxies and WAFs.
  • New option to omit internal IP addresses from being reported in the WordPress security activity log

Removed Functionality

  • The sandbox was removed from the plugin. If you need to use the sandbox for troubleshooting and tested contact us since we migrated it to a standalone extension.

Bug Fixes

  • Fixed a bug where site administrators where not able to view the WordPress security alerts for their sites in a WordPress multisite installation
  • Improved some SQL queries as reported in this support ticket.
  • Fixed an issue with alerts pruning (when pruning was set by number of alerts the plugin was pruning all alerts)

1.3.1 (20141127)

New WordPress Security Alerts

  • Alert 2065: The content of published post has been modified
  • Alert 2066: The content of published page has been modified
  • Alert 2067: The content of published custom post type has been modified
  • Alert 2068: The content of a draft post has been modified
  • Alert 2069: The content of a draft page has been modified
  • Alert 2070: The content of a draft custom post type has been modified
  • Alert 2071: Changed the position of a widget in the same container

WordPress Security Audit Log Viewer Improvement

  • Removed fixed width from columns, hence now they are dynamically resized depending on your resolution

Bug Fixes

  • Fixed an issue where alert 1001 (logout) was generated without a login (support ticket)
  • Fixed a PHP coding problem / invalid argument issue (support ticket)

1.3.0 (20141030)

New WordPress Security Alerts

  • Alert 2065: User modified the content of a blog post
  • Alert 2066: User modified the content of a WordPress page
  • Alert 2067: User modified the content of a custom post type

Improvements

  • We have also improved the code of some of the sensors which monitor the WordPress activity

1.2.9 (2014-10-21)

Bug Fix

  • Fixed an issue with the queries used for the alerts pruning as reported in this (support ticket).

1.2.8 (20141014)

New Feature

  • Added new Extensions page to allow users to see which extensions they can use to increase the functionality of the plugin.
  • Included licensing mechanism to support premium extensions

Improvements

  • Updated latest language files for German and Italian translations (also include corrections for some old translations)

Bug Fixes

  • Fixed a problem with the pruning of WordPress Security Alerts (support ticket)
  • Fixed pagination issue in the Audit Log Viewer when running on WordPress multisite

1.2.7 (20140926)

New Feature

  • New option “Restrict Plugin Access” that allows WordPress administrators to further restrict access to the plugin and the WordPress security alerts

Improvements

  • Updated the Audit Log Viewer backend to retriev WordPress security alerts much faster and consume less resources on large websites
  • Moved the Audit Log plugin menu entry underneath the dashboard entry for better access
  • Several minor enhancements to the plugin to perform better on large WordPress installations

Bug Fixes

1.2.6 (20140820)

Improvements

  • Several performance improvements and tweaks applied
  • Updated Italian translations

Bug Fixes

1.2.5 (20140812)

New Feature

  • Monitoring of custom fields in WordPress posts, pages and custom post types.

New WordPress Security Alerts

  • Alert 2053: User created new custom field in blog post
  • Alert 2054: User modified the value of custom field in blog post
  • Alert 2055: User deleted a custom field in blog post
  • Alert 2062: User renamed custom field in blog post
  • Alert 2059: User created new custom field in page
  • Alert 2060: User modified the value of custom field in page
  • Alert 2061: User deleted custom field from page
  • Alert 2063: User renamed custom field in
  • Alert 2056: User created new custom field in custom post type
  • Alert 2057: User modified the value of custom field in custom post type
  • Alert 2058: User deleted a custom field from custom post type
  • Alert 2064: User renamed custom field in custom post type

Improvements

  • Improved the writing and reading of WordPress alerts from the WordPress database (plugin runs more efficiently on high traffic WordPress and WordPress multisite installations)
  • Improved the monitoring of WordPress login and logout actions
  • Applied various plugin performance tweaks

Bug Fixes

  • Fixed a specific issue where user and user role where not being reported.
  • Fixed an error which was being reported during user logout in specific scenarios.
  • Fixed a CSRF vulnerability reported by Kévin FALCOZ aka 0pc0deFR

1.2.4 (20140727)

Improvements

  • Improved monitoring of failed logins, addressed issues reported here, here, here and here.

