WP Security Audit Log

Wordpress Plugin
Download latest - 4.4.3

Download Stats

Today 946
Yesterday 1,295
Last Week 6,811
All Time 821,328
Banner 772x250


Releases (136 )

Version Release Date Change Log
4.4.2.1 2022-07-06

(2022-07-06) =

  • Bug fixes
    • Fixed: Fatal error when a WooCommerce file download is triggered.
    • Fixed: Only users with administrator role shown as logged in on a multisite network.
    • Fixed: Event IDs 5010 - 5018 wrongly enabled by default.
    • Fixed: A number of upgrade errors caused because of possibly outdated files.
    • Fixed: Disabled event IDs disabled at multisite network level were activated back when accessing child sites.
    • Fixed: Upgrade notice shown on a multisite network even when it is a new install.
    • Fixed: Fatal error triggered due to incorrectly named files (wrong capilitazion).
    • Fixed: Error in Alert formatter triggered during the upgrade process.
4.4.2 2022-06-28

(2022-06-28) =

Release notes: More reports white labelling options & statistics reports

  • New activity log event IDs

    • ID 2133: user taken over a post from another user.
  • New features & functionality

    • A number of new activity log statistics reports such as number of newly created users, user profile changes, password changes and password resets, page views, and more.
    • Added a number of new whitelabeling options in the activity log reports. Users can now add the business name, contact details, business logo and more in the reports.
    • Users can now change the report title, add comments etc.
    • Tags for Loggly & AWS Cloudwatch: add tags to the WordPress activity logs mirrored to your logs management system.
  • Plugin & features improvements

    • Users can now specify the number of hours when configuring a timeout for idle sessions.
    • Automatic plugin and theme updates are now detected and reported in the activity log (event ID: 5004).
    • Improved the logic of event ID 4029 - the user triggering the password reset request is now reported as the user who did the action.
    • Added the format of the generated report in the periodic reports list.
    • Draft posts can also be included in reports criteria.
    • The function to import / export plugin settings replaced with our own library (to be used in other plugins).
    • Plugin now uses the hook 'deleted_theme' to detect deletion of installed themes.
    • Removed the multisite tab from built-in notifications when installed on single site.
    • Added a check so the name of a mirroring connection cannot be empty.
    • Plugin now checks if there is an existing mirroring connection with the same name so not to overwrite existing ones.
    • Removed redundant "Save" button from the "Delete activity log data" page.
    • Improved the Integrations wizard - catered for a number of conflicts with other plugins and themes such as Divi.
    • Reviewed and improved the text in the WordPress users' sessions management module.
    • Reports generation errors now contain details of why reports failed instead of generic errors, helping the user identify what the issue might be.
    • When deleting data about an IP address or a user from the logs, the user is now asked if they want to delete the events about the user / where the IP address is mentioned, or events generated from that user or IP address.
    • Optimized the way licensing data is stored on a multisite network.
    • Premium plugin advert in activity log viewer is now fixed - it does not interrupt user.
    • Added a new filter to specify which long data fields should be truncated in the activity log viewer.
    • "Email Notifications" section renamed to "Email & SMS Notifications".
    • Reviewed and rewritten the help text in the Sessions module to advise users to terminate current sessions before restricting sessions.
    • Applied a number of UI/UX tweakts to the Enable/Disable events section making it neater and easier to use.
    • Post titles are now reported and linked to the post in the daily update email.
  • Bug fixes

    • When user changes multiple plugin settings the plugin now is reporting all the changes and not just one.
    • Fatal error reported when running certain activity log searches.
    • Event ID 6310 no longer incorrectly reported with every plugin setting change.
    • Fixed: activity log retention settings deleted and rewritten to database on page reloads.
    • Fixed: some premium features such as the "link to view all users activity" available in the free edition.
    • Fixed: New notification help text shows HTML code rather than formatted message.
    • Fixed: Clicking the expand data in activity log viewer resets the view and redirects the user to top of the activity log.
    • Fixed: Reports filter "Post type" was not finding events about posts with some custom post types.
    • Fixed: Changes in activity log retention settings not correctly reported in event ID 6052.
    • Fixed: When a user changes a post's title and content, only the title change is reported.
    • Fixed: Deleting of activity log events by severity is not deleting the events.
    • Fixed: Excape characters in password cause authentication with third party services to fail.
    • Fixed: The setting "Cleanup expired session data" cannot be disabled.
    • Fixed: Step 2 in the integrations wizard is not "scrollable" if you go back to it while configuring a connection.
    • Fixed: changes in built-in email notifications are not saved in some specific scenarios.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.4.1 2022-03-29

(2022-03-23) =

Release notes: Out now: Activity Log for MainWP 2.0 & WP Activity Log 4.4.1

  • Improvements & changes

    • All of the plugin's code is now using the WordPress coding standards.
    • Removed the reporting and search code from the free edition plugin that was used by the MainWP extension.
  • Bug fixes

    • Fixed: PHP fatal error when index.php file is saved in the custom sensors directory.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.4.0 2022-02-28

(2022-02-08) =

Release notes: New Reports engine with more criteria, reports management & more

  • New activity log event IDs

    • ID 6059: Changed the site's title.
    • ID 4021: Changed the website URL in the user profile.
    • ID 4013: User has been activated on a multisite network.
  • New features & functionality

    • Hooks to allow users to change the columns in reports or ad value from non-default columns. Refer to the list of hooks in WP Activity Log for more information.
    • New UI for "Enable/Disable event IDs" with search and filtering functionality.
    • New filter that allows user to add metadata to user information popup. Refer to the List of hooks in WP Activity Log for more information.
    • The new Activity Log for TablePress extension.
  • Improvements

    • Changed the database schema for improved storing of data, and faster writing and reading. After the upgrade the plugin will launch the upgrade process which might take some time to complete, depending on the amount of data in the activity log.
    • Improved the coverage of changes done to a website via REST API.
    • Removed obsolete code used for advertorial events in the activity log viewer.
    • All plugin settings now have the wsal_ prefix automatically added to them.
    • Rewritten some of the settings help text in the plugin to better explain the settings.
    • Removed obsolete settings & code of the old file integrity scanner (now part of Website File Changes Monitor plugin).
    • Removed obsolete reference to the old file changes scanner in the daily summary email.
    • Made a number of JS strings available for translation.
    • Removed a number of plugin settings from autoload for improved performance.
    • Improved the plugin's metadata and added the licensing information.
    • Long URL strings in activity log events are now automatically truncated. Full URL can be seen with just a click.
    • Removed forced database table collation: plugin now uses the default WordPress table collation.
    • Updated the "Help & Contact Us" page; improved text and added more relevant information.
    • Improved several UI sections in the Third Party Connections module.
    • Improved the check for writing activity log to external database; now it is less restrictive and faster.
  • Security fix

    • Upgraded the Freemius SDK to version 2.4.3.
  • Bug fixes

    • Fixed: Database error when trying to log in with a non-existing user and a login notification is enabled.
    • Fixed: In some edge cases the plugin was creating an empty "external database" connection string.
    • Fixed a number of typos in the text of activity log events.
    • Fixed: Auto complete in the Delete activity log data section was not returning the correct list of objects.
    • Fixed: Wrong object reported for event ID 5029.
    • Fixed: Event ID 4000 not reported when front-end sensor is disabled.
    • Fixed: "Unknown connection type" reported back setting up a third party connection on specific versions of WordPress.
    • Fixed: Event ID 6320 (added / removed connection) reported instead of event ID 6321 (modified connection).
    • Fixed: Function that was running on "add_filter" instead of "add_action" - Support ticket.
    • Fixed: PHP warning about OPCacheUtils.php in specific setups.
    • Fixed: Edge case in which other plugins couldn't be installed or updated when WP Activity Log was activated.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.3.6 2022-02-14

(2022-02-15) = Release notes: the improvements in this update are required to prepare for WP Activity Log 4.4. Therefore it is important to install this update before you update to version 4.4.

  • Improvements
    • Removed opcache purging.
    • Improved error handling during plugin upgrade.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.3.4 2022-01-27

(2022-01-05) =

Release notes: WP Activity Log 4.3.4: paving the way for 4.4

New features * See a user's activity log with one-click from the WordPress users page. * Added "Custom User Field" as criterion in the notifications trigger builder.

Improvements * User's role is reported in the list of logged in users. * Added PHP Opcache flush during plugin upgrade (needed for updating to 4.4). * Made more JS strings in the plugin translatable. * Added the URL metadata in the CSV activity log reports.

Bug fixes * In some code the premium plugin trial was 7 days - changed to 14 days. * Fixed: cannot set up a third party service integration on WordPress earlier than 5.6. * Fixed some typos in some of the events' text.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.3.3.1 2021-10-13

(2021-10-13) =

Bug fixes * Fixed critical error with PHP 7.2.

4.3.3 2021-10-13

(2021-10-13) =

Release notes: WP Activity Log 4.3.3: Plugin setting importer & exporter, support for REST API

New activity log event IDs * ID 5028: Enabled or disabled automatic updates for a plugin. * ID 5029: Enabled or disabled automatic updates for a theme.

New activity log event IDs for notifications in the plugin * ID 6310: Changed the status of the "Daily activity log summary email". * ID 6311: Modified the list of recepients of the "Daily activity log summary email". * ID 6312: Changed the status of a built in notification. * ID 6313: Changed the recepient(s) of a built in notification. * ID 6314: Added a new custom notification. * ID 6315: Modified a custom notification. * ID 6316: Changed the status of a custom notification. * ID 6317: Deleted a custom notification. * ID 6318: Modified the default notification template.

New activity log event IDs for integrations & activity log mirrors * ID 6320: Added a new integration connection. * ID 6321: Modified an integration connection. * ID 6322: Deleted an integration connection. * ID 6323: Added a new activity log mirror. * ID 6324: Modified an activity log mirror. * ID 6325: Changed the status of an activity log morror (disabled/enabled). * ID 6326: Deleted an activity log mirror. * ID 6327: Changed the statues of the setting "Logging events to database".

New features * Plugin settings exporter & importer: easily export and import the plugin's settings configuration for backups, migration etc. * Options to delete specific data from the activity log, such as all events about a user, or an IP address. * Plugin keeps log of authenticated user changes done to the website via the REST API. * New button to only terminate the users' sessions that match the search criteria in Logged in users' session. * Added the new {first_name} and {last_name} tags to the custom notifications template. * New hook to edit the activity log event data before it is sent to mirrors.

Improvements * Logs from subsites on multisite networks can be mirrored to AWS Cloudwatch as individual log streams. * Activity log retention policy can now be specified by the number of days. * Plugin now reports user role changes done via the "Members" plugin (by Memberpress). * Event ID 2010 (user uploaded a file) now includes a link to the uploaded attachment. * Added "Blog ID" and "Site URL" to mirrored activity log events. * Hover over prompt for users entries in activity log viewer now displays more information about the user. * Improved the handling of post meta changes (support ticket). * Renamed menu entry "BD & Integrations" to "Integrations" to better reflect its purpose. * Contact us link in install wizard now points to contact us page on website instead of homepage. * Auto complete filters in Reports now check up to 100 records. * Added additional database checks to ensure all data is removed from database upon uninstall on a multisite network. * Improved coverage for the Members plugin - plugin now reports user role changes done via the Members plugin. * Updated the "Help" link in the first time install wizard. * change the "wsal_inactive_sessions_test" database override to a filter. * Improved in-context help messages in plugin settings and ensured all titles are uniform.

Bug fixes * Fixed a PHP warning which happened when visiting the plugin's settings pages (support ticket). * Fixed PHP notice which happened when visiting an archive page (support ticket). * Event IDs for "integration connections" changes wrongly reported for changes in "activity log mirroring connection" changes. * Fixed: Activity log retention policies appearing twice in some scenarios. * Fixed: Activity log retention settings and archive settings popup logic. * Added the missing argument in a multisite network that were creating a PHP error during plugin uninstall. * Setting the setting "Remove all data on uninstall" to "No" no longer leaves no option selected.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.3.2 2021-08-03

(2021-08-03) =

Release notes: WP Activity Log 4.3.2: New external database module, plugin logging, and other exciting features

New event IDs for WP Activity Log plugin settings changes * ID 6046: enabled / disabled the Login Page Notification. * ID 6047: changed the text of the Login Page Notification. * ID 6048: changed the status of the Reverse proxy / firewall option. * ID 6049: changed the Restriction Access setting. * ID 6050: changed the list of users that can view the activity log. * ID 6051: enabled / disabled the Hide plugin in plugins page setting. * ID 6052: changed the activity log retention policies. * ID 6053: excluded / included back a user in the activity log. * ID 6054: excluded / included back a user role in the activity log. * ID 6055: excluded / included back an IP address in the activity log. * ID 6056: excluded / included back a post type in the activity log. * ID 6057: excluded / included back a custom field in the activity log. * ID 6058: excluded / included back a user profile custom field in the activity log.