1.2.3 (2014-07-23)

Improvements

  • Improved database structure for better support of high-traffic WordPress and WordPress multisite installations
  • Developer options are reset during updates for improved performance
  • Added a warning / note to the developer options (such options should NEVER be enabled on live websites but only on testing, staging and development websites)

Bug Fixes

  • Fixed database issue with primary key constraint

1.2.2 (2014-07-16)

New Features

  • Italian translation available thanks to Leonardo Musumeci.

Improvements

  • Added a warning for developer options
  • “Hidden” developer options from default settings; user has to click link to access developer settings
  • Backtrace logging now made optional from a developer setting

Bug Fixes

  • Solved several issues related to translations. Now everything in the plugin is translatable
  • Fixed several other issues reported by email

1.2.1 (2014072)

Bug Fix

  • Fixed reported issue with upgrade reported here.

1.2.0 (2014072)

New Features

  • Unlimited Alerts can be stored (removed the 5000 alerts limit)
  • Alert time now includes milliseconds for more precision (ideal for auditing and compliance)
  • Reported alert time is now relative to user’s configured timezone
  • Alerts automatic pruning procedures can now be enabled / disabled
  • Option to hide WP Activity Log from Plugins page in WordPress
  • If there are more than 15 websites in a multisite installation, an auto complete site search box is shown instead of the drop down menu

New WordPress Security Alerts

  • Alert 5007: User has uninstalled / deleted a theme
  • Alert 5008: Super administrator network activated a theme on multisite
  • Alert 5009: Super administrator network deactivated a theme on multisite

1.1.0 (20140527)

New Features

  • User avatar is shown in the alert to allow administrators to easily recognize users and their activity
  • Clickable username in alerts allow administrators to access user’s profile instantly
  • User role is reported in alert so administrators can easily track any suspicious behaviour
  • PHP Version checker; upon installation the plugin will check what version of PHP is installed on the system

New WordPress Security Alert for monitoring plugin files

  • Alert 2051: User changed a plugin file using the plugin editor (note: filename and location will also be reported in the alert)

Bug fixes

  • Fixed wrapping problem in alerts dashboard widget
  • Fixed upgrade script to properly create the new tables in the WordPress database

1.0 (20140520)

  • Complete plugin rewrite making the new version more stable and scalable

New Features

  • New Audit Log viewer
  • Auto refresh of security alerts – WordPress administrators do not need to refresh the Audit Log Viewer page to see new alerts
  • Data Inspector reports more insider information about each alert (can be enabled from settings)
  • Sandbox allows developers to execute PHP code for troubleshooting (can be enabled from settings)
  • Request Log that logs all HTTP GET and POST requests done on WordPress (can be enabled from settings)
  • Logging of PHP Errors; ideal for developers who want to monitor WordPress for any errors (can be enabled from settings)
  • New Support and About Us page that you should check out!

New WordPress Security Alerts for monitoring themes, WordPress settings, files and much more

  • Alert 2046: User modified a file using the editor
  • Alert 2047: User changed parent of page
  • Alert 2048: User changed template of page
  • Alert 2049: User set post as sticky
  • Alert 2050: User removed post from Sticky
  • Alert 5005: User installed a new theme
  • Alert 5006: User activated a theme
  • Alert 6004: User upgraded WordPress
  • Alert 6005: User changed the WordPress permalinks

New WordPress Developer Alerts

  • Alert 0000: Unknown error
  • Alert 0001: PHP Error
  • Alert 0002: PHP Warning
  • Alert 0003: PHP Notice
  • Alert 0004: PHP Exception
  • Alert 0005: PHP Shutdown Error

0.6.3 (20140218)

Bug Fix

  • Disabled debugging by default (left enabled by mistake)

0.6.2 (20140203)

Bug Fix

  • Fixed a number of database issues introduced with the WordPress Multisite Support
  • Fixed issue with supporting pre WordPress 3.0 multisite installations.