New features

* A completely new external database module (with full backward compatability support). * Activity log can now be stored on external MySQL databases on Microsoft Azure. * A new sensor to keep a log of WP Activity Log plugin settings changes. * New setting to "not write activity log to database" when mirroring the activity log to a third party service. * The "all except from" criterion in the reports, allowing users to easily exclude specific object from a report criteria. * Plugin database version: the plugin's database is now versioned, making it much easier to upgrade the database structured when required. * Custom fields in user profiles can be excluded from the activity log from the "Exclude Objects" settings section. * The filter "wsal_event_metadata_definition" which allows users to add additional meta data to an event in the activity log. Refer to the list of hooks & filters for more information. * Added events severity level filter in the mirroring connection, allowing users to filter which events should be mirrored by severity level.

Improvements

* Replaced the old external database buffer system with the Action Scheduler library to improve reliability and performance. * Redesigned the reports download functionality so it works on any type of WordPress web hosting. * Replaced the old activity log events migration module with WP Background processing, for a more reliable migration process. * Full support for PHP 8. * Detection of third party plugins activity & recommendations for activity log extensions. * Added a number of checks to the external database module for an improved database connection setup UX. * Activity log plugin extensions are also hidden when the WP Activity Log plugin is hidden from the plugins page. * Removed all the code that was previously used for migration of events between the WordPress and external database. * Remove code that is no longer required in the free edition of the plugin. * Better support for plugins that still use old methods (old use of the lostpassword_post filter) to allow users to reset their password without an error. * All database events have been moved under the "WordPress & System" tab in the Enable/Disable events section. * Improved the text of the plugin's install wizard. * Live notifications in Admin toolbar are now disabled by default (performance enhancement). * Amazon AWS library is disabled by default. Users will be alerted to initialize it from wp-config.php if required. * Added the ";" as separator in the meta data section in CSV reports. * Removed the event ID 4-digits limit to allow users to declare event IDs with 5+ digits. * CSV reports now show the right username & display name, as configured in the plugin settings.

Bug fixes * Plugin was not capturing user logouts from Ultimate Member plugin profile page. * Plugin was reporting wrong directory name in URL in event ID 2101 on a multisite environment. * In specific scenarios the plugin reported a custom field name as NULL in event ID 2054.
* Fixed the broken link to user profile page in event ID 4001. * Event ID 4029 (user sent a password request) had the wrong Event Type.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.3.0 2021-06-08

(2021-05-20) =

Release notes: WP Activity Log 4.3: The new mirroring module & integrations

New features * The new WordPress activity log mirroring module: mirror your website's activity log in real-time to AWS CloudWatch, Loggly, a log file and several other services.

Improvements * The activity log is mirrored to third party services in real-time. * Event metadata is included in the CSV reports. * The severity levels of the activity log have been mapped to the standard severity levels documented in the RFC. * The event metadata in the mirrored activity log events is in JSON format. * Event type and Object metadata is included in the mirrored activity log events. * Changes by third party plugins for which an extension is available are no longer muted when extension is not installed. * Removed border from the first time install wizard (minor UI improvement). * Support for X-ORIGINAL-FORWARDED-FOR HTTP header (more info in support for WAFS & reverse proxies) * Plugin now is using the new in-plugin pricing page. * A much improved default SMS alert and email notification template. * Revamped the connections and mirroring wizards and included connectivity tests in them. * Improved the external db connection (now it is a persistent connection).

Bug fixes * Critical error was being reported when the failed logins notification was triggered. * Fixed an unhandled exception which occurred when the free edition was activated on a site where the premium edition was already activated. * Events time stamp in emails was not always the same as in the activity log. * Event ID 2065 (modified content) was reported unnecessarily after adding a custom field to a post. * Event ID 1010 (user requested password reset) was not reported when the password reset was requested from a custom user profile page. * In some cases, archiving of the activity log could not be disabled.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.3.1 2021-06-03

(2021-06-03) =

Improvements * Minimum version of PHP required now is 7.0. * Added a custom prefix to libraries and dependencies used in the plugin to ensure there are no conflicts.

Bug fixes * Corrected logic in code to ensure all sessions are handled and checked when destroying idle sessions. * Fixed an issue causing create/expired times in the "Logged in users" view to appear incorrectly. * Implemented a missing function without with events were not retreived from the MainWP extension.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.2.2 2021-04-22

(2021-04-22) =

Improvements * Redefined and improved the definitions of the activity log events. * Improved text for all the activity log events.

4.2.1 2021-03-16

(2021-03-17) =

Release notes: WP Activity Log 4.2.1: Maintenance update & new event IDs

Improved activity log coverage * 6045: user changed the site language * 4029: admin initatiated a user password reset

Improvements * Improved events definition (prep work for version 4.3). * Added the {meta} and {links} tags in email and SMS notifications. * Plugin reports email address used in failed login attempt instead of System. * Added nonce to daily email notification trigger to prevent possible CSRF issues. * Updated some plugin settings so they can be centrally managed from the Activity Log for MainWP extension. * Added more user privileges checks in the plugin (better restricted access to users who has read only access to the activity log). * Activity log extensions name is now displayed in admin notices. * Sorted the activity log extensions in alphabetical order in the plugin UI. * Improved the Search filters labels.

Bug fixes * Dates in reports were not being translated. * Some cron job data was left behind during uninstall. * A database entry was left behind during uninstall. * Site administrators could see some plugin pages on a multisite network (help and about). * Fixed some formatting issues with some of the event IDs.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.2.0.1 2021-02-12

(2021-02-12) =

  • Bug fix
    • Menus sensor causing fatal error when there are changes in a menu (support ticket 1 & 2
4.2.0 2021-02-11

(2021-02-11) =

Release notes: WP Activity Log 4.2: Support for all date & time formats & other major updates

New features * New date & time module that supports any type of date and time format that WordPress supports. * An all new activity log dashboard widget. * Added activity log coverage for several new WordPress settings, including automatic updates settings, date and time settings and application passwords.

Improved activity log coverage * New event IDs for changes in posts * ID 2129: User added / changed / removed a post's excerpt * ID 2130: User added / changed / removed a post's featured image

  • New event IDs for changes in WordPress settings

    • ID 6035: Changed the "Your homepage displays" WordPress setting
    • ID 6036: Changed the homepage in the WordPress setting
    • ID 6037: Changed the posts page in the WordPress settings
    • ID 6040: Changed the Timezone in the WordPress settings
    • ID 6041: Changed the Date format in the WordPress settings
    • ID 6042: Changed the Time format in the WordPress settings
    • ID 6044: User changed the WordPress automatic update settings
  • New event IDs for application passwords

    • ID 4025: User added / removed application password from own profile
    • ID 4026: User added / removed application password from another user's profile
    • ID 4027: User revoked all application passwords from own profile
    • ID 4028: User revoked all application passwords from another user's profile
  • New event IDs for multisite network settings

    • ID 7007: The setting Allow site administrators to add new users to their site was enabled / disabled
    • ID 7008: The value of the Site upload space setting was changed
    • ID 7009: The value of the file size allowed in the site upload space setting was changed
    • ID 7010: Changed the list of allowed file types on the network
    • ID 7011: Changed the value of the maximum upload file size network setting
  • Other new event IDs

    • ID 1010: User requested a password reset.

Improvements * Improved coverage of users logins, logout and failed logins activity on custom login pages. * Standardized the text, format and metadata formatting of all the activity log events. * Drastically improved the coverage of the activity logs sensors with a number of new event IDs. * Redesigned the activity logs extension UI. * Support for URL rewrites and page names (correct page title reported even if the page is a URL rewrite). * Default activity log SMS notifications template updated. * Plugins version numbers are now reported in the activity log (for example when a plugin is updated). * Users who hide the plugin from plugins page now get a notification when a plugin update is available. * Consolidated the code that generates the activity log messages. * Merged the Help and Contact us pages in the plugin menu. * Improved the Reports filters queries to address timeout issues on very big websites. * Replaced the "SHOW TABLES" queries for much better plugin performance. * Removed the "/uploads/wp-activity-log/" directory in the free edition. This is only required in premium edition. * Support for CloudFlare HTTP headers - plugin reports correct IP when behind CloudFlare CDN or firewall (more info on firewalls support)[https://wpactivitylog.com/support/kb/support-reverse-proxies-web-application-firewalls/]. * Reports, Email & SMS notifications and other modules now fully support metadata which contains the space character. For example the user role Shop Manager. * Remove support for custom sensors. Custom event IDs in activity log now only supported via activity log extension plugin. * Completely removed the code of the old promotional events (stopped using them in 2017). * Removed the request log file setting. The request log file can now be enabled via a filter. * Removed the working directory location setting from plugin settings. Instead introduced a new wp-config.php constant: WSAL_WORKING_DIR_PATH
* Plugin now using WP_CONTENT_DIR instead of ABSPATH were applicable (better supported by WordPress specific web hosts). * Added event text to event IDs 1001 and 1001. * The system information file now also includes all of the plugin's settings saved in the wp_options table. * Simplified the process that retrieves filnames. * Several under the hood performance improvements (removed obsolete code, improved sensors etc)

Bug fixes * Event ID 1000 (user login) still logged when IP address is excluded. * Change in page template was not being logged with event ID 2048. * Event ID 2002 was not always reported in some edge cases. * Plugin's directory in uploads was not being created when website was hosted on Flywheel and WordPress.com. * Date & time were missing in CSV reports when using some specific date and time formats in WordPress. * Super admin role was also shown for administrators on single site setup. * Plugin was not showing the correct total of sessions when deleting all sessions. * Plugin was generating a PHP error when a network site was deleted. * No event was being reported when installing activity log extensions for third party plugins. * Plugin installation was not running correctly when installed alongside the Website File Changes Monitor plugin. * The setting to configure the number of failed logins to keep a log of was reset to default each time the settings page was saved. * Wrong variable was used in licensing notifications, resulting in misleading error responses when license failed to activate.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.1.5.2 2021-01-21

(2021-01-21) =

  • Improvement
    • Replaced Swipebox with Simple Lightbox (compatible with WordPress 5.6)

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.1.5.1 2020-11-23

(2020-11-24) =

  • Improvements

    • Updated the Freemius SDK to the latest version.
    • Updated the Twilio SDK to the latest version.
  • Bug fix

    • In some edge cases, the time in the reports was incorrect.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.1.5 2020-11-04

(2020-11-02) =

Release notes: WP Activity Log 4.1.5: Support for new MainWP settings module & improved coverage

  • New features

    • Support for the new settings module in the Activity Log for MainWP extension.
  • New event ID

    • ID 7012: user changed the network's users and sites registration settings.
  • Security fix

    • SQL Injection in external database module reported by WP deeply. Thank you for the responsible disclosure.
  • Breaking change

    • Removed detection and logging of requests to non-existing URLs (404s). Event ID 6007 and 6023 no longer used in the plugin. This breaking change resulted in a major performance improvement.
  • Improvements

    • Added Event Type and Object in the activity log reports.
    • Improved the coverage of the login / logout detection sensor.
    • Improved format of "hover over pop-ups" used in the activity log viewer (such as the one to exclude a specific event ID).
    • Moved almost all of the remaining WooCommerce sensor code to the activity log for WooCommerce extension.
    • Improved UX for the front-end sensors settings - options now are available underneath the relevant event ID.
    • Removed redundant code that is now in the WordPress activity log extensions.
  • Bug fixes

    • Sorting of activity log events not retained in following pages when in pagination mode.
    • Users sessions table was not being created when upgrading from the free to the premium editions of the plugin.
    • Link to exclude custom field in event was broken / not adding the custom field to the exclusion list.
    • Changing the category of a post was not being reported (Event ID 2016).
    • Unkown object was reported in event ID 6034 (purged activity log).
    • Changing password via the WooCommerce account page caused session to remain once user logs out.
    • Users could add multiple identical search filters causing a crash.
    • Users not redirected to the correct list of event IDs after installing the activity log for Yoast SEO extension.
    • Install Extension button in events was broken and not triggering the extension installer.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.1.4 2020-10-07

(2020-10-07) =

Release notes: WP Activity Log 4.1.4: New activity log for Yoast SEO extenion & improved coverage

  • New features

    • Activity Log for Yoast SEO extension.
    • Plugin detects plugin updates done via a zip file (new feature in WordPress 5.5)
  • New Yoast SEO activity log event IDs

    • ID 8826: user has enabled / disabled the Redirect Attachment URLs in the Yoast SEO plugin.
    • ID 8827: Usage tracking has been enabled / dsabled.
    • ID 8828: The REST API: head endpoint setting was enabled / disabled.
    • ID 8829: The social profile URL was added / modified / deleted.
    • ID 8830: User changed the taxonomies settings to show in search results.
    • ID 8831: Chaged the SEO title template for a taxonomy type.
    • ID 8832: Changed the meta description template for a taxonomy type.
    • ID 8833: Enabled or disabled the display of Author or Date archives.
    • ID 8834: Configured the plugin to show the Author or Date archived in the search results.
    • ID 8835: Changed the SEO title template for the Author or Date archive pages.
    • ID 8836: Changed the Meta description template for the Author or Date archive pages.
    • ID 8837: Enabled / disabled the setting to show SEO settings for specific taxonomy types.