0.6.1 (20140116)

Bug Fix

  • Fixed errors in debug code (used for when debugging is enabled in plugin)

0.6 (20140115)

New Plugin Feature

New WordPress Security Alerts for monitoring specific multisite activity on a WordPress multisite network installation

  • Alert 4008: User is granted super admin privileges (network)
  • Alert 4009: Super admin privileges (network) are revoked from a user
  • Alert 4010: Added an existing user to a site and assigned a specific role
  • Alert 4011: Removed user with a specific role from a site
  • Alert 4012: New user created on the network
  • Alert 7000: Added a new site to network
  • Alert 7001: A site was archived
  • Alert 7002: A site was unarchived
  • Alert 7003: A site was activated
  • Alert 7004: A site was deactivated
  • Alert 7005: A site was deleted

Plugin Improvements

  • Plugin settings page to have the same look and feel of the new WordPress dashboard (3.8)

0.5.1 (20131211)

Bug Fix

0.5 (20131106)

New WordPress Security Alerts for monitoring of Widgets

  • Alert 2042: New widget was added
  • Alert 2043: A widget was modified
  • Alert 2044: A widget was deleted
  • Alert 2045: A widget was moved

New Plugin Features

  • New setting to allow specific user(s) and role(s) to view the Audit Log Viewer (read only)
  • New setting to allow specific user(s) and role(s) to manage the WP Activity Log plugin (can change plugin settings, enable disable WordPress security alerts etc)

Plugin Improvements

  • Renamed “login/logout” tab in “Enable/Disable Alerts” section to plugins to “Other User Activity”
  • Added the files alerts (uploaded / delete files) to the “Enable/Disable Alerts” (previously unavailable)

Bug Fixes

  • Fixed issue where all users were able to see the Dashboard widgets with security alerts – now restricted only to users who have access to the plugin.
  • Fixed user reported issue.

0.4 (20131009)

New WordPress Security Alerts for Custom Post Types

  • Alert 2029: New post with custom post type created and saved as draft
  • Alert 2030: Post with custom post type is publishes
  • Alert 2031: A published post with custom post type is modified
  • Alert 2032: A draft post with custom post type is modified
  • Alert 2033: A post with custom post type was permanently deleted
  • Alert 2034: A post with custom post type was moved to trash
  • Alert 2035: A post with custom post type was restored from trash
  • Alert 2036: The category of a post with custom post type was changed
  • Alert 2037: The URL of a post with custom post type was changed
  • Alert 2038: The author of a post with custom post type was changed
  • Alert 2039: The status of a post with custom post type was changed
  • Alert 2040: The visibility of a post with custom post type was changed
  • Alert 2041: The date of a post with custom post type was changed

New Plugin Features

  • Enable/Disable Alerts node that allows WordPress administrators to switch on or off specific WordPress security alerts
  • Dashboard widget that shows the latest 5 WordPress security alerts (widget can be switched on or off from the plugin settings)
  • Plugin is now language aware and we can accept translations

Plugin Improvements

  • Updated settings page to have the same look and feel of WordPress
  • Improved the upgrade procedure of the plugin
  • Updated the Audit Log Viewer display to support more resolutions such as those of tables and smartphones

0.3 (20130919)

New WordPress Security Alerts

  • Alert 6001: Anyone can Register option in WordPress settings was changed
  • Alert 6002: Default use role in WordPress settings was changed
  • Alert 6003: Administrator notification email in WordPress settings was changed
  • Alert 2025: Visibility of a blog post was changed
  • Alert 2026: Visibility of a page was changed
  • Alert 2027: Date of a blog post was changed
  • Alert 2028: Date of a page was changed

Plugin Improvements

  • Links to the Audit Log Viewer and Settings in the plugin summary page
  • Time of Failed Login alerts now reflects the time of last failed login attempt

Bug Fixes

  • Fixed: Incorrect alerts generated when author of page was changed from quick edit mode
  • Fixed: Conflict with WP Mandrill and other plugins using pluggable.php
  • Fixed: Incorrect alerts generated when plugin is installed via a zip file / upload method

0.2 (20130812)

  • Restricted plugin options and WordPress Audit Log Event Viewer only to WordPress administrators
  • Improved failed logins events (events generated from the same IP, or same username will be grouped to avoid mass flooding of security events)
  • Security Events pruning now uses wp-cron functionality (improved stability and reliability of events pruning)
  • Applied several performance improvements (faster loading of events etc)
  • Added support for permalinks; now events will include page or blog post URL rather than ID
  • Added new alerts for when a page or blog post status is changed from draft, pending review or published
  • Added new alert for when a page or blog post URL or author is changed
  • Added new alert for when a blog post category is changed
  • Added new alerts for when a user creates or deletes a category
  • Added new alert for when the author of a blog post or page is changed
  • Added new plugin alerts for when a plugin is installed, uninstalled or upgraded
  • Updated navigation menu to use standard WordPress dashboard icons etc

0.1 (20130524)

  • Initial beta release of WP Activity Log.