Refer to the complete list of activity log event IDs for more detailed information.

  • Improvements

    • Improved the overall coverage and how events of changes in Yoast SEO plugin and YoastSEO metabox are reported.
    • Implemented a single email class that is now used by all email features in the plugin.
    • Updated Freemius SDK to the latest version (2.4.0).
    • Improved the detection mechanism of installed third party plugins used for the activity log extensions notifications.
    • Consolidated all activity log extensions code - now all third party plugins extensions use the same code.
    • Improved the plugin's activation process on multisite network.
    • Plugin only shows file changes notifications if the Website File Changes Monitor plugin is installed.
    • Plugin prompts user to save unsaved changes in settings page before switching pages.
    • Improved plugin & activity log permissions on multisite network.
    • System information file updated to retrieve settings from the wp_options table.
    • Removed all the obsolete event IDs from the Enable/Disable events section.
    • Updated a number of filters/hooks calls that were calling deprecated ones.
    • Removed all the obsolete code which was used for the old wp_wsal_options table.
    • The handling of disabled event IDs is now done more efficiently, via filters.
    • Improved the session db adaptor which was causing errors in specific edge cases.
    • Branded the notifications for third party plugins extensions and improved the text.
    • Improved the first-time install wizard CSS to correctly display the list of required extensions for third party plugins.
    • Removed event ID 2106 (plugin updated post) and ID 8823 (Yoast SEO date snippet) because they were made redundant.
    • Moved all remaining bbPress code to the Activity Log for bbPress extension.
    • Added check to prevent identical search filters from being saved.
  • Bug fixes

    • Removed the old version check from the wp_wsal_options table.
    • Reset plugin settings was not deleting all the settings.
    • Reports UI was not loading in a mixed content environment.
    • Unkown object was reported in event ID 6034 (user purged activity log).
    • Custom login page message was not shown in specific edge cases.
    • Addressed a number of errors that were appearing during WooCommerce setup.
    • List of IP addresses in event ID 1005 (users has multiple logged in sessions) was incorrect.
    • Plugin was generating an error when changing the WooCommerce store address on a multisite network.
    • Event ID 1000 reported twice on websites using the OptimizeMember plugin.
    • Third party plugins detection was not detecting all plugins on multisite network.
    • Built-in email notifications couldn't be disabled after they were enabled.
    • Notifications to install third party plugin extensions were shown in sub sites on a multisite network.
    • Event ID 1000 (user login) was reported even when user was excluded from the logs.
    • Data picker obscured by autocomplete in notifications.
    • Fixed conflict with MyCred plugin (widget sensor was killing ongoing widget requests).

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.1.3.2 2020-08-14

(2020-08-14) =

  • Improvement

    • Released extension WP Activity Log for WooCommerce update 1.1 (improved logging etc).
  • Bug fixes

    • The orders details in WooCommerce were not being added to the order (Support ticket).
    • An empty space was added to the top of the WordPress admin menu.
    • Third party plugins extensions notification not showing in the activity log viewer.
    • Thurd party plugins extension help text was shown on the wrong pages.
4.1.3.1 2020-08-12
4.1.3 2020-08-12

(2020-08-11) =

Release notes: WP Activity Log 4.1.3: New extension for WooCommerce & other updates

  • IMPORTANT

    • Only update from 4.1.2 to 4.1.3. If you are using an older version, first update to 4.1.2 before updating to 4.1.3.
  • New features

    • The all new WP Activity Log for WooCommerce extension (needed to keep a log of changes on WooCommerce store, products, orders & much more).
    • New plugin and activity log privileges that allow super admins on a multisite network to restrict activity log access to site admins and other super admins.
    • Coverage for changes done to relationship custom fields created with ACF.
  • New activity log events

    • ID 2131: Added relationships in a custom field.
    • ID 2132: Removed relationships from a custom field.
    • ID 9101: Created new product tag in WooCommerce.
    • ID 9102: Deleted a product tag in WooCommerce.
    • ID 9103: Renamed a product tag in WooCommerce.
    • ID 9104: Changed the slug of a product tag in WooCommerce.

Refer to the complete list of activity log event IDs for more detailed information.

  • Improvements

    • Improved the plugin's coverage of WooCommerce stores, products, orders etc by adding new events, and updating the current sensor.
    • Plugin now uses the default WordPress options table to store settings (performance enhancement).
    • Refactored all settings in the database so they all use yes/no values.
    • Restricted the plugin's and activity log settings to the network dashboard only on a multisite network.
    • Change in wp_wsal_sessions table structure: now plugin uses session ID as unique identifier in table.
    • Plugin keeps the ID of the sites a user is logged in to on a multisite network.
    • Removed the Import/Export plugin settings functionality (a much better utility will be designed and launched as a replacement).
    • File changes detected by the Website File Changes Monitor plugin are now reported in the daily summary email.
    • Log files working directory in uploads directory renamed to wp-activity-log.
    • If no path is specified for the log files working directory, the default path is used.
    • Improved activity log privileges - on multisite super admin can restrict site admins from seeing their own site's activity logs.
    • WooCommerce front end sensor is automatically enabled if admin enables events to track purchases of non-logged in users.
    • Improved the text of the third party plugins extensions notifications.
    • Updated the format of event IDs 9070 and 4020 to matches the standard template.
    • Coverage of WooCommerce coupon changes has been improved andplugin can now keep a log of usage restriction changes in coupons.
    • IP address in list of logged in users is now linked to WhatIsMyIPAddress.com.
    • Added a message for when no sessions are shown in the Logged In users section.
    • Minor changes in the plugin's settings pages.
    • Updated some notifications used by the third party plugins extensions.
    • Third party plugins extensions are now automatically activated on multsite network when installed.
    • Removed all code that was used for file scanning. Now plugin is fully integrated with Website File Changes Monitor.
  • Bug fixes

    • Extensions notifications were wrongly shown to sub sites admins on multisite.
    • Event 1002 (failed user login) was wrongly reported when a user session is blocked.
    • When the setting Delete data on uninstall was enabled the plugin was not deleting all the data from the database.
    • Event ID 1002 (failed user login) incorrectly links to log file.
    • Plugin does not send logs to Activity Log for MainWP extension when child site uses a non-default admin URL.
    • Error when loading user session tokens from usermeta table in some cases.
    • Users sessions table was moved to external database when activity log is stored in an external database.
    • Plugin was reporting event ID 1000 (login) when user changes own password in user profile page.
    • Plugin's log files working directory was hardcoded (uploads directory).
    • When super admins changed the plugin's settings on a child site, the settings were not applied globally.
    • Users who are allowed to view the activity log can also see who is logged in.
    • The old plugin name was shown on the daily summary email template.
    • Plugin created working directory in wrong location when site address is different than WordPress address.
    • Setup wizard shows all the extensions for third party plugins instead of those for the installed plugins.
    • Wrong anchor text "view post in editor" used for WooCommerce products.
    • Unknown object reported instead of actual Object in some of the WPForms activity log events.
    • Event ID 2080 not reported when the last item was removed from the site menu.
    • Plugin logo missing from license activation screen.
    • Website File Changes Monitor custom posts type changes were reported (these are ignored by default).

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.1.2 2020-06-24

(2020-06-24) =

Release notes: WP Activity Log fully integrated with Website File Changes Monitor

  • New

    • Plugin now uses the Website File Changes Monitor plugin for file integrity monitor scans.
  • Improvements

    • Event ID 6033 now reports when file integrity monitoring scans start and stop.
    • File changes events in the activity log link directly to the changes reported in Website File Changes Monitor.
    • Log files custom path setting reverts to default path if left empty.
  • Bug fix

    • Plugin creating the log files outside website directory if Website URL is different than WordPress URL.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.1.0 2020-05-26

(2020-05-26) =

Release notes: New session policies per user roles & other improvements

  • New Features

    • New WordPress users sessions management module with configurable policies per user role.
    • Setting to configure the log files location (request log file, 6007 and 6023 events).
  • Plugin Improvements

    • Activity log reports now support user roles which have the space character in the name.
    • Removed more legacy code from the plugin (the check for encryption method).
    • Removed old update scripts (for when updating from versions prior to 3.5.2).
    • Moved 10 more plugin settings from the custom table to the wp_options table (performance improvement).
    • Standardized the format of all placeholders in the UI (now they are all using default WordPress format).
    • Removed premium only code from free edition.
  • Bug fixes

    • Scheduled daily reports included data of the last 24 hours instead of the previous day.
    • Resaving the activity logs archiving settings generated errors (didn't check if connection was already setup).
    • Issue with the plugin when installed on MainWP child sites (support ticket).
    • Plugin adding Menu entry with no title (used by the wizard).

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.0.4 2020-05-20

(2020-05-20) =

Release notes: Introducing WP Activity Log (the new name for WP Security Audit Log)

  • Name Change
    • In this update we renamed WP Security Audit Log to WP Activity log. No code changes are included in this release.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous versions of the WP Activity Log plugin.

4.0.3 2020-04-16

(2020-04-16) =

Release notes: Update 4.0.3 - New bbPress add-on & improved WooCommerce activity logs

  • BREAKING CHANGE

    • Individual add-ons (pre 2018) will not be supported anymore.
  • New features

    • Two new activity log objects: WooCommerce coupon and Yoast SEO metabox.
    • Plugin detector that detects plugins for which we have add-ons and prompts the user to install the add-ons.
  • New activity log event IDs

    • 9105: The stock quantity of a product was changed due to an order.
    • 9085: The WooCommerce setting "Selling location(s)" was changed.
    • 9086: List of excluded countries to sell to in WooCommerce was changed.
    • 9087: List of countries to sell to in WooCommerce was changed.
    • 9088: The WooCommerce setting "Shipping location(s)" was changed.
    • 9090: The WooCommerce setting "Default custom location" was changed.
    • 9091: The "Cart page" in the WooCommerce settings was changed.
    • 9092: The "Checkout page" in the WooCommerce settings was changed.
    • 9093: The "My Account page" in the WooCommerce settings was changed.
    • 9094: The "Terms & conditions page" in the WooCommerce settings was changed.

Refer to the activity logs for WooCommerce for more details on WooCommerce support.

  • Improvements

    • Drastically improved the coverage of the WooCommerce activity log sensor.
    • WooCommerce sensor now detects changes done from the new interface (WooCommerce Admin).
    • Event 9029 (WooCommerce store base location change) now reports both the old and new address.
    • Updated WooCommerce sensor to detect all the changes in the tax options (event IDs 9078 - 9081).
    • Changed the event type from "Modified" to "Renamed" in the events where in which the object is renamed.
    • "Plugins" is reported instead of a username when a change is done automatically by a plugin.
    • Improved the activity logs external database connection test during connection setup.
    • Removed obsolete code which was only used in previous versions from the defaults.php file.
    • Improved event ID 2055 (deleted custom field) so it is not reported when a custom field is deleted autoamtically due to the post being deleted.
    • Removed redundant filters wsal_event_type_text and wsal_event_object_text.
    • Moved 10 plugin settings to the WordPress options table as part of the plugin improvement project.
    • External database connector now reports actual MySQL error for improved troubleshooting.
    • All the changes done to a bbPress forum or topic are reported, even when done at the same time.
  • Bug fixes

    • Event ID 8808 not firing when Cornerstone article setting is enabled or disabled in a post.
    • Event ID 9066 not firing when the expiry date of a WooCommerce coupon is changed.
    • Plugin reporting event ID 2001 instead of 5019 when a plugin automatically creates posts.
    • Fixed a minor compatibility issue in the Hide plugin functionality (support ticket).
    • Event ID 9063 reported instead of event ID 9071 when reporting a WooCommerce coupon change.
    • Events ID 1005 (multiple sessions detected) and 1007 (user terminated another user's session) were only working when frontend sensor was enabled.
    • Activity logs view buttons link to first site on network instead of network dashboard on multisite network.
    • Error reported when the role property was undefined.
    • Fixed a PHP 7.3 compatibility issue (support ticket).

Please refer to the complete plugin change log for more detailed information about what was new, improved and fixed in previous versions of the WP Security Audit Log plugin.

4.0.2 2020-04-01

(2020-02-28) =

  • Security fix

    • Added authentication check for the first-time install wizard. This addresses an edge case in which if the wizard was never completed by the user, unauthenticated users could run the wizard and give access to the plugin settings to WordPress users.
  • Improvements

    • Removed the setting / functionality to allow access to users with non-admin role to the plugin settings. Now users who require access to the plugin settings need to have the admin role.
    • Removed the "activity log view access" and the "exclude objects" steps from the install wizard. These are advanced settings.
    • Check the role of users trying to import settings file and deny if it does not have admin role.
4.0.1 2020-02-13

(2020-02-13) =

Release notes: Update 4.0.1 - activity logs for WPForms

  • New features

    • Activity logs for WPForms
    • One-click installation and activation feature for new third party plugins add-ons.
    • New Third Party Plugins tab in Enable/Disable Events section to allow users to install add-ons for third party plugins.
    • Added the new event types "Renamed" and "Duplicated" (more on activity log event types).
    • Added several new hooks in the plugin, mainly to allow custom editor link, to add custom column to the logs viewer, to add new event types and objects.
  • Improvements

    • Updated event IDs 2123, 2062, 2084, 9077 and 9071 so they now use the "Renamed" event type.
    • Updated the activity log severity levels definitions in defaults.php)
    • Updated / improved some of the help text messages.
    • Plugin does not automatically retrieve the IP addresses and latest change of logged in users if there are 100+ sessions (performance improvement).
    • Localized text in JS files.
    • Started removing obsolete code.
    • Added new filter to allow custom %EditorLinkWPForm% from custom events add-ons.
  • Bug fixes

    • Only the path of the added, modified or deleted file was reported in daily summary email.
4.0.0 2020-01-09

(2020-01-08) =

Release notes: Update 4.0.0 - The all new more comprehensive yet easier to read WordPress activity log

  • New features

    • New activity log viewer with two different view modes: grid and list view.
    • Two new types of WodPress activity log metadata: event type and object. OPTIONAL: Upgrade old activity log data to v4.
    • New WordPress activity log severity levels (and icons).
    • New UI / UX for the WordPress activity log search & filters.
    • Added search filters for the two new metadata types in the activity logs: event type and object.
  • Improvements

    • Updated the severity levels of all activity log events.
    • Included the two new metadata types in the email notification templates (event type and object metadata).
    • Updated the Freemius SDK to version 2.3.2.
    • Added a notification to refresh search when the filters change.
    • Added several new reference links in the plugin's help text.
  • Bug fixes

    • Addressed a warning message in the logs generated by the connector when using PHP 7.4.
    • Fixed an issue which was triggered when using the User Switching filter hook.
    • Few spelling mistakes in the plugin's UI and settings pages.
3.5.2.1 2019-11-26

(2019-10-26) =

  • Bug fix
    • Fixed an unhandled exception in an upgrade script used to delete old cron jobs.
3.5.2 2019-11-26

(2019-10-26) =

Release notes: Update 3.5.2 - New filter hooks & better support for CPT on multisite networks

  • New Filter Hooks

    • Disable the email notification sent when plugin is deactivated.
    • Change the email address of the notification email sent when plugin is deactivated.
    • Disable support for User Switching plugin.
  • Improvements

    • Updated database queries to better support MySQL 8.
    • New setting to enable/disable milliseconds in timestamps.
    • New option in wizard to enable the WordPress activity log mirror once set up.
    • Added the wsal_ prefix to all cron jobs.
    • Fine tuned the WooCommerce activity log sensor to report only the neccessary events when there are coupon changes.
    • Updated the WordPress activity log custom events API to only require one sensor on a multisite network.
    • Removed old version specific checks used during upgrades.
    • Daily summary email now includes more accurate user logins details.
  • Bug Fixes

    • Custom post types on sub sites were not recognized on multisite network install.
    • Background events were not being excluded from the logs even when the plugin is configured to exclude them.
3.5.1.1 2019-10-31

(2019-10-31) =

  • Improvement

    • Prevent classes of the wrong instance from being added to $views.
3.5.1 2019-10-24

(2019-10-22) =

  • New Features

    • Filters and sorting capabitilies added to the Severity column in the activity log viewer.
  • Improvements

    • Improved the way data is reported in some WooCommerce activity log events.
    • Added more links to the plugin documentation in the settings pages.
    • Improved the reporting of Event ID 2022 (date change), it is no longer reported with every change on draft post.
    • Improved user logout detection to detect logouts when using plugins such as Login and Logout Redirect.
  • Bug Fixes

    • Multiple events reported when a new post is saved with the Classic Editor
    • List of failed logins IP addresses not displayed properly in daily email when using outlook.
    • Fixed compatibility issue with the Newspaper news theme.
    • Removed incorrect use of parameter in add_submenu_page (credits: Chris Van Patten).
3.5 2019-09-23

(2019-09-12) =

  • New Features

    • 3 new front-end sensors that can be individually enabled / disabled individually (used for front end activity, such as logins from non-default WordPress login page).
  • Improvements

    • Improved the hide plugin feature: number of installed plugins is also adjusted when plugin is hidden.
    • Added new steps in the wizard to help users configure the front-end sensors when they install the plugin.
    • Plugin keeps log of stock changes when orders are placed manually or items in orders are changed (WooCommerce Activity Log).
    • Removed event ID 2126 (visitor posted a comment): noticed almost all users disable it since this is trivial information / change.
  • Bug Fixes

    • Plugin was not reporting correct product name & stock quantity when WooCommerce Tab Manager was installed.
    • Mirroring cron jobs not firing / not copying logs to mirror.
    • Unhandled error when using custom login pages.
3.4.3.1 2019-08-30
3.4.23 2019-08-29
3.4.2 2019-07-17

(2019-07-17) =

  • New Feature

    • A hook to specify the number of events shown by default in the audit log viewer when in infinite scroll view mode.
  • Improvements

    • Optimized the database queries used for search and filters (30x faster!).
    • Improved tracking of mirrored events to avoid mirroring duplicate events.
    • Specific error messages that help you troubleshoot are now shown when integrating Twilio for SMS notitications.
    • Plugin shows warning to install Activity Log for MainWP when installed on MainWP website.
    • Added website URL in default email notifications for WordPress.
    • MySQL response errors are now displayed when configuring an external database connection.
    • Improved the first time install message about non-sensitive diagnostic data.
    • Width of first install wizard prompt is responsive.
  • Bug fixes

    • Plugin logs an error when a non exising WooCommerce page is requested (HTTP 404).
    • Handling of infinite loop when Freemius API is unavailable during plugin first install.
3.4.1 2019-05-16

(2019-05-16) =

Release notes: New plugin settings import/export tool & hooks for theme developers

  • New Features

    • Tool to export and import plugin configuration & settings.
    • Exclude range of IP addresses from the activity log.
    • New hooks for theme developers to display the custom login messages the plugin shows when multiple user sessions are blocked.
    • New hook to add a list of hidden meta keys the plugin should keep a log of.
  • Plugin Improvements

    • First time plugin use texts is now easier to read and much shorter.
    • Added support for more time & date formats in the activity log reports for WordPress.
    • Improved content sensor - previously reporting events not neccessarily needed (background processes)
    • Removed hardcoded paths from the WordPress file integrity scanner.
    • Removed Sites filter from audit log viewer - made redundant by the site selector drop down menu.
  • Bug Fixes

    • Multiple events reporting the same thing generated when user changes WooCommerce shipping / billing address.
    • Updated incorrect tags used in test SMS message.
    • Event 2002 (modified post) reported even when there is a specific change event ID.
    • Event 2016 (plugin modified post) reported whenever a post is updated by user.
    • External database connection cannot be deleted because it is marked in use even when not.
    • Plugin generating error when set_user_role is set to NUL in request.
    • Infinite scroll stops working on Firefox (intermittent issue).
3.4.0.1 2019-04-10

(2019-04-10) =

  • Bug Fixes
    • Backward compatibility issue for PHP 5.4.
    • Fix for audit log page search extension check function.
3.4 2019-04-03

(2019-04-03) =

  • New Features

    • SMS notifications (integration with Twilio) for the WordPress audit logs.
    • Integration with Bit.ly to shorten URL in SMSs.
    • Added buttons to test email and SMS notifications.
    • Support for User Switching plugin.
  • New Activity Log Event IDs

    • Event ID 1008: user logged in as another user.
    • Event ID 9083: user changed the billing address (WooCommerce).
    • Event ID 9084: user changed the shipping address (WooCommerce).
  • Plugin Improvements

    • Added more pre-configured SMS & email notifications.
    • Improved all sensors to also detect changes that are not done via the dashboard.
    • Optimized some metadata database queries (reduced qeuries by 75%).
    • Improved the content sensor (better detection of content changes).
    • Optimized the database query that fetches list of logged in users.
    • Removed email notifications wizard.
    • Standardized all tabs and titles in the Emails & SMS Notifications feature.
    • Improved the help text in the Emails & SMS Notifications feature.
    • Removed the limit of 5 criteria in the notifications trigger builder.
    • Removed declaration of emails' Mime-type - this is automatically set so there is no need for it.
  • Bug Fixes

    • WooCommerce order name was not reported in event ID 9040 (changed order detail) in some edge cases.
    • Maximum execution time configured in the WordPress activity log reports engine now is only used when generating a report.
    • CSV reports were not being generated.
    • Audit trail auto refresh was not working when using infinite scroll viewer option.
    • Plugin reporting event 9032 (disabled use of WooCommerce coupons) by mistake.
    • Event IDs 2046 and 2051 were not being reported when files were modified via the editors.
    • Plugin reporting event 2002 when there were changes in a post's Yoast SEO metabox.
    • Removed all reference to obsolete plugin setting: wsal-archiving-date-e.
    • Admins on multisite child sites could see the activity logs of other sites.
    • Event ID 2073 (post submitted for review) was not being reported in Gutenberg.
    • Event 2074 (scheduled post) was not being reported in Gutenberg.
3.3.1.2 2019-02-26

(2019-02-25) =

  • New Activity Log Events for WooCommerce

    • Event ID 9078: Changed the option to include / exclude taxes in product prices.
    • Event ID 9079: Changed the option on what type of shipping to calculate tax on.
    • Event ID 9080: Changed the shipping tax class.
    • Event ID 9081: Enabled / Disabled the rounding of the sub total.
    • Event ID 9082: Added / Deleted / Modified a shipping zone on WooCommerce.
  • Plugin Improvements

    • Better handling of plugin activation on multisite - plugin can only be activated from the network dashboard.
  • Bug Fixes

    • Updated Freemius SDK which includes a security fix.
3.3.1.1 2019-02-07

(2019-02-06) =

  • New Features

    • New infinite scroll view in audit log viewer making the browsing of the activity logs much faster.
  • Plugin Improvements

    • Improved the search filters - now they are much faster.
    • Improved user session handling to better handle >1,000 sessions.
    • Replaced PHP severity with event log severity in the list of Events.
  • Bug Fixes

    • Scan Now button for the WordPress file integrity scanner is grayed out when auto scanning is disabled.
3.3.1 2019-01-29

(2019-01-29) =

Release notes: Major Activity Log Improvement in WooCommerce Coverage

  • New Events for WooCommerce Orders

    • ID 9035: New order placed in WooCommerce.
    • ID 9036: Changed the status of a WooCommerce order.
    • ID 9037: Moved a WooCommerce order to trash.
    • ID 9038: Restored a WooCommerce order from the trash.
    • ID 9039: Permanently deleted an order.
    • ID 9040: Changed the orders details.
    • ID 9041: Refunded a WooCommerce order
  • New Events for WooCommerce Product Admin & Attributes Changes

    • ID 9042: Changed the catalog visibility of a product.
    • ID 9043: Changed the Featured product setting of a product.
    • ID 9044: Changed the allow backorders setting of a product.
    • ID 9045: Changed the the Upsells of a product.
    • ID 9046: Changed the Cross-sells of a product.
    • ID 9047: Added a new attribute of a product.
    • ID 9048: Modified the value of a product attribute.
    • ID 9049: Renamed a product attribute.
    • ID 9050: Deleted a product attribute.
    • ID 9051: Changed the visibility of a product attribute.
  • New Events for WooCommerce Categories

    • ID 9052: Deleted a product category.
    • ID 9053: Changed the slug of a product category.
    • ID 9054: Changed the parent of a product category.
    • ID 9055: Changed display type of a product category.
    • ID 9056: Changed the name of a product category.
  • New Events for WooCommerce Payment Gateways

    • ID 9074: Enabled a payment gateway.
    • ID 9075: Disabled a payment gateway.
    • ID 9076: Modified a payment gateway.
  • New Events for WooCommerce Coupons:

    • ID 9063: Published a new coupon.
    • ID 9064: Changed the discount type of a coupon.
    • ID 9065: Changed the coupon amount.
    • ID 9066: Changed the coupon expire date.
    • ID 9067: Changed the Usage Restriction settings of a coupon.
    • ID 9068: Changed the Usage Limits settings of a coupon.
    • ID 9069: Changed the description of a coupon.
    • ID 9070: Changed the status of a coupon.
    • ID 9071: Renamed the WooCommerce coupon.
  • New Events for WooCommerce Attributes:

    • ID 9057: User created a new attribute.
    • ID 9058: User deleted an attribute.
    • ID 9059: User changed the slug of an attribute.
    • ID 9060: User changed the name of an attribute.
    • ID 9061: User changed the default sort order of an attribute.
    • ID 9062: User enabled/disabled the option Enable Archives of an attribute.
  • New Features

    • Email notification to site admin when the plugin is deactivated.
    • New setting to control refreshing of the live notifications in the admin bar.
    • Three new hooks in the activity log plugin that allow for event data manipulation.
  • Plugin Improvements

    • Major performance enhancement to the Event Viewer
    • Updated the text of some settings.
    • Event severities are now saved as meta data (we can now build filters for them).
    • Added the product status in all WooCommerce events.
    • Event 9011 (modified draft WooCommerce product) made obsolete with event 9010.
    • Event 9020 changed to report the different product types (simple, grouped, external, variable, downloadable, virtual)
    • Updated Freemius SDK
    • Better handling of incorrect database privileges when installing plugin.
    • Excluded the default WordPress cache directory from the default WordPress File Integrity Scans
  • Bug Fixes

    • Events 2027 and 2011 incorrectly logged hen saving a draft post in Gutenberg.
    • Plugin logged event 5019 by mistake when the front end editor of WP Bakery was used.
    • When files bigger than the file size limit were scanned for the first time the plugin wrongly reported them as modified.
    • In some cases where WordPress was not upgraded to 5.0 the plugin was not recognizing content changes.
3.3.0.2 2019-01-07

(2019-01-07) =

  • Improvements

    • Better support for custom login pages.
  • Bug Fixes

    • Fixed an issue where the visitor logs sensor remains disabled when activity log level is switched to guru.
3.3.0.1 2018-12-26

(2018-12-26) =

  • New Feature

    • A setting to configure the number of logged in sessions the plugin retrieves when checking for logged in sessions.
  • Improvements

    • Improved handling of logged in users sessions data.
    • Terminate All Sessions button now also purges sessions data from the WordPress database.
    • Improved the events for when saving a draft post in the Gutenberg editor.
    • Checks for the Papertrail activity log mirroring connectivity improved.
  • Bug Fixes

    • Fixed an issue in which the plugin was sending two daily activity log summary.
    • Removed code for backward compatibility but was not PHP 7.2 compatible (Support Ticket).
    • Updated the list of website visitor events in Enable/Disable events section.
    • Fixed an issue with the auto refresh of users sessions.
3.3 2018-12-13

(2018-12-13) =

Release Notes: Slack Support & New External Connections UI

  • New Features

    • Slack support - mirror WordPress activity log for Slack.
    • New UI and totally revamped the external databases & services connections module.
    • Ability to mirror the WordPress activity logs to multiple destinations.
  • Improvements

    • Maximum file size for WordPress file integrity scans is now configurable.
    • Updated the Freemius SDK to 2.2.2 (addresses a MainWP conflict fix).
    • Plugin access can now be restricted to super administrators only on a multisite network.
    • Multiple scan started / stopped events per directory merged into one.
    • Added 1 and 4 hours option to terminate idle users sessions setting.
    • Plugin now always keeps a log a post updates, even if update is not done via the editor.
    • Better handling of terminated users sessions (in hung state, blocking legit logins).
    • Access to plugin now can be restricted to super admin role on multisite networks.
    • User info in daily activity log summary email is now variable - the same as configured in the plugin settings.
    • Limited Freemius user messages to users who can view & manage the plugin.
    • Addded support for a dot in the time format (e.g: d.-m-Y G:i)
    • Bug Fixes
    • Better handling of data from the REST API Support ticket.
    • Fixed: two daily activity log emails were being sent instead of one.
    • Restricted the starter license (had access to some pro features).
    • Fixed a number of minor warnings when running the plugin on PHP7.
    • Logins when using the Two-Factor plugin are now logged properly.
    • Fixed - first time setup wizard prompt not always showing.
3.2.5 2018-12-06

(2018-11-15) =

Release Notes: Announcing Activity Log for MainWP

  • New Events for the activity log

    • Event ID 2127: Changed the name of a category
    • Event ID 2128: Changed the slug of a category
  • New Functionality

    • Added support in the plugin for the Activity Log for MainWP extension.
  • Bug Fixes

    • Fixed an issue in the licensing which allowed users with Starter plan to access features from the professional plan.
3.2.4 2018-10-04

(2018-10-04) =

Release Notes: click here

  • New Activity Log Features

    • Support for Gutenberg
    • Daily activity log overview email.
    • Live notification of latest event in the WordPress admin bar.
  • Plugin Improvements

    • Revamped the Users management module and settings - part of the easy to use updates.
    • Error message for blocked simultaneous users sessions can now be configured.
    • Updated the order of the plugin menu entries to a more convenient one.
    • Invalid usernames used in failed logins are now kept for 30 days in the database.
    • Improved WordPress menu sensor - added coverage and improved accuracy.
    • Changed Event Code to Event ID in email notifications trigger builder.
    • Improved MainWP Child Site Stealth Mode for premium edition.
    • Sidebar admin notification on first install now only shown to the first user accessing the activity log.
    • Removed in activity log adverts.
    • Updated top banner adverts in activity log - now users can hide them.
    • Updated WordPress icon used to report system events in activity log.
  • Bug Fixes

    • Added support for arrays in ACF Support Ticket
    • Handled an exception error in which user has same event ID. Now instead plugin shows an show error and disable custom sensor.
    • Fixed an issue in which the startup wizard was shown twice on the free edition of the plugin.
    • Fixed an issue in which reports were not generated because of non-standard paths.
3.2.3.3 2018-09-12

(2018-09-12) =

Release Notes: click here

  • New Feature

    • MainWP Child Site Stealth Mode plugin setting.
  • New Activity Log Events

    • Event 6006: User reset the plugin settings to default
    • Event 6033: WordPress file integrity scans status updates (started & stopped)
    • Event 6034: User purged the activity log
  • Improvements

    • Added sub categories to Enable/Disable Events section to segregate long lists.
    • Improved the sensor for the detection of plugins activations and deactivations.
    • Removed the startup wizard from upgrade - now only triggered on new installs.
    • Improved the premium trial message with a Start Free Trial button.
    • Added notification response to purging old data from the event log manually.
    • Added a pop-up notification to confirm activity log level was applied successfully.
    • Improved error messages in the Exclude Objects setting page.
    • Removed Mcrypt completely (was previously used for external DB connection).
    • Updated the Freemius SDK to the latest version.
    • Removed use of GLOB_BRACE - it is no longer needed.
  • Bug Fixes

    • Fixed an issue in which notifications with specific post IDs was not working on multisite.
    • Fixed some security issues highlighted by RIPS tech.
    • Removed nodes of premium features for users who have VIEW ONLY access to the WordPress activity log.
3.2.3.2 2018-08-28

(2018-08-17) =

  • Bug fix
    • Fixed a backward compatibility issue in which the setup wizard was wrongly restricting plugin access.
3.2.3.1 2018-08-21

(2018-08-15) =

  • Bug fix
    • Fixed a compatibility problem with Windows server.
3.2.3 2018-08-13

(2018-08-16) =

Release Notes: click here

  • New Features

    • Added a startup wizard to assist new users with new installs.
    • Introduced the WordPress activity log levels.
    • New search filters in the WordPress activity log viewer.
    • Added a new test button to all external database connections, including those for WordPress activity log archiving and mirroring.
    • Added several new settings to purge the WordPress activity log and reset plugin settings to default.
  • Improvements

    • Performance improvement: optimized the logic of the plugin sensors to load only required ones during user action.
    • Redesigned all the settings pages and included more help text, making them more user friendly.
    • Added links to plugin knowledge base where possible in the plugin settings.
    • Improved the WordPress activity log pruning setting so now it is possible to configure retention based on a period of time.
    • Database improvement: changed the option_value column in the plugin tables to long text.
    • WordPress website file changes results are now stored in the plugin's options table.
    • Improved the list of excluded file extensions in the WordPress file changes scanner.
    • Added sorting in the logged in WordPress users view.
    • Added more checks to ensure opt-in and other plugin messages are shown when needed only.
    • Removed affiliate network message in plugin.
  • Bug Fixes

    • Fixed an issue where stored passwords might have been changed because of change from Mcrypt to OpenSSL.
    • Fixed an issue in which retention settings were reset when moved to archiving settings.
3.2.2.2 2018-08-01

(2018-08-01) =

  • Bug fix
    • fixed an issue with an incorrect opt-in prompt from the SDK
3.2.2.1 2018-07-18

(2018-07-18) =

  • Bug fix
    • fixed issues related to SDK path
3.2.2 2018-07-17
3.2.1 2018-06-05
3.2.0 2018-06-05
3.1.7 2018-05-02
3.1.6 2018-04-16
3.1.5 2018-04-05
3.1.4 2018-03-23
3.1.3 2018-03-19
3.1.2 2018-03-17
3.1.1 2018-03-13
3.1.0 2018-02-28
3.0.1 2018-01-31
3.0.0 2018-01-19
2.6.9.1 2017-11-20

(2017-10-24) =

  • Bug Fix
    • Fixed a syntax issue in the code that was affecting installs on PHP lower than 5.4
2.6.9 2017-10-26

(2017-10-24) =

  • New Audit Trail Alerts for logging of Tag changes

    • Alert 2119: User added tag to a post
    • Alert 2120: User removed a tag from a post
    • Alert 2121: User added new tag on WordPress
    • Alert 2122: User deleted a tag from WordPress
    • Alert 2123: User renamed a tag
    • Alert 2124: User changed the slug of a tag
    • Alert 2125: User changed the description of a tag
  • New Audit Trail Alerts for logging of User Profile Changes

    • Alert 4017: Changed the first name of a user
    • Alert 4018: Changed the last name of a user
    • Alert 4019: Changed the nickname of a user
    • Alert 4020: Changed the display name of a user
  • New Functionality

    • New hover over option to modify alerts' behaviour. This applies to alerts that have configuration such as 1002, 1003, 6007 and 6023.
    • Option to record referrer URL in log file when logging 404 errors to a log file.
    • Option to specify how many failed logins the plugin should log.
    • Option to capture the usernames used during failed login attempts with non WordPress users.
  • Improvements

    • Drop down menu to select number of alerts to display in Audit Log Viewer now has only fixed numbers.
    • Renamed first column to Alert ID (standardising text in plugin)
    • New French translation by Denis Moscato

Refer to the WP Security Audit Log change log on the plugin page for a complete changelog.

2.6.8 2017-09-19

(2017-09-19) =

  • Improvement

    • Improved the sensor for custom post types so posts with NULL value or other temp custom posts are not reported. This was reported in several support tickets; here, here and here.
  • Bug Fix

    • Add a new check to ensure the object is of WP_Post class Support Ticket
2.6.7 2017-09-09

(2017-09-09) =

  • Improvements
    • Added a new property in WSAL main class to store the current plugin version.
    • Added a new function in WSAL main class to define constants (to be used throughout the plugin)
    • Improved the code formatting in AuditLog.php
2.6.6 2017-08-30

(2017-08-30 =

  • New Audit Trail Alerts

    • Alert 4015 for when a user creates a custom field in a user profile.
    • Alert 4016 for when a user updates a custom field value in a user profile.
  • New Feature

    • Logging of changes in custom fields (in posts, pages, custom post types, user profiles) created by Advanced Custom Fields (ACF) or similar plugins.
    • New option to show either the Username or Firstname and Lastname of the user in the Audit Trail.
  • Improvements

    • 404 errors logfiles are now saved in /uploads/wp-security-audit-log/404s/ directory.
    • Changed the 404 errors logfile name format to [alert]_[yyyymmdd].log. Thanks to Enable Security for PoC of vulnerability and advise.
    • Removed link to view post from Alerts about permanently deleted posts (2008, 2009, 2033).
    • Added tooltip for filter via IP address.
  • Bug Fix

    • Fixed an issue where the viewing of content was not being logged when Yoast SEO is installed.
2.6.5 2017-07-18

(2017-07-18) =

  • New Audit Trail Alerts

    • Alert 1007 for when an administrator terminate's a logged in session using the Users Sessions Management Add-On
    • Alert 6023 to log 404 HTTP errors (requests to non-existing pages) by website visitors (non WordPress users)
  • Improvements

    • Seggregated the logging of 404 HTTP Errors by who generates them. Alert 6007 for logged in users, 6023 for anonymous website visitors.
    • Improved the logging of Alert 4014 so it is not reported every time a user's profile page is reloaded with a refresh or when a change is applied.
    • Removed the wsal_wp_session cookie, which was used to store the selected database when archiving of audit trail alerts is enabled. Using LocalStorage instead.
    • Replaced mcrypt (deprecated in PHP 7) with OpenSSL. Mcrypt still used temporarily to convert configured password. Will be removed completely in future updates. Support Ticket
2.6.4 2017-06-01

(2017-06-01) =

  • New Features
    • Added a number of queries in the plugin to support the new version of the Reports Add-On
2.6.3 2017-05-03

(2017-05-03) =

  • Security Update
    • Updated third party session libraries to a more secure version
2.6.2 2017-04-24

(2017-04-22) =

  • New alerts to record actions & profile changes

    • 1006: User logged out all other sessions with the same username
    • 4014: User opened the profile page of another user
  • New alerts to record post and page specific settings changes

    • 2111: Disabled Comments / Trackbacks and Pingbacks on a published post
    • 2112: Enabled Comments / Trackbacks and Pingbacks on a published post
    • 2113: Disabled Comments / Trackbacks and Pingbacks on a draft post
    • 2114: Enabled Comments / Trackbacks and Pingbacks on a draft post
    • 2115: Disabled Comments / Trackbacks and Pingbacks on a published page
    • 2116: Enabled Comments / Trackbacks and Pingbacks on a published page
    • 2117: Disabled Comments / Trackbacks and Pingbacks on a draft page
    • 2118: Enabled Comments / Trackbacks and Pingbacks on a draft page
  • New alerts to record WordPress site-wide settings changes

    • 6008: User enabled / disabled the option Discourage search engines from indexing this site
    • 6009: User enabled / disabled comments on all the website
    • 6010: User enabled / disabled the option Comment author must fill out name and email
    • 6011: User enabled / disabled the option Users must be logged in and registered to comment
    • 6012: User enabled / disabled the option to automatically close comments after [X] days
    • 6013: User changed the value of the option Automatically close comments from [X] to [X] days
    • 6014: User enabled / disabled the option for comments to be manually approved
    • 6015: User enabled / disabled the option for an author to have previously approved comments for the comments to appear
    • 6016: User changed the number of links from [X] to [X] that a comment must have to be held in the queue
    • 6017: User modified the list of keywords for comments moderation
    • 6018: User modified the list of keywords for comments blacklisting
  • Plugin Improvements

    • URL of content in alert is no longer truncated. Now it will be reported in full
    • Organised the alerts in Enable/Disable Alerts section in categories and sub categories, thus they are easier to find
    • Plugin no longer links to a non-existing log file when 404 logging is switched off
    • Added additional checks for when using the function wp_Sessions_register_garbage_collection, which was causing a conflict with another plugin
  • Bug Fixes

    • Fixed an issue in which the plugin was changing the titles of WooCommerce product pages for logged in users Ticket
    • Fixed an issue in which plugin was unable to handle automated generated content with author 0 Ticket
2.6.1 2017-03-20

(2017-03-09) =

  • Bug Fixes
    • Removed the PHP Session ID cookie created by mistake for non logged in users.
2.6 2017-02-08

(2017-02-08) =

  • New Features

    • Audit trail for WooCommerce Store and Products.
    • New Hover over functionality to disable alerts with a single click.
  • New WooCommerce Audit Trail Alerts

    • Refer to the Audit trail WooCommerce Alerts List for a complete list of alerts the plugin uses to keep a record of changes in the WooCommerce store and products.
  • Plugin Improvements

    • Improved severity of alerts and added severity description on hover over.
    • Removed all code related to PHP error monitoring, which is no longer used (code spring cleaning).
  • Bug Fixes

    • Fixed an issue in which 404 logs where still being generated when the logs option was disabled but alert 6007 was enabled.
2.5.9.2 2017-01-11

(2017-01-11) =

  • Bug Fix
    • Updated store URL so premium add-ons can be updated.
2.5.9 2017-01-03

(2017-01-03) =

  • Support for new features in External DB Add-on:
    • Mirroring of audit trail to Syslog
    • Mirroring of audit trail to Papertrail
    • Support for archiving alerts from the audit trail in an external database.
2.5.8 2016-11-09

(2016-11-09) =

  • Plugin Improvement (Standardized all date & time formats and timezone)

    • Plugin now uses the time & date format configured in WordPress (removed the option from plugin that override this).
    • Updated all the Premium Add-Ons to use the time & date format configured in WordPress.
    • Changed the Request Log file extension to php and disabled execution (before it was log, hence users could guess it)
  • Bug Fixes

    • Fixed a problem with restricting users' access to the plugin (support ticket).
    • Fixed a bug in the custom alerts - previously custom alerts were overwritten during upgrade. Updated custom alerts documentation as well.
2.5.7 2016-10-05

(2016-10-05) =

  • Bug Fix
    • Fixed an issue where a page's title was not being returned Support Ticket
2.5.6 2016-09-28

(2016-09-27) =

  • Bug Fix
    • Fixed an issue where previous 404 reports were not being correctly merged. Support Ticket
2.5.5 2016-09-28

(2016-09-27) =

  • New WordPress Audit Trail Alerts

    • 2100: User opened a post in the editor
    • 2101: User viewed the post
    • 2102: User opened page in editor
    • 2103: User viewed page
    • 2104: User opened custom post type in editor
    • 2105: User viewed the custom post type
  • New Features

    • New setting to configure the number of 404 requests the plugin should record in a logfile from the same IP address.
    • Ability to download the 404 log file directly from the alert.
    • Added a new setting that disables or enables all of the plugin's logging. It is disabled by default.
  • Plugin Improvements

    • Organized the plugin settings under different tabs making it is easier to configure.
    • Updated the Reports add-on to show 404 log file location in the reports.
    • Removed the auto-enabling of 404 requests monitoring (introduced in previous version).
    • When 404s are from localhost, localhost is used in filename and not the IP. Support Ticket
    • The Add Functionality node is now automatically disabled when one or more premium add-ons are activated.
    • Changed the location of request log to /wp-content/uploads/wp-security-audit-log/.
    • Changed the extension of the request log file from php to log.
    • Plugin won't keep a record of newly posted comments that are marked as spam by Akismet.
  • Bug Fixes

    • Fixed the data inspector that was not working in certain installations.
    • Fixed an issue with custom alerts, which were overwritten during upgrade. Refer to the custom alerts documentation for more information.
2.5.4 2016-09-14

(2016-09-14) =

  • Update

    • Updated the Italian translation file with the latest translations.
  • Bug Fix

    • Fixed a bug related to database collation which was affecting the generation of reports.
2.5.3 2016-08-16

(2016-08-16) =

  • Bug Fix
    • Enabled the 404 logging by default during upgrade and new install. Read this FAQ for more information on this functionality.
2.5.2 2016-08-15

(2016-08-12) =

Read the WP Security Audit Log 2.5.2 release notes for more details on what is new.

  • New Feature

    • Logging of 404 Requests to a Log file. Read this FAQ for more information on this functionality.
  • Improvements

    • Fixed several alerts / monitoring capabilities that were not working correctly in WordPress 4.6.
2.5.1 2016-07-26

(2016-07-26) =

  • Bug fixes
    • Fixed the disabling functionality of Alert 6007 because it was not working.
    • Fixed the disabling functionality for Alerts 1000 and 1001.
    • Merged bug fixes from version 2.4.4 (were not included in 2.5.0).
2.5.0 2016-07-12

(2016-07-12) =

Read the WP Security Audit Log 2.5.0 release notes for a detailed overview of what is new.

  • New Features

    • Plugin now keeps a record in the audit trail of changes in WordPress comments. Refer to the list of alerts for WordPress comments for the complete list.
    • Audit log alerts for 404 (page not found) requests.
    • Audit log alerts for pages / posts / custom post types automatically created by plugins.
    • Added wildcard (*) support for when excluding Custom Fields.
    • New setting to customize From email address and display name (The Reports, Email Alerts and Users Sessions Management add-ons have been updated to use the configured email address).
  • New WordPress Audit Trail Alert for Changes in Comments

    • 2090: User approved a comment
    • 2091: User unapproved a comment
    • 2092: User replied to a comment
    • 2093: User edited a comment
    • 2094: User marked a comment as Spam
    • 2095: User marked a comment as not Spam
    • 2096: User moved a comment to trash
    • 2097: User moved a comment out from the trash
    • 2098: User permanently deleted a comment
    • 2099: Website visitor / User posted a comment (disabled by default. Enable it from the Enable/Disable Alerts node in the plugin menu)
  • New WordPress Audit Trail Alerts for Plugins Activity

    • 5019: Plugin automatically created a post
    • 5020: Plugin automatically created a page
    • 5021: Plugin automatically created a custom post type
    • 5025: Plugin automatically deleted a post
    • 5026: Plugin automatically deleted a page
    • 5027: Plugin automatically deleted a custom post type
  • Other New WordPress Audit Trail Alerts

    • 5031: User updated a theme
    • 2089: User moved an object as a sub-object in a menu
    • 6007: User / website visitor requested a non-existing page (404 ERROR)
  • Improvements

    • Standardized all alerts messages / Improved the text of all of them. Each post / page / custom post type alert has a linkt to the Editor now
2.4.4 2016-06-27

(2016-06-27) =

  • Security fix

    • Fixed a cross-site scripting vulnerability in the function AjaxDisableCustomField()
  • Bug fix

    • Fixed the hide plugin setting which was not working in some scenarios. Support Ticket
2.4.3 2016-06-01

(2016-06-01) =

  • New Add-On Support

    • Included code to support the new Users Sessions Management Add-On, which allows you to see who is logged in to your WordPress and WordPress multisite networks.
  • New Alerts in the WordPress Audit Trail

    • 1004: A login attempt was blocked because a session with the same username already exists
    • 1005: Multiple logged-in sessions for the same WordPress username has been detected
  • Improvement

    • Plugin reports changes when an object is moved as a sub object in a menu.
  • Bug fixes

    • Fixed a problem where wrong permissions were assigned to the reports directory in the uploads directory for the Reports Add-On.
    • Fixed an issue where multiple incorrect changes were reported when changing the structure of a menu Support ticket.
    • Fixed a bug in the settings sensor support ticket.
2.4.2 2016-04-27

(2016-04-26) =

  • Improvement
    • Removed hardcoded memory limit in database connector. Now all database connections are done via AJAX calls hence there is no need for such limits.
2.4.1 2016-04-19

(2016-04-20) =

Read the WP Security Audit Log 2.4 release notes for a detailed overview of what is new in this version.

  • New Features

    • New setting allowing the users to configure the timestamp of the alerts. Read the FAQ How to change the time zone in the WordPress Audit Trial for more information.
  • New WordPress Security Alerts for Content title changes

    • 2086: User changed the title of a post
    • 2087: User changed the title of a page
    • 2088: User changed the title of a custom post type
  • Improvements

    • Implemented AJAX calls for when migrating the WordPress Audit Trail between databases with the External DB add-on
2.4 2016-04-14

(2016-03-28) =

Read the WP Security Audit Log 2.4 release notes for a detailed overview of what is new.

  • New Features

    • Monitoring of WordPress menus changes from both admin pages and theme customizer.
    • New hook that allows users to create their own custom alerts. Read the WP Security Audit Log Custom Alerts documentation for more information.
    • New alerts for when a either a post, a post or a custom post type is scheduled.
  • New WordPress Security Alerts for Menus

    • 2078: User created a new menu
    • 2079: User added objects to menu
    • 2080: User removed object from menu
    • 2081: User deleted a menu
    • 2082: User changed menu settings
    • 2083: USer modified an object in menu
    • 2084: User renamed a menu
    • 2085: User changed the order of the objects in menu
  • New WordPress Security Alerts for Scheduled Items

    • 2074: User scheduled a post for publishing
    • 2075: User scheduled a page for publishing
    • 2076: User scheduled a custom post type for publishing
  • Bug Fixes

    • Fixed an issue where WordPress updated alerts were begin generated repeatedly upon accessing the updates page. Support Ticket
    • Fixed an issue where WordPress pruning was not working in an out of the box installation. Support Ticket
    • Fixed a conflict with Migrate DB. Support Ticket
2.3.3 2016-02-16

(2016-02-16) = * Bug Fixes * Fixed an issue where automated WordPress updates were not being reported. * Improved error handling in database queries.

2.3.2 2016-01-21

(2016-01-21) = * Bug Fix * Fixed an issue with the login/logout sensor reported in this ticket.

2.3.1 2016-01-16

(2016-01-16) = * Improvement * Improved the SQL queries used by the Reports Add-On

2.3 2016-01-11

(2016-01-12) = * New Features * Keep track of changes on bbPress forums. For more detailed information read the WP Security Audit Log 2.3 Release Notes

  • New WordPress Security Alerts

    • 8000: User published a new forum
    • 8001: User changed the status of a forum
    • 8002: User changed the visibility of a forum
    • 8003: User changed the URL of a forum
    • 8004: User changed the order of a forum
    • 8005: User moved forum to trash
    • 8006: User permanently deleted a fourm
    • 8007: User restored a forum from trash
    • 8008: User changed the parent of a forum
    • 8009: User changed the role of forum auto user role
    • 8010: User changed the option for anonymous posting on forum
    • 8011: User changed the forum type
    • 8012: User changed the time setting to disallow editing of posts
    • 8013: User changed the time setting for post throttling
    • 8014: User created new forum topic
    • 8015: User changed the status of a forum topic
    • 8016: User changed the type of a forum topic
    • 8017: User changed the URL of a forum topic
    • 8018: User changed the forum for a topic
    • 8019: User moved a forum topic to trash
    • 8020: User permanently deleted a forum topic
    • 8021: User restored a forum topic from trash
    • 8022: User changed the visibility of a forum topic
  • Improvements

    • Improved the performance / queries of the Audit Log Viewer, hence now it is faster when retrieving alerts from bigger databases
    • Rewritten and improved the reporting engine for the Reports Add-On
  • Bug Fix

    • Fixed an issue where administrators of sub domain websites could see the alerts of other websites from the dashboard widget in a multisite installation. Ticket
2.2 2015-11-26

(2015-11-10) = * New Features * Aded the revision link in content change security alerts allowing you to see the actual content changes that took place on posts, pages and custom post types. Learn More

  • Bug Fixes
    • Fixed an issue where user was allowed to disable all columns in Audit Log Viewer Support ticket. Fix recommendation by Bates College.
2.1.1 2015-10-07

(2015-10-08) = * New WordPress Security Alerts * 2072: User modifies a post that is submitted for review * 2073: Contributor submits a post for review

  • Improvements

    • Added the functionality to search by Alert ID in Search add-on
    • When a background process is reports, plugin now reports "System" as username and not "unkown"
    • Improved the connection checks of the External DB add-on (now it also has a timeout for when incorrect IP / Host is specified)
  • Bug Fixes

    • Fixed an issue in the Reports add-on where not all available users were being listed to generate a report
    • Fixed an issue with licensing notifications - now all licensing notifications will be automatically dismissed upon activating a key.
    • Fixed an issue where the user reset passwords were not being recorded (since 4.3). Ticket
2.1.0 2015-09-09

(2015-09-09) = * New Features * Support for the External DB Add-on. * Integration with WhatIsMyIPAddress.com (Click an IP addresses in Audit Log viewer to get all information about it). * Settings to Incude or exclude specific columns from the Audit Log viewer. * Ability to exclude an IP address from monitoring * New option to disable the reporting of WordPress background tasks (such as deletion of auto draft posts)

  • Bug Fixes
    • Fixed a problem when trying to customize a widget via the theme customizer support ticket.
    • Handling an error that was generated when someone logged in to a WordPress via social media channels.
    • Fixed: incorrect alert generated when a widget is moved from the bottom of a container to another.
    • Fixed: incorrect alert generated when a custom filed is deleted from a page.
    • Fixed an issue where post related actions were not reported for users with author and contributor roles.
    • Fixed an issue where in a specific scenario the settings in the options tabel were duplicate.
2.0.1 2015-08-05

(2015-08-05) = * Minor Change * Launched a new WP Security Audit Log website and updated all relevant links.

2.0.0 2015-07-29

(2015-07-16) = * New Features * New database connector allowing faster and more efficient plugin to WordPress database communication * Added new option to switch the display time of alerts between 24 hour or 12 hour format * Sorting functionality in Audit Log Viewer (sort WordPress security alerts by date & time, code or username)

  • Bug Fixes
    • Fixed issue where super admin roles was not reported when logging in to "sub sites" in WordPress multisite
    • Fixed several formatting issues in the Audit Log Viewer (UI)
    • Fixed issue where multiple plugins were upgraded via the drop down menu and no alerts were being reported
    • Fixed: When unrestricting plugin access from a single admin was not working properly
1.6.1 2015-05-04

(2015-05-04) = * Bug Fixes * Fixed the monitoring of plugin updates for WordPress 4.2 Support Ticket * Fixed an issue where multiple plugin updates triggered by drop down menu were not being reported * Fixed a conflict with Magic Fields 2 plugin Support Ticket * Updated the escaping of add_query_arg() function which could result in a potential XSS

1.6.0 2015-04-16

(2015-04-16) = * New Security Alerts * 5010: plugin created new tables in the WordPress database * 5011: plugin modified the structure of a number of tables in the WordPress database * 5012: plugin deleted tables from the WordPress database * 5013: theme created new tables in the WordPress database * 5014: theme modified the structure of a number of tables in the WordPress database * 5015: theme deleted tables from the WordPress database * 5016: an unknown component created new tables in the WordPress database * 5017: an unknown component theme modified the structure of a number of tables in the WordPress database * 5018: an unknown component theme deleted tables from the WordPress database * 2052: a user changed the parent of a category

1.5.2 2015-04-07

(2015-04-07) = * Bug Fix * Removed a clause which changed the debug log path (used for testing) Support Ticket

1.5.1 2015-03-26

(2015-03-26) = * Improvements * Completely removed the user of the is_admin() function to follow better security practises

  • Bug Fixes
    • Updated the licensing mechanism to correct problem where WP Security Audit Log premium add-ons could not be activated.
    • Fixed several issues where the database tables were not being created during install or upgrade. Support ticket and Support ticket 2
    • Fixed an issue where the plugin did not monitor any activity in specific scenarios. Support ticket and Support ticket 2
    • Removed duplicate options in the settings page. Support ticket
1.5.0 2015-03-18

(2015-03-18) = * New Features * Ability to exclude custom fields from monitoring (custom fields can be excluded from the Audit Log Viewer with a simple click or you can specify them in the settings) * Ability to exclude WordPress users and roles from monitoring

  • Improvements

    • WP Security Audit Log now has its own settings table in WordPress database. This will provide us with more flexibility and have more centralization of data
    • Updated the code where is_admin() function was being used to follow better security practises
  • Bug Fixes

    • Fixed a problem where a PHP exception was being thrown during the activation of the plugin support ticket
1.4.1 2015-03-15

(2015-03-12) = * Bug Fix * Fixed an issue where the IP address was not being reported for anyone using PHP version 5.3.3 or earlier support ticket

1.4 2015-03-15

(2015-02-24) = * New Features * WordPress username is now reported when a failed login is recorded - More Details * Plugin is now available in Romanian thanks to Artmotion

  • Improvements

    • Improved IP Address validation checks - if IP address format is incorrect the plugin reports "incorrect format" and not "unknown" - This will help us improve troubleshooting
    • Alerts pruning options are now added during activation of the plugin, making pruning options more reliable - existing pruning options will be retained
  • Bug Fixes

    • Fixed issue with the option "auto / manual" refresh of Audit Log Viewer
    • Fixed plugin uninstallation process (added new option to purge all plugin data from WordPress database upon uninstall)
1.3.3 2015-01-22

(2015-01-21) = * New Features * Premium Add-ons will be hidden from the WordPress plugins page when the Hide plugin option is enabled.

  • Improvements

    • Updated some of the help text in plugin's settings page
    • Updated the text of some WordPress security alerts
  • Bug Fixes

    • Fixed a bug related to the reverse proxy / IP retrieval functionality
    • Fixed an issue related to Sandbox removal and upgrades Support Ticket
1.3.2 2015-01-05

(2014-12-16) = * New Features and Options * Plugin automatically retrieves user's originating IP address even if WordPress is installed behind a reverse proxy, web application firewall or load balancer. For more information refer to WP Security Audit Log, Reverse Proxies and WAFs * New option to omit internal IP addresses from being reported in the WordPress security audit log

  • Removed Functionality

    • The sandbox was removed from the plugin. If you need to use the sandbox for troubleshooting and tested contact us since we migrated it to a standalone extension.
  • Bug Fixes

    • Fixed a bug where site administrators where not able to view the WordPress security alerts for their sites in a WordPress multisite installation
    • Improved some SQL queries as reported in this support ticket
    • Fixed an issue with alerts pruning (when pruning was set by number of alerts the plugin was pruning all alerts)
1.3.1 2014-12-09

(2014-11-27) = * New WordPress Security Alerts * Alert 2065: The content of published post has been modified * Alert 2066: The content of published page has been modified * Alert 2067: The content of published custom post type has been modified * Alert 2068: The content of a draft post has been modified * Alert 2069: The content of a draft page has been modified * Alert 2070: The content of a draft custom post type has been modified * Alert 2071: Changed the position of a widget in the same container

  • WordPress Security Audit Log Viewer Improvement

    • Removed fixed width from columns, hence now they are dynamically resized depending on your resolution
  • Bug Fixes

    • Fixed an issue where alert 1001 (logout) was generated without a login support ticket
    • Fixed a PHP coding problem / invalid argument issue support ticket
1.3.0 2014-11-24

(2014-10-30) = * New WordPress Security Alerts * Alert 2065: User modified the content of a blog post * Alert 2066: User modified the content of a WordPress page * Alert 2067: User modified the content of a custom post type

  • Improvements
    • We have also improved the code of some of the sensors which monitor the WordPress activity
1.2.9 2014-10-22

(2014-10-21) = * Bug Fix * Fixed an issue with the queries used for the alerts pruning as reported in this support ticket.

1.2.8 2014-10-20

(2014-10-14) = * New Feature * Added new Extensions page to allow users to see which extensions they can use to increase the functionality of the plugin * Included licensing mechanism to support premium extensions

  • Improvements

    • Updated latest language files for German and Italian translations (also include corrections for some old translations)
  • Bug Fixes

    • Fixed a problem with the pruning of WordPress Security Alerts support ticket
    • Fixed pagination issue in the Audit Log Viewer when running on WordPress multisite
1.2.7 2014-09-26

(2014-09-26) = * New Feature * New option "Restrict Plugin Access" that allows WordPress administrators to further restrict access to the plugin and the WordPress security alerts

  • Improvements

    • Updated the Audit Log Viewer backend to retriev WordPress security alerts much faster and consume less resources on large websites
    • Moved the Audit Log plugin menu entry underneath the dashboard entry for better access
    • Several minor enhancements to the plugin to perform better on large WordPress installations
  • Bug Fixes

    • Fixed an uncaught exception with Logout Alert 1001 support ticket
1.2.6 2014-09-04

(2014-08-20) = * Improvements * Several performance improvements and tweaks applied * Updated Italian translations

  • Bug Fixes
    • Fixed an issue with URLs of plugin pages support ticket
    • Fixed an uncaught exception with Logout Alert 1001 support ticket
    • Fixed error on logout issue support ticket
    • Fixed uncaught exception with specific Alert Codes support ticket
1.2.5 2014-08-12

(2014-08-12) = * New Feature * Monitoring of custom fields in WordPress posts, pages and custom post types.

  • New WordPress Security Alerts

    • Alert 2053: User created new custom field in blog post
    • Alert 2054: User modified the value of custom field in blog post
    • Alert 2055: User deleted a custom field in blog post
    • Alert 2062: User renamed custom field in blog post
    • Alert 2059: User created new custom field in page
    • Alert 2060: User modified the value of custom field in page
    • Alert 2061: User deleted custom field from page
    • Alert 2063: User renamed custom field in
    • Alert 2056: User created new custom field in custom post type
    • Alert 2057: User modified the value of custom field in custom post type
    • Alert 2058: User deleted a custom field from custom post type
    • Alert 2064: User renamed custom field in custom post type
  • Improvements

    • Improved the writing and reading of WordPress alerts from the WordPress database (plugin runs more efficiently on high traffic WordPress and WordPress multisite installations)
    • Improved the monitoring of WordPress login and logout actions
    • Applied various plugin performance tweaks
  • Bug Fixes

    • Fixed a specific issue where user and user role where not being reported (ticket)
    • Fixed an error which was being reported during user logout in specific scenarios (ticket)
    • Fixed a CSRF vulnerability reported by Kvin FALCOZ aka 0pc0deFR
1.2.4 2014-08-05

(2014-07-27) = * Improvements * Improved monitoring of failed logins, addressed issues reported here, here, here and here

1.2.3 2014-07-23

(2014-07-23) = * Improvements * Improved database structure for better support of high-traffic WordPress and WordPress multisite installations * Developer options are reset during updates for improved performance * Added a warning / note to the developer options (such options should NEVER be enabled on live websites but only on testing, staging and development websites)

  • Bug Fixes
    • Fixed database issue with primary key constraint
1.2.2 2014-07-18

(2014-07-16) = * New Features * Italian translation available thanks to Leonardo Musumeci

  • Improvements

    • Added a warning to developer options
    • "Hidden" developer options from default settings. User has to click link to access developer plugins
  • Bug Fixes

    • Solved several issues related to translations. Now everything in the plugin is translatable
    • Fixed several other issues reported by email
  • Bug Fix

    • Fixed reported issue with ugrade (more info here)
1.2.1 2014-07-02

(2014-07-2) = * Bug Fix * Fixed reported issue with ugrade (more info here)

1.2.0 2014-07-02

(2014-07-2) = * New Features * Unlimited Alerts can be stored (removed the 5000 alerts limit) * Alert time now includes milliseconds for more precision (ideal for auditing and compliance) * Reported alert time is now relative to user's configured timezone * Alerts automatic pruning procedures can now be enabled / disabled * Option to hide WP Security Audit Log from plugins page in WordPress * If there are more than 15 websites in a multisite installation, an auto complete site search box is shown instead of the drop down menu

  • New WordPress Security Alerts
    • Alert 5007: User has uninstalled / deleted a theme
    • Alert 5008: Super administrator network activated a theme on multisite
    • Alert 5009: Super administrator network deactivated a theme on multisite
1.1.0 2014-06-03

(2014-05-27) = * New Features * User avatar is shown in the alert to allow administrators to easily recognize users and their activity
* Clickable username in alerts allow administrators to access user's profile instantly * User role is reported in alert so administrators can easily track any suspicious behaviour * PHP Version checker; upon installation the plugin will check what version of PHP is installed on the system

  • New WordPress Security Alert for monitoring plugin files

    • Alert 2051: User changed a plugin file using the plugin editor (note: filename and location will also be reported in the alert)
  • Bug fixes

    • Fixed wrapping problem in alerts dashboard widget
    • Fixed upgrade script to properly create the new tables in the WordPress database
1.0 2014-05-20

(2014-05-20) = * Complete plugin rewrite making the new version more stable and scalable

  • New Features

    • New Audit Log viewer
    • Auto refresh of security alerts - WordPress administrators do not need to refresh the Audit Log Viewer page to see new alerts
    • Data Inspector reports more insider information about each alert (can be enabled from settings)
    • Sandbox allows developers to execute PHP code for troubleshooting (can be enabled from settings)
    • Request Log that logs all HTTP GET and POST requests done on WordPress (can be enabled from settings)
    • Logging of PHP Errors; ideal for developers who want to monitor WordPress for any errors (can be enabled from settings)
    • New Support and About Us page that you should check out!
  • New WordPress Security Alerts for monitoring themes, WordPress settings, files and much more...

    • Alert 2046: User modified a file using the editor
    • Alert 2047: User changed parent of page
    • Alert 2048: User changed template of page
    • Alert 2049: User set post as sticky
    • Alert 2050: User removed post from Sticky
    • Alert 5005: User installed a new theme
    • Alert 5006: User activated a theme
    • Alert 6004: User upgraded WordPress
    • Alert 6005: User changed the WordPress permalinks
  • New WordPress Developer Alerts

    • Alert 0000: Unknown error
    • Alert 0001: PHP Error
    • Alert 0002: PHP Warning
    • Alert 0003: PHP Notice
    • Alert 0004: PHP Exception
    • Alert 0005: PHP Shutdown Error
  • For more information about what is new and changed in this version of the plugin refer to the WP Security Audit Log release notes.

0.6.3 2014-05-12

(2014-02-18) = * Bug Fix * Disabled debugging by default (left enabled by mistake)

0.6.2 2014-02-06

(2014-02-03) = * Bug Fix * Fixed a number of database issues introduced with the WordPress Multisite Support * Fixed issue with supporting pre WordPress 3.0 multisite installations (support tickets here and here)

0.6.1 2014-01-22

(2014-01-16) = * Bug Fix * Fixed errors in debug code (used for when debugging is enabled in plugin)

0.6 2014-01-14

(2014-01-15) = * New Plugin Feature * WordPress Multisite Support Read More

  • New WordPress Security Alerts for monitoring specific multisite activity on a WordPress multisite network installation

    • Alert 4008: User is granted super admin privileges (network)
    • Alert 4009: Super admin privileges (network) are revoked from a user
    • Alert 4010: Added an existing user to a site and assigned a specific role
    • Alert 4011: Removed user with a specific role from a site
    • Alert 4012: New user created on the network
    • Alert 7000: Added a new site to network
    • Alert 7001: A site was archived
    • Alert 7002: A site was unarchived
    • Alert 7003: A site was activated
    • Alert 7004: A site was deactivated
    • Alert 7005: A site was deleted
  • Plugin Improvements

    • Plugin settings page to have the same look and feel of the new WordPress dashboard (3.8)
0.5.1 2013-12-14

(2013-12-11) = * Bug Fix * Fixed an issue with Edit Post function (in very specific cases) (http://wordpress.org/support/topic/was-working-great-no-post-edit-function-now)

0.5 2013-11-06
  • New WordPress Security Alerts for monitoring of Widgets

    • Alert 2042: New widget was added
    • Alert 2043: A widget was modified
    • Alert 2044: A widget was deleted
    • Alert 2045: A widget was moved
  • New Plugin Features

    • New setting to allow specific user(s) and role(s) to view the Audit Log Viewer (read only)
    • New setting to allow specific user(s) and role(s) to manage the WP Security Audit Log plugin (can change plugin settings, enable disable WordPress security alerts etc)
  • Plugin Improvements

    • Renamed "login/logout" tab in "Enable/Disable Alerts" section to plugins to "Other User Activity"
    • Added the files alerts (uploaded / delete files) to the "Enable/Disable Alerts" (previously unavailable)
  • Bug Fixes

    • Fixed issue where all users were able to see the Dashboard widgets with security alerts - now restricted only to users who have access to the plugin
    • Fixed user reported issue (http://wordpress.org/support/topic/errors-on-enabledisable-alerts-page)
0.4 2013-10-09
  • New WordPress Security Alerts for Custom Post Types

    • Alert 2029: New post with custom post type created and saved as draft
    • Alert 2030: Post with custom post type is publishes
    • Alert 2031: A published post with custom post type is modified
    • Alert 2032: A draft post with custom post type is modified
    • Alert 2033: A post with custom post type was permanently deleted
    • Alert 2034: A post with custom post type was moved to trash
    • Alert 2035: A post with custom post type was restored from trash
    • Alert 2036: The category of a post with custom post type was changed
    • Alert 2037: The URL of a post with custom post type was changed
    • Alert 2038: The author of a post with custom post type was changed
    • Alert 2039: The status of a post with custom post type was changed
    • Alert 2040: The visibility of a post with custom post type was changed
    • Alert 2041: The date of a post with custom post type was changed
  • New Plugin Features

    • Enable/Disable Alerts node that allows WordPress administrators to switch on or off specific WordPress security alerts
    • Dashboard widget that shows the latest 5 WordPress security alerts (widget can be switched on or off from the plugin settings)
    • Plugin is now language aware and we can accept translations
  • Plugin Improvements

    • Updated settings page to have the same look and feel of WordPress
    • Improved the upgrade procedure of the plugin
    • Updated the Audit Log Viewer display to support more resultions such as those of tables and smartphones
0.3 2013-09-19
  • New WordPress Security Alerts

    • Alert 6001: Anyone can Register option in WordPress settings was changed
    • Alert 6002: Default use role in WordPress settings was changed
    • Alert 6003: Administrator notification email in WordPress settings was changed
    • Alert 2025: Visibility of a blog post was changed
    • Alert 2026: Visibility of a page was changed
    • Alert 2027: Date of a blog post was changed
    • Alert 2028: Date of a page was changed
  • Plugin Improvements

    • Links to the Audit Log Viewer and Settings in the plugin summary page
    • Time of Failed Login alerts now reflects the time of last failed login attempt
  • Bug Fixes

    • Fixed: Incorrect alerts generated when author of page was changed from quick edit mode
    • Fixed: Conflict with WP Mandrill and other plugins using pluggable.php
    • Fixed: Incorrect alerts generated when plugin is installed via a zip file / upload method
0.2 2013-08-29
  • Restricted plugin options and WordPress Audit Log Event Viewer only to WordPress administrators
  • Improved failed logins events (events generated from the same IP, or same username will be grouped to avoid mass flooding of security events)
  • Security Events pruning now uses wp-cron functionality (improved stability and reliability of events pruning)
  • Applied several performance improvements (faster loading of events etc)
  • Added support for permalinks; now events will include page or blog post URL rather than ID
  • Added new alerts for when a page or blog post status is changed from draft, pending review or published
  • Added new alert for when a page or blog post URL or author is changed
  • Added new alert for when a blog post category is changed
  • Added new alerts for when a user creates or deletes a category
  • Added new alert for when the author of a blog post or page is changed
  • Added new plugin alerts for when a plugin is installed, uninstalled or upgraded
  • Updated navigation menu to use standard WordPress dashboard icons etc
0.1 2013-07-04
  • Initial beta release of WP Security Audit Log.